OSN April 23, 2021

Fortify Security Team
Apr 26, 2021

Title: REvil’s Big Apple Ransomware Gambit Looks to Pay Off
Date Published: April 23, 2021

https://threatpost.com/revil-apple-ransomware-pay-off/165570/

Excerpt: “Digital Shadows analyst and Russian-language underground forum expert Austin Merritt recently explained during a Threatpost roundtable event that even if there’s no state sponsorship directly, there is an operating agreement between these threat actor groups within Russia, like REvil, that they can conduct their operations from the country but need to direct their attacks outside Russian borders. He added that these groups can act with impunity against the West without fear of law enforcement or extradition, leaving them free to grow their operations.”

Title: Last Chance for Forensics Teams Ahead of Emotet Sunday Deadline
Date Published: April 23, 2021

https://www.infosecurity-magazine.com/news/last-chance-forensics-teams-emotet/

Excerpt: “This leaves security teams with only a few more days to uncover Emotet artifacts and whether their organization has been compromised by Emotet, as well as to establish whether other related malware exists on their networks. Unless proper forensic analysis is conducted now, security teams will miss a unique opportunity to identify malware strains that may have the same MO as Emotet, leaving them in a weaker position to defend against future attacks.”

Title: Ransomware’s Perfect Target: Why One Industry Needs To Improve Cybersecurity, Before It’s Too Late
Date Published: April 23, 2021

https://www.zdnet.com/article/ransomwares-perfect-target-why-one-industry-needs-to-improve-cybersecurity-before-its-too-late/

Excerpt: “Shipping and logistic companies have vast networks – but there are cybersecurity procedures that can improve their defenses against cyberattacks. These include securing port and network configuration so that default or easy-to-guess credentials aren’t used and to, where possible, secure the accounts with two-factor authentication. Ransomware gangs don’t hide what they’re doing: they hit remote desktop protocol (RDP) and other remote desktop ports. Especially in a time when many companies set up remote desktops for remote workers, this is a critical issue.”

Title: 3.2 Million Data Records Exposed for Drivesure Clients
Date Published: April 23, 2021

https://titanhq.medium.com/3-2-million-data-records-exposed-for-drivesure-clients-180f1933191d

Excerpt: “There was an unusual twist to this attack, as most attackers steal data for profit, except in this case the attacker updated the entire database of stolen data for free and without request for money, which has left the attackers motive unknown. The training site for car dealerships had customers’ identifiable information, such as full names, addresses vehicle VIN numbers and other important information, including large corporate accounts and military addresses on MySQL database. The data was uploaded to several hacking forums.”

Title: Darkside Ransomware Gang Aims At Influencing the Stock Price of Their Victims
Date Published: April 23, 2021

https://securityaffairs.co/wordpress/117130/malware/darkside-ransomware-stock-price.html

Excerpt: “The ransomware gang aims at making pressure on the companies threatening them to leak information that could have a negative impact on their stock price, making it possible for traders to make a profit from the fall of the stock prices. This is an unprecedented tactic in the cybercrime ecosystem.”

Title: King Island Connectivity Upgrade To Include 110km Radio Link Across Bass Strait
Date Published: April 21, 2021

https://www.zdnet.com/article/king-island-connectivity-upgrade-to-include-110km-radio-link-across-bass-strait/

Excerpt: “When completed, a 110-kilometre radio link from King Island back to Victoria’s Surf Coast will be the longest such link over water in the Telstra network, the company said on Friday. The new link is part of a AU$9.8 million connectivity upgrade for King Island that will see the island get a six-fold improvement in bandwidth. The project will see two new mobile sites, two new small cell sites, and LTE upgrades at another three sites, as well as 37 kilometres of fibre laid on the island.”

Title: Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion
Date Published: April 22, 2021

https://thehackernews.com/2021/04/hackers-exploit-vpn-flaw-to-deploy.html

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of a new advanced persistent threat (APT) that’s leveraging the Supernova backdoor to compromise SolarWinds Orion installations after gaining access to the network through a connection to a Pulse Secure VPN device.”

Title: New CISA Advisories Warn of ICS Vulnerabilities
Date Published: April 22, 2021

https://beta.darkreading.com/vulnerabilities-threats/new-cisa-advisories-warn-of-ics-vulnerabilities

Excerpt: “The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) today issued ICS advisories for vulnerabilities in the Horner Automation Cscape software and the Mitsubishi Electric GOT. Cscape, a control system application programming software, has two flaws affecting all versions prior to 9.90 SP4. One of these (CVE-2021-22678) exists when the application doesn’t properly validate user-supplied data when parsing project files and could lead to memory corruption.”

Title: Mount Locker Ransomware Aggressively Changes Up Tactics
Date Published: April 22, 2021

https://threatpost.com/mount-locker-ransomware-changes-tactics/165559/

Excerpt: “More recent campaigns have jazzed things up with new batch scripts, researchers noted. These are designed to disable detection and prevention tools. [This] indicates that Mount Locker is increasing its capabilities and is becoming a more dangerous threat,” according to Schmitt. These scripts were not just blanket steps to disable a large swath of tools, they were customized and targeted to the victim’s environment”

Title: University Suspends Project After Researchers Submitted Vulnerable Linux Patches
Date Published: April 22, 2021

https://www.darkreading.com/application-security/university-suspends-project-after-researchers-submitted-vulnerable-linux-patches/d/d-id/1340799

Excerpt: “The University of Minnesota has suspended a research project after complaints that two student researchers submitted intentionally vulnerable code to the maintainers of the Linux kernel as a way to investigate whether supply chain integrity issues affected the widely used Linux ecosystem.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...