OSN June 10, 2021

Fortify Security Team
Jun 10, 2021

Title: Emerging Ransomware Targets Dozens of Businesses Worldwide
Date Published: June 10, 2021


Excerpt: “First observed in February 2021, “Prometheus” is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organizations in the Middle East and North Africa last year. The affected entities are believed to be government, financial services, manufacturing, logistics, consulting, agriculture, healthcare services, insurance agencies, energy and law firms in the U.S., U.K., and a dozen more countries in Asia, Europe, the Middle East, and South America, according to new research published by Palo Alto Networks’ Unit 42 threat intelligence team.”

Title: Meatpacking Organization JBS Pays $11 Million to REvil Ransomware Hackers
Date Published: June 10, 2021


Excerpt: “After analyzing the available information, my boss came to the conclusion that the transfer of files will take place only after payment. As stated by JBS, it was essential for them to receive the ransomware decryptor to decrypt two specific databases as the rest of the data was being restored from backups. The two parties eventually agreed to an $11 million payment made in cryptocurrency and sent the same day the negotiation started. Following the payment, the REvil ransomware gang gave JBS the decryptor.”

Title: Researchers Create an UNHackable Quantum Network Over Hundreds of Kilometers Using Optical Fiber
Date Published: June 10, 2021


Excerpt: “But in order to communicate, quantum devices need to send and receive qubits – tiny particles that exist in a special, but extremely fragile, quantum state. Finding the best way to transmit qubits without having them fall from their quantum state has got scientists around the world scratching their heads for many years. One approach consists of shooting qubits down optical fibers that connect quantum devices. The method has been successful but is limited in scale: small changes in the environment, such as temperature fluctuations, cause the fibers to expand and contract, and risk messing with the qubits.”

Title: AL Jazeera Media Network Exposed to Cyberattacks Endeavoring to Disrupt Its Services
Date Published: June 10, 2021


Excerpt: “Qatar’s Al Jazeera Media Network declared in a statement on Wednesday it was exposed to a succession of cyberattacks to penetrate some of its platforms and websites between June 5 and 8, 2021. Al Jazeera is a Qatari government-funded international Arabic news channel based in Doha, Qatar that is operated by the media conglomerate Al Jazeera Media Network. The channel is a flagship of the media conglomerate and hence, is the only single offering to carry the name as simply “Al Jazeera” in its branding.”

Title: Russia-Linked APT Breached the Network of Dutch Police in 2017
Date Published: June 10, 2021


Excerpt: “The hackers exploited a vulnerability in an “exotic software” to compromise a server of the Dutch Police Academy, then they made lateral movements to access other systems into the main Dutch police network. The intrusion was uncovered by the Dutch intelligence service AIVD, the government experts discovered that a Dutch police IP address was connecting to servers operated by Russia-linked APT. According to sources of the Volkskrant, the attack was conducted by the Russia-linked APT29 (aks SVR, Cozy Bear, and The Dukes). APT29 along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections.”

Title: FBI: BEC Scammers Now Impersonate Construction Companies
Date Published: June 10, 2021


Excerpt: “The Federal Bureau of Investigation has recently warned that scammers are now posing as construction companies in business email compromise (BEC) attacks. The threat actors are targeting organizations from multiple U.S. critical infrastructure sectors. BEC fraud is a scheme used by cybercriminals to gain access to a legitimate business email through social engineering or computer intrusion to impersonate an employee – often someone who can authorize payments – and instructs others in the company to transfer funds on their behalf.”

Title: Chrome Zero-Day, Hot on the Heels of Microsoft’s Ie Zero-Day. Patch Now!
Date Published: June 10, 2021


Excerpt: “This bug is listed as a “type confusion in V8“, where V8 is the part of Chrome that runs JavaScript code, and type confusion means that you can feed V8 one sort of data item but trick JavaScript into handling it as if it were something else, possibly bypassing security checks or running unauthorized code as a result. For example, if your code is doing JavaScript calculations on a data object that has a memory block of 16 bytes allocated to it, but you can trick the JavaScript interpreter into thinking that you are working on an object that uses 1024 bytes of memory, you can probably end up sneakily writing data outside the official 16-byte allocation, thus pulling off a buffer overflow attack.”

Title: Building a Webauthn Click Farm — Are Captchas Obsolete?
Date Published: June 10, 2021


Excerpt: “If an attacker has automated attacks (e.g. DDOS, mass goods purchasing, etc.) that need to bypass the attestation of personhood this is a reliable way to do it with relatively low cost and effort. For a few hours of work and a hundred dollars of hardware keys, an attacker could make a reusable system that could support theoretically limitless automated requests that could successfully bypass the challenge.”

Title: U.S. Department of Defense Awards Contract to Lookingglass Cyber Solutions
Date Published: June 10, 2021


Excerpt: “LookingGlass scoutSuite synthesizes vast amounts of global internet data with threat actor capabilities and motivations to provide a robust threat modeling environment that can quickly process, prioritize, and operationalize threat intelligence and indicators of compromise. The quantity and quality of data in the platform enables it to support multiple cybersecurity use cases.”

Title: What to Know About Updates to the PCI Secure Software Standard
Date Published: June 9, 2021


Excerpt: “On April 29, 2021, the PCI Council announced an update to the Secure Software Standard, which defines the criteria for various types of payment software for evaluation and listing. The PCI Council made several clarifications to controls within the standard, added additional guidance to a couple of sections, and added its new module specific to Terminal Software Requirements, which applies to software intended for deployment and execution on payment terminals. ”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...