OSN May 11, 2021

Fortify Security Team
May 11, 2021

Title: U.S Intelligence Agencies Warn About 5G Network Weaknesses

Date Published: May 11, 2021

https://thehackernews.com/2021/05/us-intelligence-agencies-warn-about-5g.html

Excerpt: “Specifically, the report cites undue influence from adversarial nations on the development of technical standards, which may pave the way for adopting untrusted proprietary technologies and equipment that could be difficult to update, repair, and replace. Also of concern, per the report, are the optional security controls baked into telecommunication protocols, which, if not implemented by network operators, could leave the door open to malicious attacks.”

Title: Everything You Need to Know About the Colonial Pipeline Ransomware Attack

Date Published: May 11, 2021

https://www.zdnet.com/article/everything-you-need-to-know-about-the-colonial-pipeline-ransomware-attack/

Excerpt: “However, what appears to have happened is a ransomware outbreak, linked to the DarkSide group, that struck Colonial Pipeline’s networks.  The oil giant said it “proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems.” Colonial Pipeline’s latest update, published on Monday 10, said that remediation is ongoing and each system is being worked on in an “incremental approach”.”

Title: FBI and Australia Acsc Agencies Warn of Ongoing Avaddon Ransomware Attacks

Date Published: May 11, 2021

https://securityaffairs.co/wordpress/117765/malware/avaddon-targets-orgs-worldwide.html

Excerpt: “The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations worldwide in multiple industries, including government, finance, energy, manufacturing, and healthcare. The alert published by the ACSC provides a list of countries under attack which includes the US, UK, Germany, France, China, Italy, Brazil, India, UAE, France, and Spain.”

Title: Experts Warn of a New Android Banking Trojan Stealing Users’ Credentials

Date Published: May 11, 2021

https://thehackernews.com/2021/05/experts-warn-of-new-android-banking.html

Excerpt: “In the last link of the attack chain, TeaBot exploits the access to achieve real-time interaction with the compromised device, enabling the adversary to record keystrokes, in addition to taking screenshots and injecting malicious overlays on top of login screens of banking apps to steal credentials and credit card information. Other capabilities of TeaBot include disabling Google Play Protect, intercepting SMS messages, and accessing Google Authenticator 2FA codes. The collected information is then exfiltrated every 10 seconds to a remote server controlled by the attacker.”

Title: #CYBERUK21: We Have Reached a Moment of Reckoning in Cybersecurity, Says GCHQ Director

Date Published: May 11, 2021

https://www.infosecurity-magazine.com/news/cyberuk-moment-of-reckoning-cyber/

Excerpt: “Fleming began his talk by highlighting the greater role technology is playing in our lives as a result of the ongoing COVID-19 pandemic. While accelerated digitization has enabled society to continue functioning while maintaining social distancing restrictions, it has also provided more opportunities for malicious actors to launch cyber-attacks. The result is that cybersecurity is even more relevant to our economy, society, and, increasingly, to our security.”

Title: 80% of Net Neutrality Comments to FCC Were Fudged

Date Published: May 7, 2021

https://threatpost.com/net-neutrality-comments-fcc-fudged/165943/

Excerpt: “A secret campaign by the broadband industry to offer support to roll back net neutrality resulted in fake comments comprising more than 40 percent of those sent to the FCC during the public comments phase of its decision, according to the report by the New York State Office of the Attorney General. The industry also sent more than half a million fake letters to Congress to “create the appearance of widespread grassroots opposition to existing net neutrality rules, which as described in an internal campaign planning document would help provide ‘cover’ for the FCC’s proposed repeal.”

Title: 90% of Security Leaders View BOT Management as a Top Priority

Date Published: May 11, 2021

https://www.helpnetsecurity.com/2021/05/11/bot-management-top-priority/

Excerpt: “HUMAN published a research into security leaders’ perceptions of and responses to sophisticated bot attacks. The research, which was conducted by Enterprise Strategy Group (ESG), revealed concerns about the threats bots pose, including site slowdowns caused by overwhelming traffic, new account fraud, credential cracking/brute force attacks, account takeover, content manipulation, sensitive content scraping, and inventory exhaustion and cart abandonment.”

Title: Four Plead Guilty to RICO Conspiracy Involving Hosting Services for Cybercrime

Date Published: May 10, 2021

https://www.darkreading.com/threat-intelligence/four-plead-guilty-to-rico-conspiracy-involving-hosting-services-for-cybercrime/d/d-id/1340966

Excerpt: “The four defendants were founders and/or members of a group that rented IP addresses, servers, and domains to their cybercriminal clients, the Department of Justice reported late last week. Criminals used the infrastructure to spread malware and gain access to victim machines, create botnets, and steal banking credentials that they could use to conduct more fraud.”

Title: App Tracking: Apps Plead for Users to Press Allow, but 85% of Apple Ios Consumers Are Not Opting in

Date Published: May 11, 2021

https://www.theregister.com/2021/05/11/85_of_apple_ios_users/

Excerpt: “Mobile app analytics company Flurry is measuring how many users of iOS 14.5 are opting in to allow apps to request to track them – and so far only 15 percent worldwide have done so. iOS 14.5 was released on April 26 and is gradually rolling out to users with compatible iOS devices. One of its new features is enforcement of what Apple calls AppTrackingTransparency, which means that apps must request permission from the user before tracking them or accessing the Apple device identifier (IDFA).”

Title: Hacking Kerberos With AS-REP Roasting

Date Published: May 11, 2021

https://trevorxcohen.medium.com/hacking-kerberos-e0f80a46cb20

Excerpt: “Kerberos, developed by MIT, is a network authentication protocol used in Active Directory most commonly running on port 88 with password management on port 464.
The Kerberos protocol enables a client/user to identify itself to a server (and vice versa) across a network — thus providing strong authentication. However, Kerberos does not Authorize which services the client/user can access (this is normally done by LDAP).”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...