OSN May 21, 2021

Fortify Security Team
May 21, 2021

Title: Colonial Pipeline Hit With Class Action Lawsuit Following Cyberattack, Shutdown

Date Published: May 21, 2021

https://medium.com/@RobletoFire/colonial-pipeline-hit-with-class-action-lawsuit-following-cyberattack-shutdown-335f1079a2a2

Excerpt: “The lawsuit states: “As a result of the Defendant’s failure to properly secure the Colonial Pipeline’s critical infrastructure – leaving it subjected to potential ransomware attacks like the one that took place on May 7, 2021, there have been catastrophic effects for consumers and other end-users of gasoline up and down the east coast. The Defendant’s unlawfully deficient data security has injured millions”

Title: Here’s How We Got Persistent Shell Access on a Boeing 747 – Pen Test Partners

Date Published: May 21, 2021

https://www.theregister.com/2021/05/21/boeing_747_ife_windows_nt4_shell_access/

Excerpt: “The system was so ancient its management server ran on Windows NT4 SP3, a distant ancestor of today’s Windows Server builds. That age posed a problem for PTP’s testers when they tried running modern pentesting tools against it: NT4 predated everyday attack surfaces such as the Remote Desktop Protocol. Simply put, lots of modern tools and techniques didn’t work. Metasploit all but failed, giving no obvious reason for doing so. Even Backtrack, the predecessor to Kali Linux, didn’t work – triggering lots of scratching of heads at PTP HQ.”

Title: Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Date Published: May 21, 2021

https://thehackernews.com/2021/05/microsoft-warns-of-data-stealing.html

Excerpt: “STRRAT first emerged in the threat landscape in June 2020, with German cybersecurity firm G Data observing the Windows malware (version 1.2) in phishing emails containing malicious Jar (or Java Archive) attachments. “The RAT has a focus on stealing credentials of browsers and email clients, and passwords via keylogging,” G Data malware analyst Karsten Hahn detailed. “It supports the following browsers and email clients: Firefox, Internet Explorer, Chrome, Foxmail, Outlook, Thunderbird”.”

Title: Comcast Now Blocks BGP Hijacking Attacks and Route Leaks With RPKI

Date Published: May 16, 2021

https://www.bleepingcomputer.com/news/security/comcast-now-blocks-bgp-hijacking-attacks-and-route-leaks-with-rpki/

Excerpt: “This helps to ensure that packets get to their intended destinations intact and cannot be hijacked or leaked to other destinations, making the network – and Internet traffic more generally – more secure and resilient for all users. Given the size and technical diversity of our network, deploying RPKI represented a significant effort, yet we were able to implement the update without disrupting performance for our customers.”

Title: Darkside Affiliates Claim Gang’s Bitcoins in Deposit on Hacker Forum

Date Published: May 21, 2021

https://www.bleepingcomputer.com/news/security/darkside-affiliates-claim-gangs-bitcoins-in-deposit-on-hacker-forum/

Excerpt: “REvil ransomware last year deposited $1 million worth of Bitcoin to a different hacking forum to attract new recruits into the operation. This move showed that they trusted the forum administrator with the money and that there was plenty of money to be made. Last week, DarkSide closed shop and informed affiliates that the decision came after losing access to their public-facing servers and it was “due to the pressure from the US” after the attack on Colonial Pipeline.”

Title: Microsoft Simuland, an Open-Source Lab Environment to Simulate Attack Scenarios

Date Published: May 21, 2021

https://securityaffairs.co/wordpress/118125/hacking/microsoft-simuland-tool.html

Excerpt: “Microsoft has released SimuLand, an open-source lab environment that allows to reproduce the techniques used in real attack scenarios. The tool could be used to test and improve Microsoft solutions, including Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios.”

Title: Microsoft, Google Clouds Hijacked for Gobs of Phishing

Date Published: May 19, 2021

https://threatpost.com/microsoft-google-clouds-hijacked-phishing/166329/

Excerpt: “The malicious message volume from these trusted cloud services exceeded that of any botnet in 2020, and the trusted reputation of these domains, including outlook.com and sharepoint.com, increases the difficulty of detection for defenders,” the report, issued Wednesday, explained. “This authenticity perception is essential, as email recently regained its status as the top vector for ransomware; and, threat actors increasingly leverage the supply chain and partner ecosystem to compromise accounts, steal credentials and siphon funds.”

Title: Dev-Sec Disconnect Undermines Secure Coding Efforts

Date Published: May 20, 2021

https://beta.darkreading.com/application-security/dev-sec-disconnect-undermines-secure-coding-efforts

Excerpt: “Among the advice that Romeo has for security teams and companies intent on improving their application security programs: Tune the tools to reduce false positives, work together to determine the right amount of resources to dedicate to security needs, educate developers about security, and also educate security professionals about development.”

Title: This Ransomware-Spreading Malware Botnet Just Won’t Go Away

Date Published: May 21, 2021

https://www.zdnet.com/article/this-ransomware-spreading-malware-botnet-just-wont-go-away/

Excerpt: “The botnet, known for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads, Microsoft said. The botnet’s geographic targeting for bot distribution and installation expanded, too, it said: “more recent activity shows a shift to a more global distribution.”

Title: WordPress XXE Vulnerability in Media Library – CVE-2021-29447

Date Published: May 21, 2021

https://blog.wpsec.com/wordpress-xxe-in-media-library-cve-2021-29447/

Excerpt: “WordPress versions 5.7, 5.6.2, 5.6.1, 5.6, 5.0.11 are affected to XML eXternal Entity vulnerability where an authenticated user with the ability to upload files in the Media Library can upload a malicious WAVE file that could lead to remote arbitrary file disclosure and server-side request forgery (SSRF).”

Recent Posts

January 20, 2022

Title: New MoonBounce UEFI Malware Used by APT41 in Targeted Attacks Date Published: January 20, 2022 https://www.bleepingcomputer.com/news/security/new-moonbounce-uefi-malware-used-by-apt41-in-targeted-attacks/ Excerpt: "Security analysts have discovered and linked...

January 19, 2022

Title: Office 365 Phishing Attack Impersonates the US Department of Labor Date Published: January 19, 2022 https://www.bleepingcomputer.com/news/security/office-365-phishing-attack-impersonates-the-us-department-of-labor/ Excerpt: "A new phishing campaign...

January 18, 2022

Title: Europol Shuts Down VPN Service Used by Ransomware Groups Date Published: January 18, 2022 https://www.bleepingcomputer.com/news/security/europol-shuts-down-vpn-service-used-by-ransomware-groups/ Excerpt: "Law enforcement authorities from 10 countries took down...

January 14, 2022

Title: Android users can now disable 2G to block Stingray attacks Date Published: January 13, 2022 https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Excerpt: "Google has finally rolled out an option on Android...

November 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks Date Published: November 23, 2021 https://www.infosecurity-magazine.com/news/4000-uk-retailers-compromised/ Excerpt: “UK government security experts have been forced to notify over 4000 domestic online...

November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...