OSN May 18, 2021

Fortify Security Team
May 18, 2021

Title: Spear-phishing Alert: Hackers Impersonate Truist Bank in an Attempt to Dispatch Malware
Date Published: May 18, 2021


Excerpt: “In a spear-phishing campaign, Truist Financial Corporation has been impersonated by cybercriminals trying to spread malware that seemed to look like remote access trojan (RAT), a program used by hackers to take complete control of the victim’s computer to perform malicious activities. Truist Financial Corp. is one of the largest banks in the United States operating 2.049 branches in 15 states that offers consumer and commercial banking, securities brokerage, asset management, mortgage, and insurance products and services.”

Title: Splunk Announces Intent to Acquire TruSTAR
Date Published: May 18, 2021


Excerpt: “Being an enterprise security professional has never been an easy job, but in many ways it’s harder than ever right now. SOCs are overwhelmed. Remote work environments continue to create and expose new threats. Security analysts struggle to glean actionable information from fragmented workflows and intelligence sources. And according to our upcoming Splunk State of Security Report, 78 percent of you expect another supply-chain attack of the same magnitude as SolarWinds — or worse.”

Title: Microsoft, Adobe Exploits Top List of Crooks’ Wish List
Date Published: May 18, 2021


Excerpt: “A year-long study into the underground market for exploits in cybercriminal forums shows that crooks are salivating for Microsoft bugs, which are far and away the most requested and most sold exploits. The exploit market is accommodating cybercrooks’ hunger for puncturing Microsoft products, according to Trend Micro. A second data point (see chart below) shows that 61 percent of sold exploits targeted Microsoft products, including Office, Windows, Internet Explorer and Microsoft Remote Desktop Protocol (RDP).”

Title: Ransomware: Patient Data Could Be ‘Abused’ After Health Service Attack, Warns Irish Government
Date Published: May 18, 2021


Excerpt: “There is a risk that sensitive medical information and other patient data will be leaked in the aftermath of a serious ransomware attack against Ireland’s health services, the Irish government has warned.  Condemning any public release by the attackers of stolen patient data as “utterly contemptible”, officials have urged anyone who is affected to contact the Health Service Executive (HSE) or the authorities.”

Title: Analysis of Nocry Ransomware: A Variant of the Judge Ransomware
Date Published: May 18, 2021


Excerpt: “The NoCry ransomware we analyzed is very similar to Judge, the one we previously looked at. It creates a mutex to prevent multiple instances from running in parallel, provides sandbox detection and deletes system restore points. When those tasks are completed, the ransomware starts encrypting the victim’s files. The file encryption process is the same, and therefore, our decryptor can also be used for NoCry.”

Title: AXA Faces DDoS After Ransomware Attack
Date Published: May 18, 2021


Excerpt: “Insurance giant AXA could face a barrage of DDoS attacks if it refuses to engage with a ransomware group that claims to have stolen terabytes of data from some of its Asia customers. It emerged over the weekend that partners of the French multinational had been struck by the Avaddon variant, which claimed to have encrypted data in Thailand, the Philippines, Hong Kong and Malaysia. The group also claimed to have stolen 3TB of highly sensitive data including customer HIV and STD reports, customer and doctor ID documents and bank account details, and much more.”

Title: FBI Receives Record Level of Complaints for Online Scams, Investment Fraud
Date Published: May 18, 2021

Excerpt: “According to the US agency, annual complaint volumes increased by close to 70% between 2019 and 2020. The most common crimes reported were phishing scams, schemes relating to non-payment or non-delivery, and extortion attempts. The coronavirus pandemic paved the way for new kinds of scams over 2020, many of which centered around fake vaccination appointment requests, online delivery notifications — a popular phishing method made even more so due to stay-at-home orders — and spam sent under the names of agencies such as the World Health Organization (WHO).”

Title: Ransomware’s Big Week, New US Cybersecurity EO, TeaBot Banking Trojan
Date Published: May 18, 2021


Excerpt: “It’s been one hell of a week for ransomware attacks, let’s dive straight in.
On May 7th the Colonial Pipeline announced that following a ransomware attack from the Darkside gang it was going to temporarily shut down operations. The pipeline carries 45% of the fuel for the US East Coast and the US government issued an emergency declaration in the 17 affected states. Fuel prices went through the roof as people started to panic and stockpile fuel.”

Title: Japan to Restrict Private Sector Use of Foreign Equipment and Tech: Report
Date Published: May 18, 2021


Excerpt: “The sectors that are expected to see the legislative changes include telecommunications, electricity, finance, railroads, government services, and healthcare, among others. Specifically, these sectors will reportedly be required to look into issues stemming from the use of foreign equipment or services, including cloud data storage and connections to servers located overseas. The government will also reportedly monitor companies for compliance and gain the power to prevent companies from using foreign equipment if they detect any major issues.”

Title: HObject Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1
Date Published: May 18, 2021


Excerpt: “If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a new object injection vulnerability which affects WordPress versions 3.7 to 5.7.1. Be sure to get updated to 5.7.2 as soon as possible! According to WPScan, the new object injection vulnerability is due to versions of PHPMailer library between 6.1.8 and 6.4.0. The original CVE can be found here.”

Recent Posts

June 30, 2022

Title: Google Blocked Dozens of Domains Used by Hack-For-Hire Groups Date Published: June 30, 2022 https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/ Excerpt: “Google's Threat Analysis Group (TAG) has blocked...

June 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online Date Published: June 28, 2022 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found...

June 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users Date Published: June 24, 2022 https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/ Excerpt: “The U.S. Federal Trade Commission (FTC) has...

June 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/ Excerpt: “Out-of-control scalper bots have created...

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...