OSN June 11, 2021

Fortify Security Team
Jun 11, 2021

Title: Where’s the Beef? Ransomware Hit Highlights Cyber Problems
Date Published: June 4, 2021

https://www.bankinfosecurity.com/wheres-beef-ransomware-hit-highlights-cyber-problems-a-16806

Excerpt: “While more attention has been paid to the electrical and oil and gas industries over the past several months when it comes to disruptions caused by cyberthreats, the U.S. food and agriculture sector is also a prime target for attacks and is listed as one of 16 critical infrastructure areas designated by the Cybersecurity and Infrastructure Security Agency under Presidential Policy Directive 21. And like other parts of the nation’s critical infrastructure, the U.S. agricultural and food sector is mainly controlled by private companies, and reporting cybersecurity incidents and possible threats remain voluntary.”

Title: Lax Security Around URL Shortener Exposed PII of U.S. Retailer Carter’s Customer Base
Date Published: June 11, 2021

https://www.zdnet.com/article/lax-security-around-url-shortener-exposed-pii-of-us-retailer-carters-customer-base/

Excerpt: “Carter’s is a major retailer for baby clothing and apparel in the United States which now operates worldwide. The company generated over $3 billion in revenue during 2020.  When a purchase was made through the Carter’s US website, the vendor would automatically send them a shortened URL to access a purchase confirmation page. However, a lack of security around the URLs themselves, together with no authentication to verify the customer, was problematic.”

Title: Cost of Ransomware Attack on Baltimore County Public Schools Climbs to $7.7M
Date Published: June 11 2021

https://www.baltimoresun.com/education/bs-md-ransomware-cost-schools-20210609-20210611-6fipdck3h5b5peli6vgbgfsqyy-story.html

Excerpt: “The district has said no personal information was stolen, but has not disclosed the extent of the attack nor any ransom demands. Among the largest expenditures was more than $2 million to move computer applications to a cloud-based system and more than $1.4 million for a one-year license on Windows security software, the latter of which was purchased at the strong recommendation of the system’s cyber insurance carrier.”

Title: Mysterious Custom Malware Used to Steal 1.2tb of Data From Million Pcs
Date Published: June 11, 2021

https://securityaffairs.co/wordpress/118842/malware/custom-malware-data-theft.html

Excerpt: “This is a Trojan-type malware that was transmitted via email and illegal software. The software includes illegal Adobe Photoshop 2018, a Windows cracking tool, and several cracked games.” reads the report published by NordLocker. “The data was collected from 3.25 million computers. The malware stole nearly 26 million login credentials holding 1.1 million unique email addresses, 2 billion+ cookies, and 6.6 million files. The experts pointed out that custom malware used to amass such kind of data is very cheap, easy to find online and customizable. Multiple posts on the Dark Web advertise similar malware that is available for as little as $100”.

Title: Unknown Attacker Chains Chrome and Windows Zero-Days
Date Published: June 11, 2021

https://www.infosecurity-magazine.com/news/unknown-attacker-chains-chrome/

Excerpt: “Once they’ve gained a foothold in victim networks by exploiting these three flaws, the stager modules execute a more sophisticated malware dropper from a remote server, which in turn installs to executables masquerading as legitimate Windows files. One of these is a remote shell module designed to download and upload files, create processes, lie dormant for periods of time, and delete itself from the infected system, Kaspersky said. Microsoft patched both vulnerabilities in this week’s Patch Tuesday security update round while Google has already fixed the Chrome flaw.”

Title: Linux System Service Bug Lets You Get Root on Most Modern Distros
Date Published: June 11, 2021

https://www.bleepingcomputer.com/news/security/linux-system-service-bug-lets-you-get-root-on-most-modern-distros/

Excerpt: “Even though many Linux distributions haven’t shipped with the vulnerable polkit version until recently, any Linux system shipping with polkit 0.113 or later installed is exposed to attacks. The list of currently vulnerable distros shared by Backhouse includes popular distros such as RHEL 8, Fedora 21 (or later), Ubuntu 20.04, as well as unstable versions like Debian testing (‘bullseye’) and its derivatives. Exploiting the vulnerability is surprisingly easy as it only takes a few terminal commands using only standard tools such as bash, kill, and dbus-send — a video demo provided by Backhouse is embedded below.”

Title: Network Security Firm Coo Charged With Medical Center Cyberattack
Date Published: June 11, 2021

https://www.bleepingcomputer.com/news/security/network-security-firm-coo-charged-with-medical-center-cyberattack/

Excerpt: “The former chief operating officer of Securolytics, a network security company providing services for the healthcare industry, was charged with allegedly conducting a cyberattack on Georgia-based Gwinnett Medical Center (GMC). 45-year-old Vikas Singla supposedly disrupted the health provider’s Ascom phone service and network printer service and obtained information from a Hologic R2 Digitizer digitizing device in September 2018.”

Title: Lewd Phishing Lures Aimed at Business Explode
Date Published: June 8 2021

https://threatpost.com/lewd-phishing-lures-business-explode/166734/

Excerpt: “The same technology enables legitimate email senders to auto-populate an unsubscribe field with a user email address,” the report said. Once a user clicks on a link in the email, their email address is automatically passed to the linked site. In these attacks, the cybercriminal leverages the information they gleaned in order to set up a second stage. GreatHorn shared an example of the type of X-rated phishing lure, which includes a your-place-or-mine proposition.”

Title: Gaming Giant EA Suffers Major Data Breach
Date Published: June 11, 2021

https://www.infosecurity-magazine.com/news/gaming-ea-suffers-data-breach/

Excerpt: “Cyber-criminals made the claim in blog posts published on underground hacking forums, where they advertised a total of 780GB of data for sale. These posts were viewed and detailed by Motherboard, who EA informed that it had indeed suffered a data breach. Among the data stolen was the source code for the popular football game FIFA 21 and code for its matchmaking server, and source code and tools for the Frostbite engine, which powers several EA games, including Battlefield. Additionally, the attackers took proprietary EA frameworks and software development kits.”

Title: CD Projekt Data Breach: Ransomware Attack Makes Internal Data Public
Date Published: June 11, 2021

https://heimdalsecurity.com/blog/cd-projekt-data-breach-data-exposure/

Excerpt: “The company’s website has reported in an update from yesterday, that they gained new knowledge regarding the stolen data. It seems that the information consists of: contractor and current/former employee records and also data related to video games. Another publication, BleepingComputer, explains that, besides collecting game codes, cybercriminals might have access to administrative, accounting, HR, legal, and investor relations papers. The leaked data, WARSAW (Reuters) – Internal company data, is circulating now anywhere on the internet. Anyhow, it is not confirmed if the revealed information is accurate or has been manipulated by the cybercriminals.

Recent Posts

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...