OSN April 19, 2021

Fortify Security Team
Apr 19, 2021

Title: The FBI Removed Hacker Backdoors From Vulnerable Microsoft Exchange Servers. Not Everyone Likes the Idea

Date Published: April 19, 2021


Excerpt: “In this case, accessing the networks was deemed appropriate by the courts in order to remove backdoors planted by malicious hackers and to protect the organizations from cyberattacks – but Brumley fears what he described as a “slippery slope”. “We don’t want a future where the FBI determines someone may be vulnerable, and then uses that as a pretext to gain access. Remember: the FBI has both a law enforcement and intelligence mission. It would be the same as a police officer thinking your door isn’t locked, and then using that as a pretext to enter,” he says.”

Title: FIN7 Sysadmin Gets 10 Years Behind Bars

Date Published: April 19, 2021


Excerpt: “Ukrainian national Fedir Hladyr, 35, was manager and sysadmin for FIN7 (aka Carbanak), which is believed to have made a fortune from targeting banks, restaurants, gambling and hospitality firms. The campaign which Hladyr has been linked to involved the compromise of thousands of computer systems internationally, including all 50 US states and the District of Columbia. According to court documents, the gang stole 20 million customer card records from over 6,500 individual point-of-sale (PoS) terminals at more than 3,600 separate business locations, causing billions in damages at firms including Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin, and Jason’s Deli.”

Title: Nitro ransomware Demands Gift Codes as Ransom Payments

Date Published: April 19, 2021


Excerpt: “In case the victims will not provide the Nitro gift code within three hours, the ransomware threatens to delete their encrypted files. In case the victims will provide a valid Nitro gift code URL, the ransomware will use a Discord API URL to verify it and then will use an embedded static decryption key to decrypt the files. The ransomware operators have chosen this payment method because it is quite easy for them to cash out by selling the Discord gift cards in the underground marketplaces and hacking forums.”

Title: Is Bazarloader Malware Linked to Trickbot Operators?

Date Published: April 18, 2021


Excerpt: “The phishing messages include links pointing to Slack or BaseCamp cloud storage, for this reason, they don’t raise suspicion when they are received by employees working at an organization that uses the above services. The URL could be also obfuscated by using a URL shortening service to hide the fact that it points to a file with an .exe extension. Upon clicking on the link, the BazarLoader malware will be downloaded and executed on the victim’s machine.”

Title: Microsoft Fixes Windows 10 Bug That Can Corrupt NTFS Drives

Date Published: April 17, 2021


Excerpt: “Threat actors could also use the bug to force a crash of a breached system to hide their activities. While the error generated by the bug stated the drive was corrupted, Microsoft clarified that volume was only marked as dirty, and a reboot and chkdsk would quickly mark it as clean. Unfortunately, in one of our and other people’s tests, chkdsk did not fix the issue, and Windows 10 refused to boot again.”

Title: 82% Data Has Been Left Unencrypted in Public Server in the Cloud

Date Published: April 19, 2021


Excerpt: “After analyzing more than 1 million cloud resources, processing 12 petabytes of network traffic, and dug for flaws in public cloud infrastructure, it has been found that 4.8 million records, including Personally Identifiable Information (PII) and Protected Health Information (PHI), were exposed because of the access control and encryption aren’t enforced in secure cloud service.”

Title: Mandiant Front Lines: How to Tackle Exchange Exploits

Date Published: April 16, 2021


Excerpt: “This incident should serve as a wake-up call that information security is a responsibility for all of us, and we should do what we can to help as many people as we can, if we have the means. For organizations running Exchange Server but are currently in that “what do I do now?” phase, we’ve designed the following informative checklist. The purpose of this list is not to accuse or cast blame, but to inform.”

Title: Ryuk Ransomware Operation Updates Hacking Techniques

Date Published: April 16, 2021


Excerpt: “Among the newer techniques the researchers saw in Ryuk ransomware attacks was the use of KeeThief, an open-source tool for extracting credentials from KeePass password manager. KeeThief works by extracting key material (e.g. master password, key file) from the memory of a running KeePass process with an unlocked database. Another tactic was to deploy a portable version of Notepad++ to run PowerShell scripts on systems with PowerShell execution restriction, Kremez says.”

Title: Major BGP Leak Disrupts Thousands of Networks Globally

Date Published: April 17, 2021


Excerpt: “But, BGP is fragile, and any disruptions or anomalies in even a few intermediary systems can have a lasting impact on many. For the Internet to work, different devices (autonomous systems) advertise the IP prefixes they manage and the traffic they are able to route. However, this is largely a trust-based system with the assumption that every device is telling the truth. Given the massive interconnected nature of the Internet, it is hard to enforce honesty on every single device present on the network.”

Title: Critical RCE Can Allow Attackers to Compromise Juniper Networks Devices

Date Published: April 16, 2021


Excerpt: “The flaw can be exploited by a remote, unauthenticated attacker to execute arbitrary code of a vulnerable device or to trigger a DoS condition. The vulnerability can be exploited by sending specially crafted packets to the targeted system. The flaw was reported by security researchers Nguyen Hoàng Thach, aka d4rkn3ss, from cybersecurity company STAR Labs. An attacker could trigger the flaw to install a backdoor on a vulnerable device or to change its configuration.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...