OSN April 5, 2021

Fortify Security Team
Apr 5, 2021

Title: Duke APT Group’s Latest Tools: Cloud Services and Linux Support
Date Published: April 5, 2021


Excerpt: “Recent weeks have seen the outing of two new additions to the Duke group’s toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it’s written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single – albeit cross-platform – trojan, CloudDuke appears to be an entire toolset of malware components, or “solutions” as the Duke group apparently calls them.”

Title: FBI: APTs Actively Exploiting Fortinet VPN Security Holes
Date Published: April 5, 2021


Excerpt: “The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat (APT) nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products. According to an alert issued Friday by the FBI and CISA, cyberattackers are scanning devices on ports 4443, 8443 and 10443, looking for unpatched Fortinet security implementations. Specifically, APTs are exploiting CVE-2018-13379, CVE-2019-5591 and CVE-2020-12812.”

Title: VMWare vRealize SSRF  Arbitrary File Write Vulnerability Alert
Date Published: April 5, 2021


Excerpt: “On March 30, 2021, VMWare had issued a risk notice of VMSA-2021-0004 to alert two vulnerabilities on VMWare vRealize.  The vulnerability number is CVE-2021-21975, CVE-2021-21983. It is worth noting that these two vulnerabilities can cooperate with each other to realize remote code execution without authentication.”

Title: Attackers Disclose Personal Data of Students in Massive Cyberattack
Date Published: April 5, 2021


Excerpt: “In February, FireEye security specialists associated a series of cyberattacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11, but despite that, no systems were encrypted nor networks compromised.  They also issued a joint security advisory about ongoing attacks and extortion attempts targeting organizations that use vulnerable Accellion File Transfer Appliance (FTA) versions.”

Title: Malware Attack on Applus Blocked Vehicle Inspections in Some US States
Date Published: April 4, 2021


Excerpt: “Applus Technologies is a worldwide leader in the testing, inspection and certification sector, the company was recently hit by a malware cyberattack that impacted vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. The attack took place on March 30th, in response to the infection the company was forced to disconnect its IT systems from the Internet to prevent the malware from spreading. The company did not reveal the type of malware that infected its systems, but experts speculate the involvement of a ransomware attack.”

Title: Clop Ransomware Operators Plunder US Universities
Date Published: April 4, 2021


Excerpt: “Clop ransomware operators have leaked the personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California. Data was stolen by the ransomware gang by compromising the Accellion File Transfer Appliance (FTA) application used by the universities to share information. Recently multiple universities were hit by CLOP operators, experts speculate all the the attacks are linked to Accellion security breach.”

Title: Capital One Discovered More Customers’ SSN’s Exposed in 2019 Hack
Date Published: April 3, 2021


Excerpt: “US bank Capital One notified a number of additional customers that their Social Security numbers were exposed in the data breach that took place in July 2019. A hacker that was going online with the handle “erratic” breached the systems at Capital One and gained access to personal information from 106 million Capital One credit applications.”

Title: Activision Warns of Call of Duty Cheat Tool Used to Deliver RAT
Date Published: April 3, 2021


Excerpt: “Activision, the company behind Call of Duty: Warzone and Guitar Hero series, is warning gamers that a threat actor is advertising cheat tools that deliver remote-access trojan (RAT). The company reported that in March of 2020 a threat actor posted on multiple hacking forums advertising a free, “newbie friendly” and effective method for spreading a RAT by tricking victims to disable their protections to install a video game cheat.”

Title: Evolution and Rise of the Avaddon Ransomware-as-a-Service
Date Published: April 3, 2021


Excerpt: “The Avaddon ransomware family first appeared in the threat landscape in February 2020, and its authors started offering it with a Ransomware-as-a-Service (RaaS) model in June, 2020. In August 2020, cybersecurity intelligence firm Kela was the first to report that the Avaddon ransomware operators announced on a Russian-speaking hacker forum their new data leak site.”

Title: Hackers Set Up a Fake Cybersecurity Firm to Target Security Experts
Date Published: March 31, 2021


Excerpt: “In an update shared on Wednesday, Google’s Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and LinkedIn in an attempt to trick unsuspecting researchers into visiting the company’s booby-trapped website “where a browser exploit was waiting to be triggered.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...