OSN April 8, 2021

Fortify Security Team
Apr 8, 2021

Title: Black Kingdom Ransomware Attacked 1,500 Exchange Server Servers for Ransom

Date Published: April 8, 2021


Excerpt: “The latest report released by the Microsoft 365 Defender Threat Intelligence Team stated that a hacker group named the Black Kingdom launched an attack from March 18th to 20th. Microsoft claims that there are about 1,500 servers attacked by this ransomware, but not all infected servers have entered the stage of ransomware or encrypted files. Some servers have been infected but ransomware has not yet been deployed. Therefore, companies can avoid ransomware if they use detection tools released by Microsoft to check and clean up.”

Title: Office 365 Phishing Campaign Uses Publicly Hosted Javascript Code

Date Published: April 8, 2021


Excerpt: “A new phishing campaign targeting Office 365 users cleverly tries to bypass email security protections by combining chunks of HTML code delivered via publicly hosted JavaScript code. Once the victim submits the login credentials, they are effectively compromised, and the victim is shown a web page saying that they account or password info is incorrect and urges them to try to log in again.”

Title: Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets

Date Published: April 8, 2021


Excerpt: “Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called “Cring” inside corporate networks. At least one of the hacking incidents led to the temporary shutdown of a production site, said cybersecurity firm Kaspersky in a report published on Wednesday, without publicly naming the victim.”

Title: (Are You) Afreight of the Dark? Watch Out for Vyveva, New Lazarus Backdoor

Date Published: April 8, 2021


Excerpt: “ESET researchers have discovered a previously undocumented Lazarus backdoor used to attack a freight logistics company in South Africa, which they have dubbed Vyveva. The backdoor consists of multiple components and communicates with its C&C server via the Tor network. So far, we were able to find its installer, loader and main payload – a backdoor with a TorSocket DLL. The previously unknown attack was discovered in June 2020.”

Title: Tech Support Scammers Lure Victims With Fake Antivirus Billing Emails

Date Published: April 6, 2021


Excerpt: “Tech support scammers are pretending to be from Microsoft, McAfee, and Norton to target users with fake antivirus billing renewals in a large-scale email campaign. While browsing the web, most people at one time or another have been redirected to a tech support scam website that pretends your computer is infected and then prompts you to dial a displayed phone number.”

Title: Cisco Fixed Multiple Flaws in SD-Wan Vmanage Software, Including a Critical RCE

Date Published: April 8, 2021


Excerpt: “The tech giant also addressed two other high-severity security flaws in the user management and system file transfer functions of the same product, respectively tracked as CVE-2021-1137 and CVE-2021-1480. Both flaws could allow attackers to escalate privileges. Both flaws are due to insufficient input validation, they could be triggered to gain root privileges on the underlying operating system.”

Title: Armed Conflict Draws Closer as State-Backed Cyber-Attacks Intensify


Date Published: April 8, 2021

Excerpt: “Nation states are also developing weaponized chatbots to deliver more persuasive phishing messages, react to new events and send messages via social media sites. In the future, we can also expect to see the use of deep fakes on the digital battlefield, drone swarms capable of disrupting communications or engaging in surveillance, and quantum computing devices with the ability to break almost any encrypted system.”

Title: Revil Ransomware Now Changes Password to Auto-Login in Safe Mode

Date Published: April 7, 2021


Excerpt: “At the end of March, a new sample of the REvil ransomware was discovered by security researcher R3MRUM that refines the new Safe Mode encryption method by changing the logged-on user’s password and configuring Windows to automatically login on reboot. With this new sample, when the -smode argument is used, the ransomware will change the user’s password to ‘DTrump4ever.’ The ransomware then configures the following Registry values so that Windows will automatically login with the new account information.”

Title: Office Depot Configuration Error Exposes One Million Records

Date Published: April 7, 2021


Excerpt: “The non-password protected database was discovered by a Website Planet team led by Jeremiah Fowler on March 3. They quickly traced it back to Office Depot Europe, which operates across the region with bricks-and-mortar stores and online under the Office Depot and Viking brands. Among the 974,000 unencrypted records found in the database were customer names, phone numbers, home and office addresses, @members.ebay addresses, marketplace logs, order histories and hashed passwords.”

Title: Fake Netflix App on Google Play Spreads Malware via WhatsApp

Date Published: April 7, 2021


Excerpt: “The malware was designed to listen for incoming WhatsApp messages and automatically respond to any that the victims receive, with the content of the response crafted by the adversaries. The responses attempted to lure others with the offer of a free Netflix service, and contained links to a fake Netflix site that phished for credentials and credit card information.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...