OSN June 14, 2021

Fortify Security Team
Jun 14, 2021
Title: REvil Hits US Nuclear Weapons Contractor: Report

Date Published: June 11, 2021

https://threatpost.com/revil-hits-us-nuclear-weapons-contractor-sol-oriens/166858/

Excerpt: “Whether REvil – or whichever gang proves to be responsible for the attack – got its hands on more sensitive, secret information about the country’s nuclear weapons remains to be seen. But the fact that it got anything at all is, of course, deeply concerning. As Mother Jones pointed out, the NNSA is responsible for maintaining and securing the nation’s nuclear weapons stockpile and works on nuclear applications for the military, along with other highly sensitive missions.”

Title: Audi and Volkswagen Involved in a Massive Data Breach
Date Published: June 14, 2021

https://heimdalsecurity.com/blog/audi-and-volkswagen-involved-in-a-massive-data-breach/

Excerpt: “Unfortunately, as the Audi and Volkswagen data were left unsecured for such a long period of time, there is no way to know how many people had gained unauthorized access to it, therefore, all communications claiming to be from Audi or Volkswagen should be treated with suspicion, and the victims who had more sensitive data exposed should freeze their credit report in order to make it harder for third parties to perform identity theft.”

Title: Fujifilm Resumes Normal Operations After Ransomware Attack
Date Published: June 14, 2021

https://www.bleepingcomputer.com/news/security/fujifilm-resumes-normal-operations-after-ransomware-attack/

Excerpt: “Qbot trojan’s operators have a long history of working with ransomware gangs, providing them with remote access to previously infected networks. The ProLock and Egregor ransomware groups are known to have partnered with Qbo in the past but, after those operations shut down, REvil is the new ransomware gang that has been using the botnet to gain access to victims’ networks. While these are only theories at the moment, we will know soon enough who was behind the attack since, if data was stolen in the attack, it will likely be released on a ransomware data leak site and used as leverage to force Fujifilm to pay the ransom.”

Title: Ransomware: Russia Told to Tackle Cyber Criminals Operating From Within Its Borders
Date Published: June 14, 2021

https://www.zdnet.com/article/ransomware-russia-told-to-tackle-cyber-criminals-operating-from-within-its-borders/#

Excerpt: “Ransomware has struck every type of organization around the world. It’s changed dramatically, too, entering the enterprise from nearly every angle, with attackers leveraging stolen data by posting it on the internet to force victims to pay. In most cases (see SolarWinds and XingLocker), Active Directory (AD) is targeted so the attacker can easily distribute the ransomware after obtaining domain privileges. There are, however, ways to help secure Active Directory to prevent ransomware from succeeding. Distinct areas within Active Directory can be secured, which will increase the overall security of the enterprise and reduce the security risk at the same time. Specifically, the following settings around AD objects can be secured.”

Title: Chinese Hackers Believed to Be Behind Second Cyberattack on Air India
Date Published: June 13, 2021

https://thehackernews.com/2021/06/chinese-hackers-believed-to-be-behind.html

Excerpt: “Group-IB’s analysis has now revealed that at least since Feb. 23, an infected device inside Air India’s network (named “SITASERVER4”) communicated with a server hosting Cobalt Strike payloads dating all the way back to Dec. 11, 2020. Following this initial compromise, the attackers are said to have established persistence and obtained passwords in order to pivot laterally to the broader network with the goal of gathering information inside the local network.”

Title: Colonial Pipeline Cyberattack Proves a Single Password Isn’t Enough
Date Published: June 14, 2021

https://www.darkreading.com/omdia/colonial-pipeline-cyberattack-proves-a-single-password-isnt-enough/a/d-id/1341278

Excerpt: “Although Omdia’s ICT Enterprise Insights 2021 survey revealed that 60% of manufacturing companies are planning to increase investment in cybersecurity, which is promising, that still leaves another 40%. This group, although the minority, are maintaining or potentially reducing investment. With high-profile attacks like the Colonial Pipeline highlighting the significant risks, companies must do more to be prepared. Proper security hygiene requires a layered approach, and part of that is updating and maintaining passwords.”

Title: Backdoordiplomacy APT Targets Diplomats From Africa and the Middle East
Date Published: June 13, 2021

https://securityaffairs.co/wordpress/118920/apt/backdoordiplomacy-apt.html

Excerpt: “In one of the attacks spotted by ESET, they observed the threat actors exploit the CVE-2020-5902 F5 BIP-IP vulnerability (CVE-2020-5902) to drop a Linux backdoor. In another attack, the APT group exploited flaws in Microsoft Exchange server to install the China Chopper backdoor. In a third attack, researchers targeted a Plesk server with poorly configured file-upload security to execute another webshell. Once compromised a system, the threat actors leverage open-source tools for scanning the network and make a lateral movement to infect them. The attackers employed a custom backdoor, tracked by ESET as Turian, which is based on the Quarian backdoor, and in some attacks, they used open-source remote access tools to take over the system.”

