OSN April 6, 2021

Fortify Security Team
Apr 6, 2021

Title: Kaspersky Uncovers New APAC Cyberespionage Campaign
Date Published: April 5, 2021


Excerpt: “Kaspersky researchers have uncovered an advanced cyberespionage campaign targeting government and military organizations in Vietnam. They believe this campaign was conducted by a group related to Cycldek, a Chinese-speaking threat group that has been active since at least 2013. New tactics seen in this campaign represent “a major advancement in terms of sophistication,” Kaspersky says in a statement on the findings.”

Title: Data from 553 Million Facebook Accounts Leaked Online
Date Published: April 5, 2021


Excerpt: “This is old data that was previously reported on in 2019,” wrote Liz Bourgeois, Facebook’s director of strategic response communications, in a tweet. “We found and fixed this issue in August 2019.” But while the data itself may be a couple of years old, it could prove relevant and handy to scammers who want to impersonate individuals or launch spear-phishing attacks, wrote Alon Gal, CTO and co-founder at security firm Hudson Rock, in a tweet discussing the massive data leak on April 3. The 553 million Facebook users affected make up about 20% of its total user base.”

Title: How Alleged Iranian Hackers Are Posing as an Israeli Scientist to Spy on Us Medical Professionals
Date Published: April 5, 2021


Excerpt: “Suspected Iranian hackers have impersonated a well-known Israeli physicist as part of a broader campaign to break into the email accounts of some two-dozen medical researchers in Israel and the U.S., email security firm Proofpoint said Wednesday. The intrusion attempts — carefully crafted efforts to spy on senior medical professionals in the genetic, neurology and oncology fields — are the handiwork of the Charming Kitten hacking group, Proofpoint said. A 2019 U.S Justice Department indictment linked the group to the Iranian military.”

Title: The Leap of a Cycldek-Related Threat Actor
Date Published: April 5, 2021


Excerpt: “In the nebula of Chinese-speaking threat actors, it is quite common to see tools and methodologies being shared. One such example of this is the infamous “DLL side-loading triad”: a legitimate executable, a malicious DLL to be sideloaded by it, and an encoded payload, generally dropped from a self-extracting archive. Initially considered to be the signature of LuckyMouse, we observed other groups starting to use similar “triads” such as HoneyMyte.”

Title: Experts Discovered a Privilege Escalation Issue in Popular Umbraco CMS
Date Published: April 6, 2021


Excerpt: “The vulnerability affects an API endpoint that fails to properly check the user’s authorization prior to returning results found to the application’s logging section. “Umbraco version 8.9.0 (also seen in 8.6.3) has a privilege escalation issue in the core administrative screens which allows a low privileged user to access various resources otherwise limited to higher privileged users.” reads the post published by Trustwave. “The issue exists in an API endpoint that does not properly check the user’s authorization prior to returning results found in the application’s logging section.”

Title: Experts Found Critical Flaws in Rockwell Factorytalk Assetcentre
Date Published: April 6, 2021


Excerpt: “Claroty researchers were able to find deserialization vulnerabilities in a number of remoting services running on FactoryTalk AssetCentre, which handle inter-process communication within an OT network, as well as SQL-injection vulnerabilities in other service functions. These services run with the highest system privileges, meaning that any arbitrary code supplied by an attacker would also execute with those same privileges, allowing full access to the machine.”

Title: ‘Anomalous Surge in DNS Queries’ Knocked Microsoft’s Cloud off the Web Last Week
Date Published: April 6, 2021


Excerpt: “It was a tsunami of DNS queries that ultimately took out a host of Microsoft services, from Xbox Live to Teams, for some netizens about an hour on April Fools’ Day, Redmond has said. Or as the Windows giant put it, the outage was the result of “an anomalous surge in DNS queries from across the globe targeting a set of domains hosted on Azure.” In a postmortem examination of the downtime, Microsoft said the flood of requests triggered a programming flaw in its infrastructure that hampered its ability to cope with the demand.”

Title: Hackers Targeting professionals With ‘more_eggs’ Malware via LinkedIn Job Offers
Date Published: April 6, 2021


Excerpt: “Campaigns delivering more_eggs using the same modus operandi have been spotted at least since 2018, with the backdoor attributed to a malware-as-a-service (MaaS) provider called Golden Chickens. The adversaries behind this new wave of attacks remain unknown as yet, although more_eggs has been put to use by various cybercrime groups such as Cobalt, FIN6, and EvilNum in the past.”

Title: Firmware Attacks, a Grey Area in Cybersecurity of Organizations
Date Published: April 5, 2021


Excerpt: “The study showed that current investment is going to security updates, vulnerability scanning, and advanced threat protection solutions.” reads the report published by Microsoft. “Yet despite this, many organizations are concerned about malware accessing their system as well as the difficulty in detecting threats, suggesting that firmware is more difficult to monitor and control. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

Title: Ubiquiti All But Confirms Breach Response Iniquity
Date Published: April 4, 2021


Excerpt: “In reality, Adam said, the attackers had gained administrative access to Ubiquiti’s servers at Amazon’s cloud service, which secures the underlying server hardware and software but requires the cloud tenant (client) to secure access to any data stored there. “They were able to get cryptographic secrets for single sign-on cookies and remote access, full source code control contents, and signing keys exfiltration.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...