OSN June 11, 2021

Fortify Security Team
Jun 11, 2021

Title: Where’s the Beef? Ransomware Hit Highlights Cyber Problems
Date Published: June 4, 2021


Excerpt: “While more attention has been paid to the electrical and oil and gas industries over the past several months when it comes to disruptions caused by cyberthreats, the U.S. food and agriculture sector is also a prime target for attacks and is listed as one of 16 critical infrastructure areas designated by the Cybersecurity and Infrastructure Security Agency under Presidential Policy Directive 21. And like other parts of the nation’s critical infrastructure, the U.S. agricultural and food sector is mainly controlled by private companies, and reporting cybersecurity incidents and possible threats remain voluntary.”

Title: Lax Security Around URL Shortener Exposed PII of U.S. Retailer Carter’s Customer Base
Date Published: June 11, 2021


Excerpt: “Carter’s is a major retailer for baby clothing and apparel in the United States which now operates worldwide. The company generated over $3 billion in revenue during 2020.  When a purchase was made through the Carter’s US website, the vendor would automatically send them a shortened URL to access a purchase confirmation page. However, a lack of security around the URLs themselves, together with no authentication to verify the customer, was problematic.”

Title: Cost of Ransomware Attack on Baltimore County Public Schools Climbs to $7.7M
Date Published: June 11 2021


Excerpt: “The district has said no personal information was stolen, but has not disclosed the extent of the attack nor any ransom demands. Among the largest expenditures was more than $2 million to move computer applications to a cloud-based system and more than $1.4 million for a one-year license on Windows security software, the latter of which was purchased at the strong recommendation of the system’s cyber insurance carrier.”

Title: Mysterious Custom Malware Used to Steal 1.2tb of Data From Million Pcs
Date Published: June 11, 2021


Excerpt: “This is a Trojan-type malware that was transmitted via email and illegal software. The software includes illegal Adobe Photoshop 2018, a Windows cracking tool, and several cracked games.” reads the report published by NordLocker. “The data was collected from 3.25 million computers. The malware stole nearly 26 million login credentials holding 1.1 million unique email addresses, 2 billion+ cookies, and 6.6 million files. The experts pointed out that custom malware used to amass such kind of data is very cheap, easy to find online and customizable. Multiple posts on the Dark Web advertise similar malware that is available for as little as $100”.

Title: Unknown Attacker Chains Chrome and Windows Zero-Days
Date Published: June 11, 2021


Excerpt: “Once they’ve gained a foothold in victim networks by exploiting these three flaws, the stager modules execute a more sophisticated malware dropper from a remote server, which in turn installs to executables masquerading as legitimate Windows files. One of these is a remote shell module designed to download and upload files, create processes, lie dormant for periods of time, and delete itself from the infected system, Kaspersky said. Microsoft patched both vulnerabilities in this week’s Patch Tuesday security update round while Google has already fixed the Chrome flaw.”

Title: Linux System Service Bug Lets You Get Root on Most Modern Distros
Date Published: June 11, 2021


Excerpt: “Even though many Linux distributions haven’t shipped with the vulnerable polkit version until recently, any Linux system shipping with polkit 0.113 or later installed is exposed to attacks. The list of currently vulnerable distros shared by Backhouse includes popular distros such as RHEL 8, Fedora 21 (or later), Ubuntu 20.04, as well as unstable versions like Debian testing (‘bullseye’) and its derivatives. Exploiting the vulnerability is surprisingly easy as it only takes a few terminal commands using only standard tools such as bash, kill, and dbus-send — a video demo provided by Backhouse is embedded below.”

Title: Network Security Firm Coo Charged With Medical Center Cyberattack
Date Published: June 11, 2021


Excerpt: “The former chief operating officer of Securolytics, a network security company providing services for the healthcare industry, was charged with allegedly conducting a cyberattack on Georgia-based Gwinnett Medical Center (GMC). 45-year-old Vikas Singla supposedly disrupted the health provider’s Ascom phone service and network printer service and obtained information from a Hologic R2 Digitizer digitizing device in September 2018.”

Title: Lewd Phishing Lures Aimed at Business Explode
Date Published: June 8 2021


Excerpt: “The same technology enables legitimate email senders to auto-populate an unsubscribe field with a user email address,” the report said. Once a user clicks on a link in the email, their email address is automatically passed to the linked site. In these attacks, the cybercriminal leverages the information they gleaned in order to set up a second stage. GreatHorn shared an example of the type of X-rated phishing lure, which includes a your-place-or-mine proposition.”

Title: Gaming Giant EA Suffers Major Data Breach
Date Published: June 11, 2021


Excerpt: “Cyber-criminals made the claim in blog posts published on underground hacking forums, where they advertised a total of 780GB of data for sale. These posts were viewed and detailed by Motherboard, who EA informed that it had indeed suffered a data breach. Among the data stolen was the source code for the popular football game FIFA 21 and code for its matchmaking server, and source code and tools for the Frostbite engine, which powers several EA games, including Battlefield. Additionally, the attackers took proprietary EA frameworks and software development kits.”

Title: CD Projekt Data Breach: Ransomware Attack Makes Internal Data Public
Date Published: June 11, 2021


Excerpt: “The company’s website has reported in an update from yesterday, that they gained new knowledge regarding the stolen data. It seems that the information consists of: contractor and current/former employee records and also data related to video games. Another publication, BleepingComputer, explains that, besides collecting game codes, cybercriminals might have access to administrative, accounting, HR, legal, and investor relations papers. The leaked data, WARSAW (Reuters) – Internal company data, is circulating now anywhere on the internet. Anyhow, it is not confirmed if the revealed information is accurate or has been manipulated by the cybercriminals.

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...