OSN May 20, 2021

Fortify Security Team
May 20, 2021

Title: Colonial Pipeline Ceo: Paying Darkside Ransom Was the ‘Right Thing to Do for the Country’
Date Published: May 20, 2021


Excerpt: “The chief executive of Colonial Pipeline has defended paying cybercriminals who launched a devastating attack on the company, calling it the “right thing to do for the country.” Attack serves as fair warning to persistent corporate inertia over security Speaking to the Wall Street Journal, Colonial Pipeline CEO Joseph Blount acknowledged that a $4.4 million ransom demand was paid after a ransom note was found by an employee on the firm’s systems on May 7.”

Title: Watering Hole Attack Was Used to Target Florida Water Utilities
Date Published: May 20, 2021


Excerpt: “In this specific case, however, the infected website didn’t deliver exploit code or attempt to achieve access to visitors’ systems. Instead, the injected code functioned as a browser enumeration and fingerprinting script that harvested various details about the website’s visitors, including operating system, CPU, browser (and plugins), input methods, presence of a camera, accelerometer, microphone, time zone, locations, video codecs, and screen dimensions.”

Title: SolarWinds CEO: Attack Began Much Earlier Than Previously Thought
Date Published: May 19, 2021


Excerpt: “The tradecraft the attackers used to breach SolarWinds’ network and remain hidden on it for nearly two years was extremely sophisticated.”They did everything possible to hide in plain sight. Given the amount of time they spent and given the ‘deliberate-ness’ [of] their effort, they were able to cover the fingerprints and their tracks at every step of the way. Given the resources the attackers had, it was very difficult for a company like SolarWinds to uncover the breach.”

Title: Misinformation on Israel-Gaza Violence Prompts Facebook 24-Hour Tracking Program
Date Published: May 16, 2021


Excerpt: “Facebook previously did not return requests to comment for a New York Times story about the misinformation spreading rapidly on its platform. A spokesperson for WhatsApp told The New York Times that the application had put a limit on how many times someone could forward messages as a way to try to prevent misinformation from spreading. The news that Facebook has a misinformation operations center dedicated to the ongoing conflict comes as some U.S. lawmakers have called for a ceasefire. But the carnage shows no sign of letting up soon.”

Title: A Doctor Reveals the Human Cost of the Hse Ransomware Attack
Date Published: May 20, 2021


Excerpt: “Daniel (not his real name) sat with Malwarebytes Labs on condition of anonymity, to explain how this cyberattack is continuing to affect the lives of vulnerable patients, and the people trying to treat them. Throughout our interview he speaks quickly, but with control and understatement. He has the eyes and slightly exaggerated movements of somebody substituting adrenaline for sleep.”

Title: Qlocker Ransomware Group Ceased Operating After Collecting $350,000 from Its Victims
Date Published: May 20, 2021


Excerpt: “On April 19th, a huge ransomware operation targeting QNAP devices around the world began storing users’ files in password-protected 7zip archives. Threat actors used 7-zip to transfer files on QNAP devices into password-protected archives with the .7z extension. While the files were being locked, the QNAP Resource Monitor would show several ‘7z’ processes which were the 7zip command-line executable. The victims were supposed to enter a password known only by the hacker to extract these archives.”

Title: Data of 100+ Million Android Users Exposed via Misconfigured Cloud Services
Date Published: May 20, 2021


Excerpt: “The data was found in unprotected real-time databases used by 23 apps with download counts ranging from 10,000 to 10 million and also includes internal developer resources. While misconfigured real-time databases are not a surprise, the discovery shows that some Android developers do not follow basic security practices to restrict access to the app’s database. The amount of mobile apps with misconfiguration issues shows that this is a widespread problem that can be easily leveraged for malicious purposes.”

Title: Royal Mail Phish Deploys Evasion Tricks to Avoid Analysis
Date Published: May 19, 2021


Excerpt: “Malware authors often obscure the inner working of their code, or prevent files from executing inside a virtual machine. A lot of analysis is done inside VMs, because it’s cheaper and less time consuming than infecting a “real” PC and then rolling everything back. This is why malware frequently looks for clues that it’s sitting inside a virtual environment, and then refuses to do anything. Similarly, malware portals rely on the right kind of traffic. There’s no point spending a fortune on an exploit kit if potential victims aren’t running the outdated software required.”

Title: Apple Exec Calls Level of Mac Malware ‘Unacceptable
Date Published: May 20, 2021


Excerpt: “For years, it was certainly true that PCs suffered the bulk of the malware woes while the Mac platform remained a more secure option, largely due to its proprietary nature. While all of the software on an Apple machine was more or less vetted by Apple and could only be used on computers sold by the company, the use of Windows on different hardware platforms—and its general ubiquity as a PC platform—made it a more open playing field for attackers.”

Title: Microsoft to Retire Internet Explorer on Some Windows 10 Versions
Date Published: May 19, 2021


Excerpt: “If you’re an organization using Internet Explorer, you may have a surprisingly large set of legacy Internet Explorer-based websites and apps, built up over many years. In fact, we found that enterprises have 1,678 legacy apps on average. By moving to Microsoft Edge, you get everything described above plus you’ll be able to extend the life of your legacy websites and apps well beyond the Internet Explorer 11 desktop application retirement date using IE mode.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...