OSN April 5, 2021

Fortify Security Team
Apr 5, 2021

Title: Duke APT Group’s Latest Tools: Cloud Services and Linux Support
Date Published: April 5, 2021

https://www.f-secure.com/weblog/archives/00002822.html

Excerpt: “Recent weeks have seen the outing of two new additions to the Duke group’s toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it’s written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single – albeit cross-platform – trojan, CloudDuke appears to be an entire toolset of malware components, or “solutions” as the Duke group apparently calls them.”

Title: FBI: APTs Actively Exploiting Fortinet VPN Security Holes
Date Published: April 5, 2021

https://threatpost.com/fbi-apts-actively-exploiting-fortinet-vpn-security-holes/165213/

Excerpt: “The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat (APT) nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products. According to an alert issued Friday by the FBI and CISA, cyberattackers are scanning devices on ports 4443, 8443 and 10443, looking for unpatched Fortinet security implementations. Specifically, APTs are exploiting CVE-2018-13379, CVE-2019-5591 and CVE-2020-12812.”

Title: VMWare vRealize SSRF  Arbitrary File Write Vulnerability Alert
Date Published: April 5, 2021

https://haxf4rall.com/2021/03/31/vmware-vrealize-ssrf-arbitrary-file-write-vulnerability-alert/

Excerpt: “On March 30, 2021, VMWare had issued a risk notice of VMSA-2021-0004 to alert two vulnerabilities on VMWare vRealize.  The vulnerability number is CVE-2021-21975, CVE-2021-21983. It is worth noting that these two vulnerabilities can cooperate with each other to realize remote code execution without authentication.”

Title: Attackers Disclose Personal Data of Students in Massive Cyberattack
Date Published: April 5, 2021

https://heimdalsecurity.com/blog/attackers-disclose-data-of-students-in-cyberattack/

Excerpt: “In February, FireEye security specialists associated a series of cyberattacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11, but despite that, no systems were encrypted nor networks compromised.  They also issued a joint security advisory about ongoing attacks and extortion attempts targeting organizations that use vulnerable Accellion File Transfer Appliance (FTA) versions.”

Title: Malware Attack on Applus Blocked Vehicle Inspections in Some US States
Date Published: April 4, 2021

https://securityaffairs.co/wordpress/116338/malware/malware-attack-on-applus.html

Excerpt: “Applus Technologies is a worldwide leader in the testing, inspection and certification sector, the company was recently hit by a malware cyberattack that impacted vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. The attack took place on March 30th, in response to the infection the company was forced to disconnect its IT systems from the Internet to prevent the malware from spreading. The company did not reveal the type of malware that infected its systems, but experts speculate the involvement of a ransomware attack.”

Title: Clop Ransomware Operators Plunder US Universities
Date Published: April 4, 2021

https://securityaffairs.co/wordpress/116325/uncategorized/clop-ransomware-us-universities.html

Excerpt: “Clop ransomware operators have leaked the personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California. Data was stolen by the ransomware gang by compromising the Accellion File Transfer Appliance (FTA) application used by the universities to share information. Recently multiple universities were hit by CLOP operators, experts speculate all the the attacks are linked to Accellion security breach.”

Title: Capital One Discovered More Customers’ SSN’s Exposed in 2019 Hack
Date Published: April 3, 2021

https://securityaffairs.co/wordpress/116309/data-breach/capital-one-ssns.html

Excerpt: “US bank Capital One notified a number of additional customers that their Social Security numbers were exposed in the data breach that took place in July 2019. A hacker that was going online with the handle “erratic” breached the systems at Capital One and gained access to personal information from 106 million Capital One credit applications.”

Title: Activision Warns of Call of Duty Cheat Tool Used to Deliver RAT
Date Published: April 3, 2021

https://securityaffairs.co/wordpress/116301/malware/activision-call-of-duty-cheat-tool.html

Excerpt: “Activision, the company behind Call of Duty: Warzone and Guitar Hero series, is warning gamers that a threat actor is advertising cheat tools that deliver remote-access trojan (RAT). The company reported that in March of 2020 a threat actor posted on multiple hacking forums advertising a free, “newbie friendly” and effective method for spreading a RAT by tricking victims to disable their protections to install a video game cheat.”

Title: Evolution and Rise of the Avaddon Ransomware-as-a-Service
Date Published: April 3, 2021

https://securityaffairs.co/wordpress/116282/cyber-crime/avaddon-ransomware-evolution.html

Excerpt: “The Avaddon ransomware family first appeared in the threat landscape in February 2020, and its authors started offering it with a Ransomware-as-a-Service (RaaS) model in June, 2020. In August 2020, cybersecurity intelligence firm Kela was the first to report that the Avaddon ransomware operators announced on a Russian-speaking hacker forum their new data leak site.”

Title: Hackers Set Up a Fake Cybersecurity Firm to Target Security Experts
Date Published: March 31, 2021

https://thehackernews.com/2021/03/hackers-set-up-fake-cybersecurity-firm.html

Excerpt: “In an update shared on Wednesday, Google’s Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and LinkedIn in an attempt to trick unsuspecting researchers into visiting the company’s booby-trapped website “where a browser exploit was waiting to be triggered.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...