OSN May 20, 2021

Fortify Security Team
May 20, 2021

Title: Colonial Pipeline Ceo: Paying Darkside Ransom Was the ‘Right Thing to Do for the Country’
Date Published: May 20, 2021


Excerpt: “The chief executive of Colonial Pipeline has defended paying cybercriminals who launched a devastating attack on the company, calling it the “right thing to do for the country.” Attack serves as fair warning to persistent corporate inertia over security Speaking to the Wall Street Journal, Colonial Pipeline CEO Joseph Blount acknowledged that a $4.4 million ransom demand was paid after a ransom note was found by an employee on the firm’s systems on May 7.”

Title: Watering Hole Attack Was Used to Target Florida Water Utilities
Date Published: May 20, 2021


Excerpt: “In this specific case, however, the infected website didn’t deliver exploit code or attempt to achieve access to visitors’ systems. Instead, the injected code functioned as a browser enumeration and fingerprinting script that harvested various details about the website’s visitors, including operating system, CPU, browser (and plugins), input methods, presence of a camera, accelerometer, microphone, time zone, locations, video codecs, and screen dimensions.”

Title: SolarWinds CEO: Attack Began Much Earlier Than Previously Thought
Date Published: May 19, 2021


Excerpt: “The tradecraft the attackers used to breach SolarWinds’ network and remain hidden on it for nearly two years was extremely sophisticated.”They did everything possible to hide in plain sight. Given the amount of time they spent and given the ‘deliberate-ness’ [of] their effort, they were able to cover the fingerprints and their tracks at every step of the way. Given the resources the attackers had, it was very difficult for a company like SolarWinds to uncover the breach.”

Title: Misinformation on Israel-Gaza Violence Prompts Facebook 24-Hour Tracking Program
Date Published: May 16, 2021


Excerpt: “Facebook previously did not return requests to comment for a New York Times story about the misinformation spreading rapidly on its platform. A spokesperson for WhatsApp told The New York Times that the application had put a limit on how many times someone could forward messages as a way to try to prevent misinformation from spreading. The news that Facebook has a misinformation operations center dedicated to the ongoing conflict comes as some U.S. lawmakers have called for a ceasefire. But the carnage shows no sign of letting up soon.”

Title: A Doctor Reveals the Human Cost of the Hse Ransomware Attack
Date Published: May 20, 2021


Excerpt: “Daniel (not his real name) sat with Malwarebytes Labs on condition of anonymity, to explain how this cyberattack is continuing to affect the lives of vulnerable patients, and the people trying to treat them. Throughout our interview he speaks quickly, but with control and understatement. He has the eyes and slightly exaggerated movements of somebody substituting adrenaline for sleep.”

Title: Qlocker Ransomware Group Ceased Operating After Collecting $350,000 from Its Victims
Date Published: May 20, 2021


Excerpt: “On April 19th, a huge ransomware operation targeting QNAP devices around the world began storing users’ files in password-protected 7zip archives. Threat actors used 7-zip to transfer files on QNAP devices into password-protected archives with the .7z extension. While the files were being locked, the QNAP Resource Monitor would show several ‘7z’ processes which were the 7zip command-line executable. The victims were supposed to enter a password known only by the hacker to extract these archives.”

Title: Data of 100+ Million Android Users Exposed via Misconfigured Cloud Services
Date Published: May 20, 2021


Excerpt: “The data was found in unprotected real-time databases used by 23 apps with download counts ranging from 10,000 to 10 million and also includes internal developer resources. While misconfigured real-time databases are not a surprise, the discovery shows that some Android developers do not follow basic security practices to restrict access to the app’s database. The amount of mobile apps with misconfiguration issues shows that this is a widespread problem that can be easily leveraged for malicious purposes.”

Title: Royal Mail Phish Deploys Evasion Tricks to Avoid Analysis
Date Published: May 19, 2021


Excerpt: “Malware authors often obscure the inner working of their code, or prevent files from executing inside a virtual machine. A lot of analysis is done inside VMs, because it’s cheaper and less time consuming than infecting a “real” PC and then rolling everything back. This is why malware frequently looks for clues that it’s sitting inside a virtual environment, and then refuses to do anything. Similarly, malware portals rely on the right kind of traffic. There’s no point spending a fortune on an exploit kit if potential victims aren’t running the outdated software required.”

Title: Apple Exec Calls Level of Mac Malware ‘Unacceptable
Date Published: May 20, 2021


Excerpt: “For years, it was certainly true that PCs suffered the bulk of the malware woes while the Mac platform remained a more secure option, largely due to its proprietary nature. While all of the software on an Apple machine was more or less vetted by Apple and could only be used on computers sold by the company, the use of Windows on different hardware platforms—and its general ubiquity as a PC platform—made it a more open playing field for attackers.”

Title: Microsoft to Retire Internet Explorer on Some Windows 10 Versions
Date Published: May 19, 2021


Excerpt: “If you’re an organization using Internet Explorer, you may have a surprisingly large set of legacy Internet Explorer-based websites and apps, built up over many years. In fact, we found that enterprises have 1,678 legacy apps on average. By moving to Microsoft Edge, you get everything described above plus you’ll be able to extend the life of your legacy websites and apps well beyond the Internet Explorer 11 desktop application retirement date using IE mode.”

Recent Posts

June 30, 2022

Title: Google Blocked Dozens of Domains Used by Hack-For-Hire Groups Date Published: June 30, 2022 https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/ Excerpt: “Google's Threat Analysis Group (TAG) has blocked...

June 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online Date Published: June 28, 2022 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found...

June 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users Date Published: June 24, 2022 https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/ Excerpt: “The U.S. Federal Trade Commission (FTC) has...

June 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/ Excerpt: “Out-of-control scalper bots have created...

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...