OSN April 5, 2021

Fortify Security Team
Apr 5, 2021

Title: Duke APT Group’s Latest Tools: Cloud Services and Linux Support
Date Published: April 5, 2021


Excerpt: “Recent weeks have seen the outing of two new additions to the Duke group’s toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it’s written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single – albeit cross-platform – trojan, CloudDuke appears to be an entire toolset of malware components, or “solutions” as the Duke group apparently calls them.”

Title: FBI: APTs Actively Exploiting Fortinet VPN Security Holes
Date Published: April 5, 2021


Excerpt: “The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat (APT) nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products. According to an alert issued Friday by the FBI and CISA, cyberattackers are scanning devices on ports 4443, 8443 and 10443, looking for unpatched Fortinet security implementations. Specifically, APTs are exploiting CVE-2018-13379, CVE-2019-5591 and CVE-2020-12812.”

Title: VMWare vRealize SSRF  Arbitrary File Write Vulnerability Alert
Date Published: April 5, 2021


Excerpt: “On March 30, 2021, VMWare had issued a risk notice of VMSA-2021-0004 to alert two vulnerabilities on VMWare vRealize.  The vulnerability number is CVE-2021-21975, CVE-2021-21983. It is worth noting that these two vulnerabilities can cooperate with each other to realize remote code execution without authentication.”

Title: Attackers Disclose Personal Data of Students in Massive Cyberattack
Date Published: April 5, 2021


Excerpt: “In February, FireEye security specialists associated a series of cyberattacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11, but despite that, no systems were encrypted nor networks compromised.  They also issued a joint security advisory about ongoing attacks and extortion attempts targeting organizations that use vulnerable Accellion File Transfer Appliance (FTA) versions.”

Title: Malware Attack on Applus Blocked Vehicle Inspections in Some US States
Date Published: April 4, 2021


Excerpt: “Applus Technologies is a worldwide leader in the testing, inspection and certification sector, the company was recently hit by a malware cyberattack that impacted vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. The attack took place on March 30th, in response to the infection the company was forced to disconnect its IT systems from the Internet to prevent the malware from spreading. The company did not reveal the type of malware that infected its systems, but experts speculate the involvement of a ransomware attack.”

Title: Clop Ransomware Operators Plunder US Universities
Date Published: April 4, 2021


Excerpt: “Clop ransomware operators have leaked the personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California. Data was stolen by the ransomware gang by compromising the Accellion File Transfer Appliance (FTA) application used by the universities to share information. Recently multiple universities were hit by CLOP operators, experts speculate all the the attacks are linked to Accellion security breach.”

Title: Capital One Discovered More Customers’ SSN’s Exposed in 2019 Hack
Date Published: April 3, 2021


Excerpt: “US bank Capital One notified a number of additional customers that their Social Security numbers were exposed in the data breach that took place in July 2019. A hacker that was going online with the handle “erratic” breached the systems at Capital One and gained access to personal information from 106 million Capital One credit applications.”

Title: Activision Warns of Call of Duty Cheat Tool Used to Deliver RAT
Date Published: April 3, 2021


Excerpt: “Activision, the company behind Call of Duty: Warzone and Guitar Hero series, is warning gamers that a threat actor is advertising cheat tools that deliver remote-access trojan (RAT). The company reported that in March of 2020 a threat actor posted on multiple hacking forums advertising a free, “newbie friendly” and effective method for spreading a RAT by tricking victims to disable their protections to install a video game cheat.”

Title: Evolution and Rise of the Avaddon Ransomware-as-a-Service
Date Published: April 3, 2021


Excerpt: “The Avaddon ransomware family first appeared in the threat landscape in February 2020, and its authors started offering it with a Ransomware-as-a-Service (RaaS) model in June, 2020. In August 2020, cybersecurity intelligence firm Kela was the first to report that the Avaddon ransomware operators announced on a Russian-speaking hacker forum their new data leak site.”

Title: Hackers Set Up a Fake Cybersecurity Firm to Target Security Experts
Date Published: March 31, 2021


Excerpt: “In an update shared on Wednesday, Google’s Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and LinkedIn in an attempt to trick unsuspecting researchers into visiting the company’s booby-trapped website “where a browser exploit was waiting to be triggered.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...