OSN May 18, 2021

Fortify Security Team
May 18, 2021

Title: Spear-phishing Alert: Hackers Impersonate Truist Bank in an Attempt to Dispatch Malware
Date Published: May 18, 2021


Excerpt: “In a spear-phishing campaign, Truist Financial Corporation has been impersonated by cybercriminals trying to spread malware that seemed to look like remote access trojan (RAT), a program used by hackers to take complete control of the victim’s computer to perform malicious activities. Truist Financial Corp. is one of the largest banks in the United States operating 2.049 branches in 15 states that offers consumer and commercial banking, securities brokerage, asset management, mortgage, and insurance products and services.”

Title: Splunk Announces Intent to Acquire TruSTAR
Date Published: May 18, 2021


Excerpt: “Being an enterprise security professional has never been an easy job, but in many ways it’s harder than ever right now. SOCs are overwhelmed. Remote work environments continue to create and expose new threats. Security analysts struggle to glean actionable information from fragmented workflows and intelligence sources. And according to our upcoming Splunk State of Security Report, 78 percent of you expect another supply-chain attack of the same magnitude as SolarWinds — or worse.”

Title: Microsoft, Adobe Exploits Top List of Crooks’ Wish List
Date Published: May 18, 2021


Excerpt: “A year-long study into the underground market for exploits in cybercriminal forums shows that crooks are salivating for Microsoft bugs, which are far and away the most requested and most sold exploits. The exploit market is accommodating cybercrooks’ hunger for puncturing Microsoft products, according to Trend Micro. A second data point (see chart below) shows that 61 percent of sold exploits targeted Microsoft products, including Office, Windows, Internet Explorer and Microsoft Remote Desktop Protocol (RDP).”

Title: Ransomware: Patient Data Could Be ‘Abused’ After Health Service Attack, Warns Irish Government
Date Published: May 18, 2021


Excerpt: “There is a risk that sensitive medical information and other patient data will be leaked in the aftermath of a serious ransomware attack against Ireland’s health services, the Irish government has warned.  Condemning any public release by the attackers of stolen patient data as “utterly contemptible”, officials have urged anyone who is affected to contact the Health Service Executive (HSE) or the authorities.”

Title: Analysis of Nocry Ransomware: A Variant of the Judge Ransomware
Date Published: May 18, 2021


Excerpt: “The NoCry ransomware we analyzed is very similar to Judge, the one we previously looked at. It creates a mutex to prevent multiple instances from running in parallel, provides sandbox detection and deletes system restore points. When those tasks are completed, the ransomware starts encrypting the victim’s files. The file encryption process is the same, and therefore, our decryptor can also be used for NoCry.”

Title: AXA Faces DDoS After Ransomware Attack
Date Published: May 18, 2021


Excerpt: “Insurance giant AXA could face a barrage of DDoS attacks if it refuses to engage with a ransomware group that claims to have stolen terabytes of data from some of its Asia customers. It emerged over the weekend that partners of the French multinational had been struck by the Avaddon variant, which claimed to have encrypted data in Thailand, the Philippines, Hong Kong and Malaysia. The group also claimed to have stolen 3TB of highly sensitive data including customer HIV and STD reports, customer and doctor ID documents and bank account details, and much more.”

Title: FBI Receives Record Level of Complaints for Online Scams, Investment Fraud
Date Published: May 18, 2021

Excerpt: “According to the US agency, annual complaint volumes increased by close to 70% between 2019 and 2020. The most common crimes reported were phishing scams, schemes relating to non-payment or non-delivery, and extortion attempts. The coronavirus pandemic paved the way for new kinds of scams over 2020, many of which centered around fake vaccination appointment requests, online delivery notifications — a popular phishing method made even more so due to stay-at-home orders — and spam sent under the names of agencies such as the World Health Organization (WHO).”

Title: Ransomware’s Big Week, New US Cybersecurity EO, TeaBot Banking Trojan
Date Published: May 18, 2021


Excerpt: “It’s been one hell of a week for ransomware attacks, let’s dive straight in.
On May 7th the Colonial Pipeline announced that following a ransomware attack from the Darkside gang it was going to temporarily shut down operations. The pipeline carries 45% of the fuel for the US East Coast and the US government issued an emergency declaration in the 17 affected states. Fuel prices went through the roof as people started to panic and stockpile fuel.”

Title: Japan to Restrict Private Sector Use of Foreign Equipment and Tech: Report
Date Published: May 18, 2021


Excerpt: “The sectors that are expected to see the legislative changes include telecommunications, electricity, finance, railroads, government services, and healthcare, among others. Specifically, these sectors will reportedly be required to look into issues stemming from the use of foreign equipment or services, including cloud data storage and connections to servers located overseas. The government will also reportedly monitor companies for compliance and gain the power to prevent companies from using foreign equipment if they detect any major issues.”

Title: HObject Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1
Date Published: May 18, 2021


Excerpt: “If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a new object injection vulnerability which affects WordPress versions 3.7 to 5.7.1. Be sure to get updated to 5.7.2 as soon as possible! According to WPScan, the new object injection vulnerability is due to versions of PHPMailer library between 6.1.8 and 6.4.0. The original CVE can be found here.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...