OSN May 21, 2021

Fortify Security Team
May 21, 2021

Title: Colonial Pipeline Hit With Class Action Lawsuit Following Cyberattack, Shutdown

Date Published: May 21, 2021


Excerpt: “The lawsuit states: “As a result of the Defendant’s failure to properly secure the Colonial Pipeline’s critical infrastructure – leaving it subjected to potential ransomware attacks like the one that took place on May 7, 2021, there have been catastrophic effects for consumers and other end-users of gasoline up and down the east coast. The Defendant’s unlawfully deficient data security has injured millions”

Title: Here’s How We Got Persistent Shell Access on a Boeing 747 – Pen Test Partners

Date Published: May 21, 2021


Excerpt: “The system was so ancient its management server ran on Windows NT4 SP3, a distant ancestor of today’s Windows Server builds. That age posed a problem for PTP’s testers when they tried running modern pentesting tools against it: NT4 predated everyday attack surfaces such as the Remote Desktop Protocol. Simply put, lots of modern tools and techniques didn’t work. Metasploit all but failed, giving no obvious reason for doing so. Even Backtrack, the predecessor to Kali Linux, didn’t work – triggering lots of scratching of heads at PTP HQ.”

Title: Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Date Published: May 21, 2021


Excerpt: “STRRAT first emerged in the threat landscape in June 2020, with German cybersecurity firm G Data observing the Windows malware (version 1.2) in phishing emails containing malicious Jar (or Java Archive) attachments. “The RAT has a focus on stealing credentials of browsers and email clients, and passwords via keylogging,” G Data malware analyst Karsten Hahn detailed. “It supports the following browsers and email clients: Firefox, Internet Explorer, Chrome, Foxmail, Outlook, Thunderbird”.”

Title: Comcast Now Blocks BGP Hijacking Attacks and Route Leaks With RPKI

Date Published: May 16, 2021


Excerpt: “This helps to ensure that packets get to their intended destinations intact and cannot be hijacked or leaked to other destinations, making the network – and Internet traffic more generally – more secure and resilient for all users. Given the size and technical diversity of our network, deploying RPKI represented a significant effort, yet we were able to implement the update without disrupting performance for our customers.”

Title: Darkside Affiliates Claim Gang’s Bitcoins in Deposit on Hacker Forum

Date Published: May 21, 2021


Excerpt: “REvil ransomware last year deposited $1 million worth of Bitcoin to a different hacking forum to attract new recruits into the operation. This move showed that they trusted the forum administrator with the money and that there was plenty of money to be made. Last week, DarkSide closed shop and informed affiliates that the decision came after losing access to their public-facing servers and it was “due to the pressure from the US” after the attack on Colonial Pipeline.”

Title: Microsoft Simuland, an Open-Source Lab Environment to Simulate Attack Scenarios

Date Published: May 21, 2021


Excerpt: “Microsoft has released SimuLand, an open-source lab environment that allows to reproduce the techniques used in real attack scenarios. The tool could be used to test and improve Microsoft solutions, including Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios.”

Title: Microsoft, Google Clouds Hijacked for Gobs of Phishing

Date Published: May 19, 2021


Excerpt: “The malicious message volume from these trusted cloud services exceeded that of any botnet in 2020, and the trusted reputation of these domains, including outlook.com and sharepoint.com, increases the difficulty of detection for defenders,” the report, issued Wednesday, explained. “This authenticity perception is essential, as email recently regained its status as the top vector for ransomware; and, threat actors increasingly leverage the supply chain and partner ecosystem to compromise accounts, steal credentials and siphon funds.”

Title: Dev-Sec Disconnect Undermines Secure Coding Efforts

Date Published: May 20, 2021


Excerpt: “Among the advice that Romeo has for security teams and companies intent on improving their application security programs: Tune the tools to reduce false positives, work together to determine the right amount of resources to dedicate to security needs, educate developers about security, and also educate security professionals about development.”

Title: This Ransomware-Spreading Malware Botnet Just Won’t Go Away

Date Published: May 21, 2021


Excerpt: “The botnet, known for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads, Microsoft said. The botnet’s geographic targeting for bot distribution and installation expanded, too, it said: “more recent activity shows a shift to a more global distribution.”

Title: WordPress XXE Vulnerability in Media Library – CVE-2021-29447

Date Published: May 21, 2021


Excerpt: “WordPress versions 5.7, 5.6.2, 5.6.1, 5.6, 5.0.11 are affected to XML eXternal Entity vulnerability where an authenticated user with the ability to upload files in the Media Library can upload a malicious WAVE file that could lead to remote arbitrary file disclosure and server-side request forgery (SSRF).”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...