OSN April 16, 2021

Fortify Security Team
Apr 16, 2021

Title: Celsius Email System Suffers Security Breach
Date Published: April 16, 2021


Excerpt: “An April 15th update says that as an aftermath of the security breach, some Celsius customers have received emails and texts directing them to a malicious website masquerading as the Celsius platform. The posts claim the link would direct them to a new Celsius web wallet, claiming to offer $500 to users who create a wallet using the link.”

Title: Russia-Linked Apt SVR Actively Targets These 5 Flaws
Date Published: April 16, 2021


Excerpt: “NSA, CISA, and FBI are aware that the United States Government, critical infrastructure (including Defense Industrial Base), and allied networks are consistently scanned, targeted, and exploited by Russian state-sponsored cyber actors. NSA, CISA, and FBI recommend that critical system owners prioritize the following mitigation actions to mitigate the loss of sensitive information that could impact U.S. policies, strategies, plans, ongoing operations, and competitive advantage.” concludes the advisory.”

Title: Morpheus Turns a CPU Into a Rubik’s Cube to Defeat Hackers
Date Published: April 13, 2021


Excerpt: “A total of 10 vulnerabilities were uncovered among the five processors developed for SSITH, but none of those weak points were found in the University of Michigan processor, called Morpheus. Michigan professor of electrical engineering and computer science Todd Austin explained what makes Morpheus so puzzling for hackers to penetrate.”

Title: Compromising Operating Systems Through Fake Software Updates
Date Published: April 16, 2021


Excerpt: “As computer users become more virus-aware, malware authors are now attempting to dupe users into downloading their malicious software by masking it as a legitimate software update. Most users are aware that it is important to keep computer applications up to date in order to avoid being a victim of the malware.”

Title: Five Signs Ransomware Is Becoming an Industry
Date Published: April 16, 2021


Excerpt: “Not content with its innovative victim-pressuring tactics, the DarkSide ransomware gang has forged ahead with DarkSide Leaks, a professional-looking website that could well be that of an online service provider, and is using traditional marketing techniques. What follows are the five most illustrative examples of one gang’s transformation from an underground criminal group to an enterprise.”

Title: Malware and Scammers Are Now Targeting the Popular NFT Marketplace Rarible
Date Published: April 16, 2021


Excerpt: “A non-fungible token (NFT) is a unit of data stored on a digital ledger, called a blockchain, that certifies a digital asset to be unique and therefore not exchangeable. NFTs can be utilized to represent items such as photographs, videos, audio, and other types of digital files. Even if copies of these digital items are accessible for anyone to get, NFTs are tracked on blockchains to provide the owner with evidence of ownership.”

Title: Watchdog Thinks Google Tricked Australians Into Giving Up Data, Sues. Judge Semi-Agrees
Date Published: April 16, 2021


Excerpt: “For Google to not collect a device’s location data, the user needed to let their wishes be known in both the “Location History” and the “Web & App Activity” setting segments. In its case, which it first brought against the web search giant in July 2020, the Australian Competition and Consumer Commission (ACC) had argued that Google did not adequately publicise the secondary setting requirement.”

Title: Lazarus BTC Changer. Back in Action With JS Sniffers Redesigned To Steal Crypto
Date Published: April 16, 2021


Excerpt: “In the last five years, JavaScript sniffers have grown into one of the most dangerous threats for e-commerce businesses. The simple nature of such attacks combined with the use of malicious JavaScript code for intercepting payment data attract more and more cybercriminals, and JS-sniffers became one of the most prominent sources of stolen bank cards on underground markets. However, in one recent campaign we saw a big step forward in attacks on e-commerce websites involving JS-sniffers.”

Title: Gafgyt Botnet Lifts DDoS Tricks from Mirai
Date Published: April 15, 2021


Excerpt: “Gafgyt (a.k.a. Bashlite) is a botnet that was first uncovered in 2014. It targets vulnerable internet of things (IoT) devices like Huawei routers, Realtek routers and ASUS devices, which it then uses to launch large-scale distributed denial-of-service (DDoS) attacks. It also often uses known vulnerabilities such as CVE-2017-17215 and CVE-2018-10561 to download next-stage payloads to infected devices.”

Title: PhishGun: How Phishing Attacks From Services Like Mailgun Bypass Microsoft 365 Security
Date Published: April 16, 2021


Excerpt: “In a span of four days, Avanan researchers saw more than 3,000 distinct phishing campaigns coming from IP addresses belonging to Mailgun. What’s unique about Mailgun that makes it a very compelling phishing platform for hackers is that the service allows users to set a different field in the “From” and “Sender” fields of the email headers. This is one way the attack confuses and gets past Microsoft. This is excellent for carrying out impersonation attacks.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...