OSN April 26, 2021

Fortify Security Team
Apr 26, 2021

Title: Emotet Malware Nukes Itself Today From All Infected Computers Worldwide

Date Published:  April 25, 2021


Excerpt:  “Emotet, one of the most dangerous email spam botnets in recent history, is being uninstalled today from all infected devices with the help of a malware module delivered in January by law enforcement.  The botnet’s takedown is the result of an international law enforcement action that allowed investigators to take control of the Emotet’s servers and disrupt the malware’s operation.”

Title: Hacker Leaks 20 Million Alleged BigBasket User Records for Free

Date Published:  April 26, 2021


Excerpt:  “A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum.  BigBasket is a popular Indian online grocery delivery service that allows people to shop online for food and deliver it to their homes.  This morning, a well-known seller of data breaches known as ShinyHunters posted a database for free on a hacker forum that he claims was stolen from BigBasket.”

Title: QNAP NAS Devices Under Ransomware Attack

Date Published:  April 26, 2021


Excerpt:  “QNAP NAS device owners are once again under attack by ransomware operators, who are exploiting a recently fixed vulnerability to lock data on vulnerable devices by using the 7-Zip open-source file archiver utility.  CVE-2020-2509, a command injection vulnerability in QTS and QuTS hero, and CVE-2020-36195, an SQL injection vulnerability affecting QNAP NAS running Multimedia Console or the Media Streaming add-on.”

Title: Prometei Botnet is Targeting ProxyLogon Microsoft Exchange Flaws

Date Published:  April 26, 2021


Excerpt:  “Experts from the Cybereason Nocturnus Team have investigated multiple incidents involving the Prometei Botnet. The attackers hit companies in North America and threat actors exploited the ProxyLogon Microsoft Exchange flaws (CVE-2021-27065 and CVE-2021-26858) to deliver malware in their networks. Attackers are exploiting the ProxyLogon flaws in Microsoft Exchange to recruit machines in a cryptocurrency botnet tracked as Prometei.”

Title: Hackers are Targeting Soliton FileZen File-sharing Servers

Date Published:  April 25, 2021


Excerpt:  “Threat actors are exploiting two vulnerabilities in the popular file-sharing server FileZen, tracked as CVE-2020-5639 and CVE-2021-20655, to steal sensitive data from businesses and government organizations.  FileZen servers allow users to share data according to their needs, overcoming problems with file size limits, content filters, and potential loss.  The CVE-2020-5639 vulnerability is a Directory traversal issue that could be exploited by remote attackers to upload an arbitrary file in a specific directory via unspecified vectors, potentially leading to arbitrary OS command execution.  The CVE-2021-20655 vulnerability could be exploited by a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.”

Title: This Password-stealing Android Malware is Spreading Quickly: Here’s What to Watch Out For

Date Published:  April 26, 2021


Excerpt:  “A malware campaign with the aim of stealing passwords, bank details and other sensitive information is spreading quickly through Android devices.  Known as FluBot, the malware is installed via text messages claiming to be from a delivery company that asks users to click a link to track a package delivery. This phishing link asks users to install an application to follow the fake delivery – but the app is actually malware for stealing information from infected Android smartphones.  Once installed, FluBot also gains access to the victim’s address book, allowing it to send the infected text message to all their contacts, further spreading the malware.”

Title: US Drilling Giant Gyrodata Reveals Employee Data Breach

Date Published:  April 26, 2021


Excerpt:  “A major oil drilling specialist has admitted it suffered a ransomware attack which may have led to the compromise of data belonging to current and former employees.  Houston-based Gyrodata claims to be one of the world’s leading suppliers of technology and services designed to extract hydrocarbons from the earth.  However, late last week it published a statement revealing the security incident, which was discovered on February 21.  There’s no information on whether the ransomware itself caused any disruption to the firm, but it did admit the potential impact on employees’ personal and financial data.”

Title: Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound

Date Published:  April 26, 2021


Excerpt:  “The Coveware Quarterly Ransomware Report describes ransomware incident response trends during Q1 of 2021. Data exfiltration extortion continues to be prevalent and we have reached an inflection point where the vast majority of ransomware attacks now include the theft of corporate data. Q1 saw a reversal of average and median ransom amounts. The averages in Q1 were pulled up by a raft of data exfiltration attacks by one specific threat actor group that opportunistically leveraged a unique vulnerability.”

Title: Researchers Say Enterprise Password Manager Hit in Supply Chain Attack

Date Published:  April 23, 2021


Excerpt:  “Researchers at CSIS Security Group claim they have discovered what they think might be the next big supply chain hack.  In an April 23 blog, the firm claimed to have digital evidence that Australian company ClickStudios suffered a breach, sometime between April 20 and April 22, which resulted in the attacker dropping a corrupted update to its password manager Passwordstate. A zip file contained a dynamic link library with the malicious code, according to the blog.  “The malicious code tries to contact [a URL] in order to retrieve a encrypted code. Once decrypted, the code is executed directly in memory,” the researchers write.”

Title: Hacker Dumps Sensitive Household Records of 250M Americans

Date Published:  April 26, 2021


Excerpt:  “On April 22nd, 2021, a hacker going by the online handle of Pompompurin leaked a database containing personal and sensitive household data of over 250 million (250,807,711) American citizens and residents.  As seen by Hackread.com, the database was leaked on a prominent hacker forum and comprises 263 GB worth of records including 1,255 CSV subfiles each with 200,000 listings.  Although, it is unclear who collected or owned the data, according to sources the leak came from open Apache SOLR hosted on Amazon Web Server. Additionally, the data was available on three different IP addresses all of which were accessed by the hacker before being removed or reassigned by its owner.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...