OSN April 6, 2021

Fortify Security Team
Apr 6, 2021

Title: Kaspersky Uncovers New APAC Cyberespionage Campaign
Date Published: April 5, 2021


Excerpt: “Kaspersky researchers have uncovered an advanced cyberespionage campaign targeting government and military organizations in Vietnam. They believe this campaign was conducted by a group related to Cycldek, a Chinese-speaking threat group that has been active since at least 2013. New tactics seen in this campaign represent “a major advancement in terms of sophistication,” Kaspersky says in a statement on the findings.”

Title: Data from 553 Million Facebook Accounts Leaked Online
Date Published: April 5, 2021


Excerpt: “This is old data that was previously reported on in 2019,” wrote Liz Bourgeois, Facebook’s director of strategic response communications, in a tweet. “We found and fixed this issue in August 2019.” But while the data itself may be a couple of years old, it could prove relevant and handy to scammers who want to impersonate individuals or launch spear-phishing attacks, wrote Alon Gal, CTO and co-founder at security firm Hudson Rock, in a tweet discussing the massive data leak on April 3. The 553 million Facebook users affected make up about 20% of its total user base.”

Title: How Alleged Iranian Hackers Are Posing as an Israeli Scientist to Spy on Us Medical Professionals
Date Published: April 5, 2021


Excerpt: “Suspected Iranian hackers have impersonated a well-known Israeli physicist as part of a broader campaign to break into the email accounts of some two-dozen medical researchers in Israel and the U.S., email security firm Proofpoint said Wednesday. The intrusion attempts — carefully crafted efforts to spy on senior medical professionals in the genetic, neurology and oncology fields — are the handiwork of the Charming Kitten hacking group, Proofpoint said. A 2019 U.S Justice Department indictment linked the group to the Iranian military.”

Title: The Leap of a Cycldek-Related Threat Actor
Date Published: April 5, 2021


Excerpt: “In the nebula of Chinese-speaking threat actors, it is quite common to see tools and methodologies being shared. One such example of this is the infamous “DLL side-loading triad”: a legitimate executable, a malicious DLL to be sideloaded by it, and an encoded payload, generally dropped from a self-extracting archive. Initially considered to be the signature of LuckyMouse, we observed other groups starting to use similar “triads” such as HoneyMyte.”

Title: Experts Discovered a Privilege Escalation Issue in Popular Umbraco CMS
Date Published: April 6, 2021


Excerpt: “The vulnerability affects an API endpoint that fails to properly check the user’s authorization prior to returning results found to the application’s logging section. “Umbraco version 8.9.0 (also seen in 8.6.3) has a privilege escalation issue in the core administrative screens which allows a low privileged user to access various resources otherwise limited to higher privileged users.” reads the post published by Trustwave. “The issue exists in an API endpoint that does not properly check the user’s authorization prior to returning results found in the application’s logging section.”

Title: Experts Found Critical Flaws in Rockwell Factorytalk Assetcentre
Date Published: April 6, 2021


Excerpt: “Claroty researchers were able to find deserialization vulnerabilities in a number of remoting services running on FactoryTalk AssetCentre, which handle inter-process communication within an OT network, as well as SQL-injection vulnerabilities in other service functions. These services run with the highest system privileges, meaning that any arbitrary code supplied by an attacker would also execute with those same privileges, allowing full access to the machine.”

Title: ‘Anomalous Surge in DNS Queries’ Knocked Microsoft’s Cloud off the Web Last Week
Date Published: April 6, 2021


Excerpt: “It was a tsunami of DNS queries that ultimately took out a host of Microsoft services, from Xbox Live to Teams, for some netizens about an hour on April Fools’ Day, Redmond has said. Or as the Windows giant put it, the outage was the result of “an anomalous surge in DNS queries from across the globe targeting a set of domains hosted on Azure.” In a postmortem examination of the downtime, Microsoft said the flood of requests triggered a programming flaw in its infrastructure that hampered its ability to cope with the demand.”

Title: Hackers Targeting professionals With ‘more_eggs’ Malware via LinkedIn Job Offers
Date Published: April 6, 2021


Excerpt: “Campaigns delivering more_eggs using the same modus operandi have been spotted at least since 2018, with the backdoor attributed to a malware-as-a-service (MaaS) provider called Golden Chickens. The adversaries behind this new wave of attacks remain unknown as yet, although more_eggs has been put to use by various cybercrime groups such as Cobalt, FIN6, and EvilNum in the past.”

Title: Firmware Attacks, a Grey Area in Cybersecurity of Organizations
Date Published: April 5, 2021


Excerpt: “The study showed that current investment is going to security updates, vulnerability scanning, and advanced threat protection solutions.” reads the report published by Microsoft. “Yet despite this, many organizations are concerned about malware accessing their system as well as the difficulty in detecting threats, suggesting that firmware is more difficult to monitor and control. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

Title: Ubiquiti All But Confirms Breach Response Iniquity
Date Published: April 4, 2021


Excerpt: “In reality, Adam said, the attackers had gained administrative access to Ubiquiti’s servers at Amazon’s cloud service, which secures the underlying server hardware and software but requires the cloud tenant (client) to secure access to any data stored there. “They were able to get cryptographic secrets for single sign-on cookies and remote access, full source code control contents, and signing keys exfiltration.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...