Title: The An0m Fake Secure Chat App May Have Been Too Clever for Its Own Good
Date Published: June 14, 2021

https://www.theregister.com/2021/06/14/an0m_and_yamamoto/

Excerpt: “So while the most easily-learned and obvious lesson from AN0M was that criminals ought not to trust anyone selling “secure” comms apps, another lesson was that even if an app is cracked it’s possible to mess up the cops by changing the signal-to-noise ratio. The lesson for the rest of us law-abiding Reg readers is that law enforcement authorities around the world are well and truly committed to finding ways through and around encryption, wherever it is used by criminals.”

Title: The OSI Model and You Part 4: Stopping Threats at the OSI Transport Layer
Date Published: June 14, 2021

https://securityintelligence.com/articles/osi-model-stopping-threats-osi-transport-layer/

Excerpt: “Reliability on the OSI transport layer is crucial. There is a lot going on in this layer because all the packets move around. As a side note, we often refer to packets as segments or datagrams on the transport layer, based on protocol used. If this layer does not segment and reassemble the packets correctly, performance may suffer. That means the OSI transport layer needs to be as error-free as possible. This is also why it performs error control as well. If errors are happening here, communication between hosts will get messy.”

Title: Unpatched Bugs Found Lurking in Provisioning Platform Used with Cisco UC
Date Published: June 11, 2021

https://threatpost.com/unpatched-bugs-provisioning-cisco-uc/166882/

Excerpt: “Meanwhile, researchers said that CVE-2021-31582 can allow an attacker who is already authenticated to the device to alter or delete the contents of the local MariaDB database, which is a free and open-source fork of the MySQL relational database management system. In some cases, attackers could recover LDAP BIND credentials in use in the host organization, which are used to authenticate clients (and the users or applications behind them) to a directory server.”

Recent Posts

OSN August 12, 2021

Title: Accenture Confirms Hack After LockBit Ransomware Data Leak Threats Date Published:  August 12, 2021 https://www.bleepingcomputer.com/news/security/accenture-confirms-hack-after-lockbit-ransomware-data-leak-threats/ Excerpt:  “Accenture, a global IT consultancy...

OSN July 15, 2021

Title: Microsoft: Update Windows Server 2012 Before Extended Support Ends Date Published: July 15, 2021 https://www.bleepingcomputer.com/news/microsoft/microsoft-update-windows-server-2012-before-extended-support-ends/ Excerpt: “The company says Windows Server and SQL...

OSN July 9, 2021

Title: Insurance Giant CNA Reports Data Breach after Ransomware Attack Date Published:  July 9, 2021 https://www.bleepingcomputer.com/news/security/insurance-giant-cna-reports-data-breach-after-ransomware-attack/ Excerpt:  “CNA Financial Corporation, a leading...

OSN July 6, 2021

Title: REvil Ransomware Asks $70 Million to Decrypt all Kaseya Attack Victims Date Published:  July 5, 2021 https://www.bleepingcomputer.com/news/security/revil-ransomware-asks-70-million-to-decrypt-all-kaseya-attack-victims/ Excerpt:  “REvil ransomware has set a...

Fortify 24×7 Named to Top 100 Vertical Market MSPs: 2021 Edition

BEGIN PRESS RELEASE: Fortify 24x7 Named to ChannelE2E Top 100 Vertical Market MSPs: 2021 Edition Sixth-Annual List Reveals Leading MSPs In Healthcare, Legal, Government, Financial Services & More May 26, 2021, Point Robets, WA: For the third year in a row, Fortify...

Beers & Bytes Recognized as a Top Industry Podcast

Beers & Bytes was recently named the Gold Winner for Best Cybersecurity Podcast among North American-based companies with between 10 and 49 employees. The honor was conveyed by the highly-coveted Cybersecurity Excellence Awards program. The recognition comes as...

Fortify 24×7 Named To MSSP Top 250 MSSPs List For 2020

Fourth-Annual List Honors Leading MSSP, MDR, and SOCaaS Cybersecurity Companies Worldwide September 28, 2020, Point Roberts, WA: MSSP Alert, published by After Nines Inc., has named Fortify 24x7 to the Top 250 MSSPs list for 2020 (https://www.msspalert.com/top250)....