OSN April 19, 2021

Fortify Security Team
Apr 19, 2021

Title: The FBI Removed Hacker Backdoors From Vulnerable Microsoft Exchange Servers. Not Everyone Likes the Idea

Date Published: April 19, 2021


Excerpt: “In this case, accessing the networks was deemed appropriate by the courts in order to remove backdoors planted by malicious hackers and to protect the organizations from cyberattacks – but Brumley fears what he described as a “slippery slope”. “We don’t want a future where the FBI determines someone may be vulnerable, and then uses that as a pretext to gain access. Remember: the FBI has both a law enforcement and intelligence mission. It would be the same as a police officer thinking your door isn’t locked, and then using that as a pretext to enter,” he says.”

Title: FIN7 Sysadmin Gets 10 Years Behind Bars

Date Published: April 19, 2021


Excerpt: “Ukrainian national Fedir Hladyr, 35, was manager and sysadmin for FIN7 (aka Carbanak), which is believed to have made a fortune from targeting banks, restaurants, gambling and hospitality firms. The campaign which Hladyr has been linked to involved the compromise of thousands of computer systems internationally, including all 50 US states and the District of Columbia. According to court documents, the gang stole 20 million customer card records from over 6,500 individual point-of-sale (PoS) terminals at more than 3,600 separate business locations, causing billions in damages at firms including Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin, and Jason’s Deli.”

Title: Nitro ransomware Demands Gift Codes as Ransom Payments

Date Published: April 19, 2021


Excerpt: “In case the victims will not provide the Nitro gift code within three hours, the ransomware threatens to delete their encrypted files. In case the victims will provide a valid Nitro gift code URL, the ransomware will use a Discord API URL to verify it and then will use an embedded static decryption key to decrypt the files. The ransomware operators have chosen this payment method because it is quite easy for them to cash out by selling the Discord gift cards in the underground marketplaces and hacking forums.”

Title: Is Bazarloader Malware Linked to Trickbot Operators?

Date Published: April 18, 2021


Excerpt: “The phishing messages include links pointing to Slack or BaseCamp cloud storage, for this reason, they don’t raise suspicion when they are received by employees working at an organization that uses the above services. The URL could be also obfuscated by using a URL shortening service to hide the fact that it points to a file with an .exe extension. Upon clicking on the link, the BazarLoader malware will be downloaded and executed on the victim’s machine.”

Title: Microsoft Fixes Windows 10 Bug That Can Corrupt NTFS Drives

Date Published: April 17, 2021


Excerpt: “Threat actors could also use the bug to force a crash of a breached system to hide their activities. While the error generated by the bug stated the drive was corrupted, Microsoft clarified that volume was only marked as dirty, and a reboot and chkdsk would quickly mark it as clean. Unfortunately, in one of our and other people’s tests, chkdsk did not fix the issue, and Windows 10 refused to boot again.”

Title: 82% Data Has Been Left Unencrypted in Public Server in the Cloud

Date Published: April 19, 2021


Excerpt: “After analyzing more than 1 million cloud resources, processing 12 petabytes of network traffic, and dug for flaws in public cloud infrastructure, it has been found that 4.8 million records, including Personally Identifiable Information (PII) and Protected Health Information (PHI), were exposed because of the access control and encryption aren’t enforced in secure cloud service.”

Title: Mandiant Front Lines: How to Tackle Exchange Exploits

Date Published: April 16, 2021


Excerpt: “This incident should serve as a wake-up call that information security is a responsibility for all of us, and we should do what we can to help as many people as we can, if we have the means. For organizations running Exchange Server but are currently in that “what do I do now?” phase, we’ve designed the following informative checklist. The purpose of this list is not to accuse or cast blame, but to inform.”

Title: Ryuk Ransomware Operation Updates Hacking Techniques

Date Published: April 16, 2021


Excerpt: “Among the newer techniques the researchers saw in Ryuk ransomware attacks was the use of KeeThief, an open-source tool for extracting credentials from KeePass password manager. KeeThief works by extracting key material (e.g. master password, key file) from the memory of a running KeePass process with an unlocked database. Another tactic was to deploy a portable version of Notepad++ to run PowerShell scripts on systems with PowerShell execution restriction, Kremez says.”

Title: Major BGP Leak Disrupts Thousands of Networks Globally

Date Published: April 17, 2021


Excerpt: “But, BGP is fragile, and any disruptions or anomalies in even a few intermediary systems can have a lasting impact on many. For the Internet to work, different devices (autonomous systems) advertise the IP prefixes they manage and the traffic they are able to route. However, this is largely a trust-based system with the assumption that every device is telling the truth. Given the massive interconnected nature of the Internet, it is hard to enforce honesty on every single device present on the network.”

Title: Critical RCE Can Allow Attackers to Compromise Juniper Networks Devices

Date Published: April 16, 2021


Excerpt: “The flaw can be exploited by a remote, unauthenticated attacker to execute arbitrary code of a vulnerable device or to trigger a DoS condition. The vulnerability can be exploited by sending specially crafted packets to the targeted system. The flaw was reported by security researchers Nguyen Hoàng Thach, aka d4rkn3ss, from cybersecurity company STAR Labs. An attacker could trigger the flaw to install a backdoor on a vulnerable device or to change its configuration.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...