OSN May 18, 2021

Fortify Security Team
May 18, 2021

Title: Spear-phishing Alert: Hackers Impersonate Truist Bank in an Attempt to Dispatch Malware
Date Published: May 18, 2021

https://heimdalsecurity.com/blog/spear-phishing-alert-hackers-impersonate-truist-bank-in-an-attempt-to-dispatch-malware/

Excerpt: “In a spear-phishing campaign, Truist Financial Corporation has been impersonated by cybercriminals trying to spread malware that seemed to look like remote access trojan (RAT), a program used by hackers to take complete control of the victim’s computer to perform malicious activities. Truist Financial Corp. is one of the largest banks in the United States operating 2.049 branches in 15 states that offers consumer and commercial banking, securities brokerage, asset management, mortgage, and insurance products and services.”

Title: Splunk Announces Intent to Acquire TruSTAR
Date Published: May 18, 2021

https://www.splunk.com/en_us/blog/leadership/splunk-announces-intent-to-acquire-trustar.html

Excerpt: “Being an enterprise security professional has never been an easy job, but in many ways it’s harder than ever right now. SOCs are overwhelmed. Remote work environments continue to create and expose new threats. Security analysts struggle to glean actionable information from fragmented workflows and intelligence sources. And according to our upcoming Splunk State of Security Report, 78 percent of you expect another supply-chain attack of the same magnitude as SolarWinds — or worse.”

Title: Microsoft, Adobe Exploits Top List of Crooks’ Wish List
Date Published: May 18, 2021

https://threatpost.com/top-microsoft-adobe-exploits-list/166241/

Excerpt: “A year-long study into the underground market for exploits in cybercriminal forums shows that crooks are salivating for Microsoft bugs, which are far and away the most requested and most sold exploits. The exploit market is accommodating cybercrooks’ hunger for puncturing Microsoft products, according to Trend Micro. A second data point (see chart below) shows that 61 percent of sold exploits targeted Microsoft products, including Office, Windows, Internet Explorer and Microsoft Remote Desktop Protocol (RDP).”

Title: Ransomware: Patient Data Could Be ‘Abused’ After Health Service Attack, Warns Irish Government
Date Published: May 18, 2021

https://www.bleepingcomputer.com/news/security/insurer-axa-hit-by-ransomware-after-dropping-support-for-ransom-payments/

Excerpt: “There is a risk that sensitive medical information and other patient data will be leaked in the aftermath of a serious ransomware attack against Ireland’s health services, the Irish government has warned.  Condemning any public release by the attackers of stolen patient data as “utterly contemptible”, officials have urged anyone who is affected to contact the Health Service Executive (HSE) or the authorities.”

Title: Analysis of Nocry Ransomware: A Variant of the Judge Ransomware
Date Published: May 18, 2021

https://securityaffairs.co/wordpress/118054/malware/nocry-ransomware-analysis.html

Excerpt: “The NoCry ransomware we analyzed is very similar to Judge, the one we previously looked at. It creates a mutex to prevent multiple instances from running in parallel, provides sandbox detection and deletes system restore points. When those tasks are completed, the ransomware starts encrypting the victim’s files. The file encryption process is the same, and therefore, our decryptor can also be used for NoCry.”

Title: AXA Faces DDoS After Ransomware Attack
Date Published: May 18, 2021

https://www.infosecurity-magazine.com/news/axa-faces-ddos-after-ransomware/

Excerpt: “Insurance giant AXA could face a barrage of DDoS attacks if it refuses to engage with a ransomware group that claims to have stolen terabytes of data from some of its Asia customers. It emerged over the weekend that partners of the French multinational had been struck by the Avaddon variant, which claimed to have encrypted data in Thailand, the Philippines, Hong Kong and Malaysia. The group also claimed to have stolen 3TB of highly sensitive data including customer HIV and STD reports, customer and doctor ID documents and bank account details, and much more.”

Title: FBI Receives Record Level of Complaints for Online Scams, Investment Fraud
Date Published: May 18, 2021

https://www.zdnet.com/article/fbi-receives-record-level-of-complaints-for-online-scams-investment-fraud/
Excerpt: “According to the US agency, annual complaint volumes increased by close to 70% between 2019 and 2020. The most common crimes reported were phishing scams, schemes relating to non-payment or non-delivery, and extortion attempts. The coronavirus pandemic paved the way for new kinds of scams over 2020, many of which centered around fake vaccination appointment requests, online delivery notifications — a popular phishing method made even more so due to stay-at-home orders — and spam sent under the names of agencies such as the World Health Organization (WHO).”

Title: Ransomware’s Big Week, New US Cybersecurity EO, TeaBot Banking Trojan
Date Published: May 18, 2021

https://medium.com/cyberlite/ransomwares-big-week-new-us-cybersecurity-eo-teabot-banking-trojan-94c3b14e1bbd

Excerpt: “It’s been one hell of a week for ransomware attacks, let’s dive straight in.
On May 7th the Colonial Pipeline announced that following a ransomware attack from the Darkside gang it was going to temporarily shut down operations. The pipeline carries 45% of the fuel for the US East Coast and the US government issued an emergency declaration in the 17 affected states. Fuel prices went through the roof as people started to panic and stockpile fuel.”

Title: Japan to Restrict Private Sector Use of Foreign Equipment and Tech: Report
Date Published: May 18, 2021

https://www.zdnet.com/article/japan-to-restrict-private-sector-use-of-foreign-equipment-and-tech-report/

Excerpt: “The sectors that are expected to see the legislative changes include telecommunications, electricity, finance, railroads, government services, and healthcare, among others. Specifically, these sectors will reportedly be required to look into issues stemming from the use of foreign equipment or services, including cloud data storage and connections to servers located overseas. The government will also reportedly monitor companies for compliance and gain the power to prevent companies from using foreign equipment if they detect any major issues.”

Title: HObject Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1
Date Published: May 18, 2021

https://blog.sucuri.net/2021/05/object-injection-vulnerability-affects-wordpress-versions-3-7-to-5-7-1.html

Excerpt: “If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a new object injection vulnerability which affects WordPress versions 3.7 to 5.7.1. Be sure to get updated to 5.7.2 as soon as possible! According to WPScan, the new object injection vulnerability is due to versions of PHPMailer library between 6.1.8 and 6.4.0. The original CVE can be found here.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...