OSN May 18, 2021

Fortify Security Team
May 18, 2021

Title: Spear-phishing Alert: Hackers Impersonate Truist Bank in an Attempt to Dispatch Malware
Date Published: May 18, 2021


Excerpt: “In a spear-phishing campaign, Truist Financial Corporation has been impersonated by cybercriminals trying to spread malware that seemed to look like remote access trojan (RAT), a program used by hackers to take complete control of the victim’s computer to perform malicious activities. Truist Financial Corp. is one of the largest banks in the United States operating 2.049 branches in 15 states that offers consumer and commercial banking, securities brokerage, asset management, mortgage, and insurance products and services.”

Title: Splunk Announces Intent to Acquire TruSTAR
Date Published: May 18, 2021


Excerpt: “Being an enterprise security professional has never been an easy job, but in many ways it’s harder than ever right now. SOCs are overwhelmed. Remote work environments continue to create and expose new threats. Security analysts struggle to glean actionable information from fragmented workflows and intelligence sources. And according to our upcoming Splunk State of Security Report, 78 percent of you expect another supply-chain attack of the same magnitude as SolarWinds — or worse.”

Title: Microsoft, Adobe Exploits Top List of Crooks’ Wish List
Date Published: May 18, 2021


Excerpt: “A year-long study into the underground market for exploits in cybercriminal forums shows that crooks are salivating for Microsoft bugs, which are far and away the most requested and most sold exploits. The exploit market is accommodating cybercrooks’ hunger for puncturing Microsoft products, according to Trend Micro. A second data point (see chart below) shows that 61 percent of sold exploits targeted Microsoft products, including Office, Windows, Internet Explorer and Microsoft Remote Desktop Protocol (RDP).”

Title: Ransomware: Patient Data Could Be ‘Abused’ After Health Service Attack, Warns Irish Government
Date Published: May 18, 2021


Excerpt: “There is a risk that sensitive medical information and other patient data will be leaked in the aftermath of a serious ransomware attack against Ireland’s health services, the Irish government has warned.  Condemning any public release by the attackers of stolen patient data as “utterly contemptible”, officials have urged anyone who is affected to contact the Health Service Executive (HSE) or the authorities.”

Title: Analysis of Nocry Ransomware: A Variant of the Judge Ransomware
Date Published: May 18, 2021


Excerpt: “The NoCry ransomware we analyzed is very similar to Judge, the one we previously looked at. It creates a mutex to prevent multiple instances from running in parallel, provides sandbox detection and deletes system restore points. When those tasks are completed, the ransomware starts encrypting the victim’s files. The file encryption process is the same, and therefore, our decryptor can also be used for NoCry.”

Title: AXA Faces DDoS After Ransomware Attack
Date Published: May 18, 2021


Excerpt: “Insurance giant AXA could face a barrage of DDoS attacks if it refuses to engage with a ransomware group that claims to have stolen terabytes of data from some of its Asia customers. It emerged over the weekend that partners of the French multinational had been struck by the Avaddon variant, which claimed to have encrypted data in Thailand, the Philippines, Hong Kong and Malaysia. The group also claimed to have stolen 3TB of highly sensitive data including customer HIV and STD reports, customer and doctor ID documents and bank account details, and much more.”

Title: FBI Receives Record Level of Complaints for Online Scams, Investment Fraud
Date Published: May 18, 2021

Excerpt: “According to the US agency, annual complaint volumes increased by close to 70% between 2019 and 2020. The most common crimes reported were phishing scams, schemes relating to non-payment or non-delivery, and extortion attempts. The coronavirus pandemic paved the way for new kinds of scams over 2020, many of which centered around fake vaccination appointment requests, online delivery notifications — a popular phishing method made even more so due to stay-at-home orders — and spam sent under the names of agencies such as the World Health Organization (WHO).”

Title: Ransomware’s Big Week, New US Cybersecurity EO, TeaBot Banking Trojan
Date Published: May 18, 2021


Excerpt: “It’s been one hell of a week for ransomware attacks, let’s dive straight in.
On May 7th the Colonial Pipeline announced that following a ransomware attack from the Darkside gang it was going to temporarily shut down operations. The pipeline carries 45% of the fuel for the US East Coast and the US government issued an emergency declaration in the 17 affected states. Fuel prices went through the roof as people started to panic and stockpile fuel.”

Title: Japan to Restrict Private Sector Use of Foreign Equipment and Tech: Report
Date Published: May 18, 2021


Excerpt: “The sectors that are expected to see the legislative changes include telecommunications, electricity, finance, railroads, government services, and healthcare, among others. Specifically, these sectors will reportedly be required to look into issues stemming from the use of foreign equipment or services, including cloud data storage and connections to servers located overseas. The government will also reportedly monitor companies for compliance and gain the power to prevent companies from using foreign equipment if they detect any major issues.”

Title: HObject Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1
Date Published: May 18, 2021


Excerpt: “If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a new object injection vulnerability which affects WordPress versions 3.7 to 5.7.1. Be sure to get updated to 5.7.2 as soon as possible! According to WPScan, the new object injection vulnerability is due to versions of PHPMailer library between 6.1.8 and 6.4.0. The original CVE can be found here.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...