OSN May 20, 2021

Fortify Security Team
May 20, 2021

Title: Colonial Pipeline Ceo: Paying Darkside Ransom Was the ‘Right Thing to Do for the Country’
Date Published: May 20, 2021


Excerpt: “The chief executive of Colonial Pipeline has defended paying cybercriminals who launched a devastating attack on the company, calling it the “right thing to do for the country.” Attack serves as fair warning to persistent corporate inertia over security Speaking to the Wall Street Journal, Colonial Pipeline CEO Joseph Blount acknowledged that a $4.4 million ransom demand was paid after a ransom note was found by an employee on the firm’s systems on May 7.”

Title: Watering Hole Attack Was Used to Target Florida Water Utilities
Date Published: May 20, 2021


Excerpt: “In this specific case, however, the infected website didn’t deliver exploit code or attempt to achieve access to visitors’ systems. Instead, the injected code functioned as a browser enumeration and fingerprinting script that harvested various details about the website’s visitors, including operating system, CPU, browser (and plugins), input methods, presence of a camera, accelerometer, microphone, time zone, locations, video codecs, and screen dimensions.”

Title: SolarWinds CEO: Attack Began Much Earlier Than Previously Thought
Date Published: May 19, 2021


Excerpt: “The tradecraft the attackers used to breach SolarWinds’ network and remain hidden on it for nearly two years was extremely sophisticated.”They did everything possible to hide in plain sight. Given the amount of time they spent and given the ‘deliberate-ness’ [of] their effort, they were able to cover the fingerprints and their tracks at every step of the way. Given the resources the attackers had, it was very difficult for a company like SolarWinds to uncover the breach.”

Title: Misinformation on Israel-Gaza Violence Prompts Facebook 24-Hour Tracking Program
Date Published: May 16, 2021


Excerpt: “Facebook previously did not return requests to comment for a New York Times story about the misinformation spreading rapidly on its platform. A spokesperson for WhatsApp told The New York Times that the application had put a limit on how many times someone could forward messages as a way to try to prevent misinformation from spreading. The news that Facebook has a misinformation operations center dedicated to the ongoing conflict comes as some U.S. lawmakers have called for a ceasefire. But the carnage shows no sign of letting up soon.”

Title: A Doctor Reveals the Human Cost of the Hse Ransomware Attack
Date Published: May 20, 2021


Excerpt: “Daniel (not his real name) sat with Malwarebytes Labs on condition of anonymity, to explain how this cyberattack is continuing to affect the lives of vulnerable patients, and the people trying to treat them. Throughout our interview he speaks quickly, but with control and understatement. He has the eyes and slightly exaggerated movements of somebody substituting adrenaline for sleep.”

Title: Qlocker Ransomware Group Ceased Operating After Collecting $350,000 from Its Victims
Date Published: May 20, 2021


Excerpt: “On April 19th, a huge ransomware operation targeting QNAP devices around the world began storing users’ files in password-protected 7zip archives. Threat actors used 7-zip to transfer files on QNAP devices into password-protected archives with the .7z extension. While the files were being locked, the QNAP Resource Monitor would show several ‘7z’ processes which were the 7zip command-line executable. The victims were supposed to enter a password known only by the hacker to extract these archives.”

Title: Data of 100+ Million Android Users Exposed via Misconfigured Cloud Services
Date Published: May 20, 2021


Excerpt: “The data was found in unprotected real-time databases used by 23 apps with download counts ranging from 10,000 to 10 million and also includes internal developer resources. While misconfigured real-time databases are not a surprise, the discovery shows that some Android developers do not follow basic security practices to restrict access to the app’s database. The amount of mobile apps with misconfiguration issues shows that this is a widespread problem that can be easily leveraged for malicious purposes.”

Title: Royal Mail Phish Deploys Evasion Tricks to Avoid Analysis
Date Published: May 19, 2021


Excerpt: “Malware authors often obscure the inner working of their code, or prevent files from executing inside a virtual machine. A lot of analysis is done inside VMs, because it’s cheaper and less time consuming than infecting a “real” PC and then rolling everything back. This is why malware frequently looks for clues that it’s sitting inside a virtual environment, and then refuses to do anything. Similarly, malware portals rely on the right kind of traffic. There’s no point spending a fortune on an exploit kit if potential victims aren’t running the outdated software required.”

Title: Apple Exec Calls Level of Mac Malware ‘Unacceptable
Date Published: May 20, 2021


Excerpt: “For years, it was certainly true that PCs suffered the bulk of the malware woes while the Mac platform remained a more secure option, largely due to its proprietary nature. While all of the software on an Apple machine was more or less vetted by Apple and could only be used on computers sold by the company, the use of Windows on different hardware platforms—and its general ubiquity as a PC platform—made it a more open playing field for attackers.”

Title: Microsoft to Retire Internet Explorer on Some Windows 10 Versions
Date Published: May 19, 2021


Excerpt: “If you’re an organization using Internet Explorer, you may have a surprisingly large set of legacy Internet Explorer-based websites and apps, built up over many years. In fact, we found that enterprises have 1,678 legacy apps on average. By moving to Microsoft Edge, you get everything described above plus you’ll be able to extend the life of your legacy websites and apps well beyond the Internet Explorer 11 desktop application retirement date using IE mode.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...