OSN April 26, 2021

Fortify Security Team
Apr 26, 2021

Title: Emotet Malware Nukes Itself Today From All Infected Computers Worldwide

Date Published:  April 25, 2021


Excerpt:  “Emotet, one of the most dangerous email spam botnets in recent history, is being uninstalled today from all infected devices with the help of a malware module delivered in January by law enforcement.  The botnet’s takedown is the result of an international law enforcement action that allowed investigators to take control of the Emotet’s servers and disrupt the malware’s operation.”

Title: Hacker Leaks 20 Million Alleged BigBasket User Records for Free

Date Published:  April 26, 2021


Excerpt:  “A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum.  BigBasket is a popular Indian online grocery delivery service that allows people to shop online for food and deliver it to their homes.  This morning, a well-known seller of data breaches known as ShinyHunters posted a database for free on a hacker forum that he claims was stolen from BigBasket.”

Title: QNAP NAS Devices Under Ransomware Attack

Date Published:  April 26, 2021


Excerpt:  “QNAP NAS device owners are once again under attack by ransomware operators, who are exploiting a recently fixed vulnerability to lock data on vulnerable devices by using the 7-Zip open-source file archiver utility.  CVE-2020-2509, a command injection vulnerability in QTS and QuTS hero, and CVE-2020-36195, an SQL injection vulnerability affecting QNAP NAS running Multimedia Console or the Media Streaming add-on.”

Title: Prometei Botnet is Targeting ProxyLogon Microsoft Exchange Flaws

Date Published:  April 26, 2021


Excerpt:  “Experts from the Cybereason Nocturnus Team have investigated multiple incidents involving the Prometei Botnet. The attackers hit companies in North America and threat actors exploited the ProxyLogon Microsoft Exchange flaws (CVE-2021-27065 and CVE-2021-26858) to deliver malware in their networks. Attackers are exploiting the ProxyLogon flaws in Microsoft Exchange to recruit machines in a cryptocurrency botnet tracked as Prometei.”

Title: Hackers are Targeting Soliton FileZen File-sharing Servers

Date Published:  April 25, 2021


Excerpt:  “Threat actors are exploiting two vulnerabilities in the popular file-sharing server FileZen, tracked as CVE-2020-5639 and CVE-2021-20655, to steal sensitive data from businesses and government organizations.  FileZen servers allow users to share data according to their needs, overcoming problems with file size limits, content filters, and potential loss.  The CVE-2020-5639 vulnerability is a Directory traversal issue that could be exploited by remote attackers to upload an arbitrary file in a specific directory via unspecified vectors, potentially leading to arbitrary OS command execution.  The CVE-2021-20655 vulnerability could be exploited by a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.”

Title: This Password-stealing Android Malware is Spreading Quickly: Here’s What to Watch Out For

Date Published:  April 26, 2021


Excerpt:  “A malware campaign with the aim of stealing passwords, bank details and other sensitive information is spreading quickly through Android devices.  Known as FluBot, the malware is installed via text messages claiming to be from a delivery company that asks users to click a link to track a package delivery. This phishing link asks users to install an application to follow the fake delivery – but the app is actually malware for stealing information from infected Android smartphones.  Once installed, FluBot also gains access to the victim’s address book, allowing it to send the infected text message to all their contacts, further spreading the malware.”

Title: US Drilling Giant Gyrodata Reveals Employee Data Breach

Date Published:  April 26, 2021


Excerpt:  “A major oil drilling specialist has admitted it suffered a ransomware attack which may have led to the compromise of data belonging to current and former employees.  Houston-based Gyrodata claims to be one of the world’s leading suppliers of technology and services designed to extract hydrocarbons from the earth.  However, late last week it published a statement revealing the security incident, which was discovered on February 21.  There’s no information on whether the ransomware itself caused any disruption to the firm, but it did admit the potential impact on employees’ personal and financial data.”

Title: Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound

Date Published:  April 26, 2021


Excerpt:  “The Coveware Quarterly Ransomware Report describes ransomware incident response trends during Q1 of 2021. Data exfiltration extortion continues to be prevalent and we have reached an inflection point where the vast majority of ransomware attacks now include the theft of corporate data. Q1 saw a reversal of average and median ransom amounts. The averages in Q1 were pulled up by a raft of data exfiltration attacks by one specific threat actor group that opportunistically leveraged a unique vulnerability.”

Title: Researchers Say Enterprise Password Manager Hit in Supply Chain Attack

Date Published:  April 23, 2021


Excerpt:  “Researchers at CSIS Security Group claim they have discovered what they think might be the next big supply chain hack.  In an April 23 blog, the firm claimed to have digital evidence that Australian company ClickStudios suffered a breach, sometime between April 20 and April 22, which resulted in the attacker dropping a corrupted update to its password manager Passwordstate. A zip file contained a dynamic link library with the malicious code, according to the blog.  “The malicious code tries to contact [a URL] in order to retrieve a encrypted code. Once decrypted, the code is executed directly in memory,” the researchers write.”

Title: Hacker Dumps Sensitive Household Records of 250M Americans

Date Published:  April 26, 2021


Excerpt:  “On April 22nd, 2021, a hacker going by the online handle of Pompompurin leaked a database containing personal and sensitive household data of over 250 million (250,807,711) American citizens and residents.  As seen by Hackread.com, the database was leaked on a prominent hacker forum and comprises 263 GB worth of records including 1,255 CSV subfiles each with 200,000 listings.  Although, it is unclear who collected or owned the data, according to sources the leak came from open Apache SOLR hosted on Amazon Web Server. Additionally, the data was available on three different IP addresses all of which were accessed by the hacker before being removed or reassigned by its owner.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...