OSN June 2, 2021

Fortify Security Team
Jun 2, 2021

Title: Internet Domains Used by APT29 in Phishing Attacks Seized by the U.S.
Date Published: June 2, 2021


Excerpt: “The domains seized are theyardservice[.]com and worldhomeoutlet[.]com. The domains were used to receive the data that was exfiltrated from victims of the targeted phishing attacks and to send further commands malware in an attempt to execute on infected machines. Microsoft has disclosed the attacks recently and declared they were conducted by a Russian state-affiliated hacking group known as NOBELIUM (APT29, Cozy Bear, and The Dukes), with the group supposedly being affiliated with the Russian Foreign Intelligence Service (SVR).”

Title: U.S. Schools Land IBM Grants to Protect Themselves Against Ransomware
Date Published: June 2, 2021


Excerpt: “The grants, worth $500,000 each, have been awarded to school districts in Florida (Brevard Public Schools), New York (Poughkeepsie City School District), Georgia (KIPP Metro Atlanta Schools), Texas (Sheldon Independent School District), California (Newhall School District), and Colorado (Denver Public Schools). IBM says that applicants were judged on their “cybersecurity needs and experiences, community resources and potential risks”.

Title: Hackers‌ ‌Actively‌ ‌Exploiting‌ ‌0-Day‌ ‌in WordPress Plugin Installed on Over ‌17,000‌ ‌Sites
Date Published: June 2, 2021


Excerpt: “Armed with this capability, an attacker can achieve remote code execution on an affected website, allowing full site takeover, the researchers noted. Wordfence has not shared the technical specifics of the vulnerability as it’s under active attack. Wordfence said that the critical zero-day could be exploited in select configurations even if the plugin has been deactivated, urging users to completely uninstall Fancy Product Designer until a patched version becomes available.”

Title: China-Linked Threat Group Targets Taiwan Critical Infrastructure, Smokescreen Ransomware
Date Published: June 1, 2021


Excerpt: “This successful, sophisticated attack targeted CI on a national scale, denied service across the country, interrupted the daily life of the common citizen, and brought brief but significant economic turmoil. On May 15, (ten days after the CPC incident), the Investigation Bureau of the Ministry of Justice (MJIB) released an investigation report stating that the CPC was one of more than ten victims in this sophisticated and organized ColdLock ransomware attack. The unnamed ten included other organizations in Taiwan’s critical infrastructure, even a large multinational semiconductor vendor.”

Title: Visualizing U.S. Petroleum Pipeline Networks
Date Published: June 2, 2021


Excerpt: “There is much we can learn through multidimensional data sources and connecting the dots during disasters, so that in the future, we are more prepared as a society. In the case of the Colonial pipeline cyber-attack: pipeline networks, petroleum refinery and storage locations, transport supply chains, and the locations of gas stations with shortages can help understand the chain of events. This understanding will make us better prepared for future cyber-attacks.”

Title: Exploit Broker Zerodium Is Looking for Pidgin 0day Exploits
Date Published: June 2, 2021


Excerpt: “Because Pidgin is used by cybercriminal organizations and terrorist groups, some of them developed specific plugins to add additional protection to the communications. Today the Pidgin client is mainly used to exchange messages via the XMPP (Jabber) protocol. Pidgin also supports plugins that implement Off-the-Record Messaging over any IM network Pidgin supports. Researchers from Trend Micro reported the existence of Asrar al-Dardashah, a plugin released in 2013 that was developed for Pidgin to add encryption to the instant messaging functions, securing instant messaging with the press of a single button.”

Title: Researchers Uncover Hacking Operations Targeting Government Entities in South Korea
Date Published: June 2, 2021


Excerpt: “Kimsuky’s attack infrastructure consists of various phishing websites that mimic well known websites such as Gmail, Microsoft Outlook, and Telegram with an aim to trick victims into entering their credentials. “This is one of the main methods used by this actor to collect email addresses that later will be used to send spear-phishing emails.” In using social engineering as a core component of its operations, the goal is to distribute a malware dropper that takes the form of a ZIP archive file attached to the emails, which ultimately leads to the deployment of an encoded DLL payload called AppleSeed, a backdoor that’s been put to use by Kimusky as early as 2019.”

Title: Cyber-Insurance Fuels Ransomware Payment Surge
Date Published: June 2, 2021


Excerpt: “The sub-limits have become more common as cyber-insurance has drawn concern from security experts about how it will change the overall security landscape. For instance, many argue that falling back on cyber-insurance policies during a ransomware attack could dissuade companies from adopting the security measures that could prevent such an attack in the first place. From a broad perspective, building in ransomware payments to insurance policies will only promote the use of ransomware further and simultaneously disincentivize organizations from taking the proper steps to avoid ransomware fallout.”

Title: White House Puts Russia on Notice Over JBS Ransomware Hit
Date Published: June 1, 2021


Excerpt: “The White House says the U.S. Department of Agriculture is contacting other meat suppliers to ensure they’re aware of the JBS incident and taking steps to defend themselves against similar attacks. Agriculture operations and food processing facilities are designated by CISA as being critical infrastructure. But food plants – similar to manufacturing plants – have often proven to be soft targets for ransomware distributors, says Allan Liska, who is part of cybersecurity firm Recorded Future’s computer security incident response team.”

Title: Scripps Begins Notifying More Than 147,000 People of Ransomware Records Breach
Date Published: June 1, 2021


Excerpt: “Fallout from the incursion took nearly a full month to resolve, forcing medical professionals at all levels of care, from medical offices to hospitals, to document their work on paper charts. Access to important information, such as previous test results, was unavailable for weeks, and Scripps facilities did not begin regaining the ability to create new digital records until late last week when the organization’s MyScripps patient portal also returned to service.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...