OSN May 21, 2021

by | May 21, 2021 | Open Source News

Title: Colonial Pipeline Hit With Class Action Lawsuit Following Cyberattack, Shutdown

Date Published: May 21, 2021

https://medium.com/@RobletoFire/colonial-pipeline-hit-with-class-action-lawsuit-following-cyberattack-shutdown-335f1079a2a2

Excerpt: “The lawsuit states: “As a result of the Defendant’s failure to properly secure the Colonial Pipeline’s critical infrastructure – leaving it subjected to potential ransomware attacks like the one that took place on May 7, 2021, there have been catastrophic effects for consumers and other end-users of gasoline up and down the east coast. The Defendant’s unlawfully deficient data security has injured millions”

Title: Here’s How We Got Persistent Shell Access on a Boeing 747 – Pen Test Partners

Date Published: May 21, 2021

https://www.theregister.com/2021/05/21/boeing_747_ife_windows_nt4_shell_access/

Excerpt: “The system was so ancient its management server ran on Windows NT4 SP3, a distant ancestor of today’s Windows Server builds. That age posed a problem for PTP’s testers when they tried running modern pentesting tools against it: NT4 predated everyday attack surfaces such as the Remote Desktop Protocol. Simply put, lots of modern tools and techniques didn’t work. Metasploit all but failed, giving no obvious reason for doing so. Even Backtrack, the predecessor to Kali Linux, didn’t work – triggering lots of scratching of heads at PTP HQ.”

Title: Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Date Published: May 21, 2021

https://thehackernews.com/2021/05/microsoft-warns-of-data-stealing.html

Excerpt: “STRRAT first emerged in the threat landscape in June 2020, with German cybersecurity firm G Data observing the Windows malware (version 1.2) in phishing emails containing malicious Jar (or Java Archive) attachments. “The RAT has a focus on stealing credentials of browsers and email clients, and passwords via keylogging,” G Data malware analyst Karsten Hahn detailed. “It supports the following browsers and email clients: Firefox, Internet Explorer, Chrome, Foxmail, Outlook, Thunderbird”.”

Title: Comcast Now Blocks BGP Hijacking Attacks and Route Leaks With RPKI

Date Published: May 16, 2021

https://www.bleepingcomputer.com/news/security/comcast-now-blocks-bgp-hijacking-attacks-and-route-leaks-with-rpki/

Excerpt: “This helps to ensure that packets get to their intended destinations intact and cannot be hijacked or leaked to other destinations, making the network – and Internet traffic more generally – more secure and resilient for all users. Given the size and technical diversity of our network, deploying RPKI represented a significant effort, yet we were able to implement the update without disrupting performance for our customers.”

Title: Darkside Affiliates Claim Gang’s Bitcoins in Deposit on Hacker Forum

Date Published: May 21, 2021

https://www.bleepingcomputer.com/news/security/darkside-affiliates-claim-gangs-bitcoins-in-deposit-on-hacker-forum/

Excerpt: “REvil ransomware last year deposited $1 million worth of Bitcoin to a different hacking forum to attract new recruits into the operation. This move showed that they trusted the forum administrator with the money and that there was plenty of money to be made. Last week, DarkSide closed shop and informed affiliates that the decision came after losing access to their public-facing servers and it was “due to the pressure from the US” after the attack on Colonial Pipeline.”

Title: Microsoft Simuland, an Open-Source Lab Environment to Simulate Attack Scenarios

Date Published: May 21, 2021

https://securityaffairs.co/wordpress/118125/hacking/microsoft-simuland-tool.html

Excerpt: “Microsoft has released SimuLand, an open-source lab environment that allows to reproduce the techniques used in real attack scenarios. The tool could be used to test and improve Microsoft solutions, including Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios.”

Title: Microsoft, Google Clouds Hijacked for Gobs of Phishing

Date Published: May 19, 2021

https://threatpost.com/microsoft-google-clouds-hijacked-phishing/166329/

Excerpt: “The malicious message volume from these trusted cloud services exceeded that of any botnet in 2020, and the trusted reputation of these domains, including outlook.com and sharepoint.com, increases the difficulty of detection for defenders,” the report, issued Wednesday, explained. “This authenticity perception is essential, as email recently regained its status as the top vector for ransomware; and, threat actors increasingly leverage the supply chain and partner ecosystem to compromise accounts, steal credentials and siphon funds.”

Title: Dev-Sec Disconnect Undermines Secure Coding Efforts

Date Published: May 20, 2021

https://beta.darkreading.com/application-security/dev-sec-disconnect-undermines-secure-coding-efforts

Excerpt: “Among the advice that Romeo has for security teams and companies intent on improving their application security programs: Tune the tools to reduce false positives, work together to determine the right amount of resources to dedicate to security needs, educate developers about security, and also educate security professionals about development.”

Title: This Ransomware-Spreading Malware Botnet Just Won’t Go Away

Date Published: May 21, 2021

https://www.zdnet.com/article/this-ransomware-spreading-malware-botnet-just-wont-go-away/

Excerpt: “The botnet, known for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads, Microsoft said. The botnet’s geographic targeting for bot distribution and installation expanded, too, it said: “more recent activity shows a shift to a more global distribution.”

Title: WordPress XXE Vulnerability in Media Library – CVE-2021-29447

Date Published: May 21, 2021

https://blog.wpsec.com/wordpress-xxe-in-media-library-cve-2021-29447/

Excerpt: “WordPress versions 5.7, 5.6.2, 5.6.1, 5.6, 5.0.11 are affected to XML eXternal Entity vulnerability where an authenticated user with the ability to upload files in the Media Library can upload a malicious WAVE file that could lead to remote arbitrary file disclosure and server-side request forgery (SSRF).”