OSN April 20, 2021

Fortify Security Team
Apr 20, 2021

Title: Hundreds of Networks Reportedly Hacked In Codecov Supply-Chain Attack
Date Published: April 20, 2021


Excerpt: “Codecov has over 29,000 customers, including prominent names like GoDaddy, Atlassian, The Washington Post, Procter & Gamble (P & G), making this a noteworthy supply-chain incident. A simple search for the link to Codecov’s compromised Bash Uploader script revealed thousands of projects that were or are using the script.”

Title: Crooks Stole Driver’s License Numbers From Geico Auto Insurer
Date Published: April 20, 2021


Excerpt: “Geico, the second-largest auto insurer in the U.S., has suffered a data breach, threat actors exploited a now-fixed bug in their website to steal the driver’s licenses for policyholders for several weeks. The auto insurer revealed that attackers used information obtained from other data breaches to obtain info on its policyholders. The company fears that crooks could use the driver’s license number to apply for unemployment benefits on behalf of the policy holder’s name.”

Title: Facebook Messenger Users Targeted by a Large-Scale Scam
Date Published: April 20, 2021


Excerpt: “To facilitate the moderation process in Facebook and bypass its scam filters, scammers used shortened links created with the help of such services as linktr[.]ee, bit[.]ly, cutt[.]us, cutt[.]ly, and rb[.]gy. After clicking on the link that is supposed to lead to the download of the app’s updated version, the user finds themselves on a fake Facebook Messenger website with a login form, where they’re asked to enter their credentials.”

Title: 120 Compromised Ad Servers Target Millions of Internet Users
Date Published: April 20, 2021


Excerpt: “Specifically, the websites that receive an ad through a hacked server carries out client-side fingerprinting to deliver a second-stage JavaScript payload — click tracker ads — when certain checks are satisfied, that then redirect users to malicious websites, aiming to lure the visitors to an app store listing for fake security, safety, or VPN apps, which come with hidden subscription costs or hijack the traffic for other nefarious purposes.”

Title: Attackers Test Weak Passwords in Purple Fox Malware Attacks
Date Published: April 19, 2021


Excerpt: “Researchers with Specops also say these attacks created a global honeypot system to collect information on what these SMB attacks look like and the kind of passwords attackers are using. The team analyzed more than 250,000 attacks on the SMB protocol over a period of 30 days. In that time, “password” was seen used in attacks more than 640 times, they report.”

Title: Israel Launches ‘Stuxnet 3.0’ On Iran 
Date Published: April 19, 2021


Excerpt: “While Nation-State cyber attacks aren’t typically affecting small or medium-sized businesses themselves, citizens should be concerned about what’s happening considering Iran’s capabilities. In January of 2020, the Department of Homeland Security put out an alert notifying citizens of potential cyber-attacks from Iran. This followed heightened tensions between the US and Iran following a drone strike that took out a notorious Iranian military leader. Some cybersecurity experts put Iran’s cyberwarfare capabilities right behind Russia and China.”

Title: Lazarus Hacking Group Now Hides Payloads in BMP Image Files
Date Published: April 20, 2021


Excerpt: “The attack chain begins with a phishing Microsoft Office document (???????.doc) and a lure in the Korean language. Intended victims are asked to enable macros in order to view the file’s content, which, in turn, triggers a malicious payload. The macro brings up a pop-up message which claims to be an old version of Office, but instead, calls an executable HTA file compressed as a zlib file within an overall PNG image file.”

Title: Google’s Project Zero To Wait Longer Before Disclosing Bug Details
Date Published: April 19, 2021


Excerpt: “Moving to a “90+30” model allows us to decouple time to patch from patch adoption time, reduce the contentious debate around attacker/defender trade-offs and the sharing of technical details, while advocating to reduce the amount of time that end users are vulnerable to known attacks,” Willis concluded. Project Zero is known for a number of high-profile disclosures; a few months ago, the team reported multiple zero-days affecting Chrome, Windows and Apple.”

Title: Experts Demonstrated How to Hack a Utility and Take Over a Smart Meter
Date Published: April 19, 2021


Excerpt: “Mandiant’s red team initially targeted the external-facing IT network, then attempted to gain access to the OT network. Mandiant launched a spear-phishing attack to gain a foothold in the target enterprise network. The experts used a combination of two different phishing scenarios: Embedded link for a malicious file hosted on a Mandiant owned domain on the Internet Email attachment for a Microsoft Office document with auto – executable macro code With this approach, the red team achieved code execution on a user workstation in the enterprise environment.”

Title: Windows 10’s Multitasking Feature Is Getting Downgraded
Date Published: April 19, 2021


Excerpt: “In the release notes of Build 21359, Microsoft noted that Windows 10’s Timeline activity history sync support is no longer available for those with a Microsoft account. It will still work if you use ADD-connected accounts, but you can no longer sync activities across devices when they’re connected to a Microsoft account. Timeline and local activity history will remain on Windows 10, which means Timeline is not being discontinued, at least for now.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...