OSN April 20, 2021

Fortify Security Team
Apr 20, 2021

Title: Hundreds of Networks Reportedly Hacked In Codecov Supply-Chain Attack
Date Published: April 20, 2021


Excerpt: “Codecov has over 29,000 customers, including prominent names like GoDaddy, Atlassian, The Washington Post, Procter & Gamble (P & G), making this a noteworthy supply-chain incident. A simple search for the link to Codecov’s compromised Bash Uploader script revealed thousands of projects that were or are using the script.”

Title: Crooks Stole Driver’s License Numbers From Geico Auto Insurer
Date Published: April 20, 2021


Excerpt: “Geico, the second-largest auto insurer in the U.S., has suffered a data breach, threat actors exploited a now-fixed bug in their website to steal the driver’s licenses for policyholders for several weeks. The auto insurer revealed that attackers used information obtained from other data breaches to obtain info on its policyholders. The company fears that crooks could use the driver’s license number to apply for unemployment benefits on behalf of the policy holder’s name.”

Title: Facebook Messenger Users Targeted by a Large-Scale Scam
Date Published: April 20, 2021


Excerpt: “To facilitate the moderation process in Facebook and bypass its scam filters, scammers used shortened links created with the help of such services as linktr[.]ee, bit[.]ly, cutt[.]us, cutt[.]ly, and rb[.]gy. After clicking on the link that is supposed to lead to the download of the app’s updated version, the user finds themselves on a fake Facebook Messenger website with a login form, where they’re asked to enter their credentials.”

Title: 120 Compromised Ad Servers Target Millions of Internet Users
Date Published: April 20, 2021


Excerpt: “Specifically, the websites that receive an ad through a hacked server carries out client-side fingerprinting to deliver a second-stage JavaScript payload — click tracker ads — when certain checks are satisfied, that then redirect users to malicious websites, aiming to lure the visitors to an app store listing for fake security, safety, or VPN apps, which come with hidden subscription costs or hijack the traffic for other nefarious purposes.”

Title: Attackers Test Weak Passwords in Purple Fox Malware Attacks
Date Published: April 19, 2021


Excerpt: “Researchers with Specops also say these attacks created a global honeypot system to collect information on what these SMB attacks look like and the kind of passwords attackers are using. The team analyzed more than 250,000 attacks on the SMB protocol over a period of 30 days. In that time, “password” was seen used in attacks more than 640 times, they report.”

Title: Israel Launches ‘Stuxnet 3.0’ On Iran 
Date Published: April 19, 2021


Excerpt: “While Nation-State cyber attacks aren’t typically affecting small or medium-sized businesses themselves, citizens should be concerned about what’s happening considering Iran’s capabilities. In January of 2020, the Department of Homeland Security put out an alert notifying citizens of potential cyber-attacks from Iran. This followed heightened tensions between the US and Iran following a drone strike that took out a notorious Iranian military leader. Some cybersecurity experts put Iran’s cyberwarfare capabilities right behind Russia and China.”

Title: Lazarus Hacking Group Now Hides Payloads in BMP Image Files
Date Published: April 20, 2021


Excerpt: “The attack chain begins with a phishing Microsoft Office document (???????.doc) and a lure in the Korean language. Intended victims are asked to enable macros in order to view the file’s content, which, in turn, triggers a malicious payload. The macro brings up a pop-up message which claims to be an old version of Office, but instead, calls an executable HTA file compressed as a zlib file within an overall PNG image file.”

Title: Google’s Project Zero To Wait Longer Before Disclosing Bug Details
Date Published: April 19, 2021


Excerpt: “Moving to a “90+30” model allows us to decouple time to patch from patch adoption time, reduce the contentious debate around attacker/defender trade-offs and the sharing of technical details, while advocating to reduce the amount of time that end users are vulnerable to known attacks,” Willis concluded. Project Zero is known for a number of high-profile disclosures; a few months ago, the team reported multiple zero-days affecting Chrome, Windows and Apple.”

Title: Experts Demonstrated How to Hack a Utility and Take Over a Smart Meter
Date Published: April 19, 2021


Excerpt: “Mandiant’s red team initially targeted the external-facing IT network, then attempted to gain access to the OT network. Mandiant launched a spear-phishing attack to gain a foothold in the target enterprise network. The experts used a combination of two different phishing scenarios: Embedded link for a malicious file hosted on a Mandiant owned domain on the Internet Email attachment for a Microsoft Office document with auto – executable macro code With this approach, the red team achieved code execution on a user workstation in the enterprise environment.”

Title: Windows 10’s Multitasking Feature Is Getting Downgraded
Date Published: April 19, 2021


Excerpt: “In the release notes of Build 21359, Microsoft noted that Windows 10’s Timeline activity history sync support is no longer available for those with a Microsoft account. It will still work if you use ADD-connected accounts, but you can no longer sync activities across devices when they’re connected to a Microsoft account. Timeline and local activity history will remain on Windows 10, which means Timeline is not being discontinued, at least for now.”

Recent Posts

January 14, 2022

Title: Android users can now disable 2G to block Stingray attacks Date Published: January 13, 2022 https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Excerpt: "Google has finally rolled out an option on Android...

November 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks Date Published: November 23, 2021 https://www.infosecurity-magazine.com/news/4000-uk-retailers-compromised/ Excerpt: “UK government security experts have been forced to notify over 4000 domestic online...

November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...