OSN June 23, 2021

Fortify Security Team
Jun 24, 2021

Title: How Cyber Sleuths Cracked an ATM Shimmer Gang
Date Published: June 23, 2021

https://krebsonsecurity.com/2021/06/how-cyber-sleuths-cracked-an-atm-shimmer-gang/

Excerpt: “Dant and other investigators looking into the shimmers didn’t know at the time how the thieves who planted the devices went about gathering the stolen data. Traditional ATM skimmers are either retrieved manually, or they are programmed to transmit the stolen data wirelessly, such as via text message or Bluetooth. But recall that these shimmers don’t have anywhere near the power needed to transmit data wirelessly, and the flexible shimmers themselves tend to rip apart when retrieved from the mouth of a compromised ATM. So how were the crooks collecting the loot?”

Title: Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
Date Published: June 23, 2021

https://threatpost.com/unpatched-linux-marketplace-bugs-rce/167155/

Excerpt: “An unpatched stored cross-site-scripting (XSS) security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found. The bug was found to affect Pling-based markets by researchers at Positive Security, including AppImage Hub, Gnome-Look, KDE Discover App Store, Pling.com and XFCE-Look. To boot, the PlingStore application is affected by an unpatched remote code-execution (RCE) vulnerability, which researchers said can be triggered from any website while the app is running – allowing for drive-by attacks.”

Title: ATT&CK Workbench: A Tool for Extending Att&ck
Date Published: June 22, 2021

https://medium.com/mitre-engenuity/att-ck-workbench-a-tool-for-extending-att-ck-e1718cbfe0ef

Excerpt: “Workbench allows users to explore, create, annotate, and share extensions of the ATT&CK knowledge base. Organizations or individuals can initialize their own instances of the application to serve as the centerpiece to a customized variant of the ATT&CK knowledge base, attaching other tools and interfaces as desired. Through the Workbench this local knowledge base can be extended with new or updated techniques, tactics, mitigations groups, and software. Additionally, Workbench provides means for a user to share their extensions with the greater ATT&CK community facilitating a greater level of collaboration within the community than is possible with current tools.”

Title: Former Cedar Rapids Hospital Employee Sentenced for Accessing Ex-Boyfriend’s Medical Records
Date Published: June 21, 2021

https://www.justice.gov/usao-ndia/pr/former-cedar-rapids-hospital-employee-sentenced-accessing-ex-boyfriend-s-medical

Excerpt: “On multiple occasions between April and October 2017, Bacor used her login credentials to access her ex-boyfriend’s protected private health information even though he was not one of her patients.  In September 2017, Bacor took a picture of a medical photograph that showed one of her ex-boyfriend’s injuries and sent the picture to a third person.  The third person then sent the picture to the ex-boyfriend and others on Facebook messenger along with taunting language and emojis.”

Title: USB-Based Malware Is a Growing Concern for Industrial Firms, New Honeywell Findings Show
Date Published: June 22, 2021

https://www.cyberscoop.com/usb-malware-honeywell-cyber-risk/

Excerpt: “Since many industrial systems are cut off from the internet, external devices like USB drives can provide hackers with a foothold into sensitive networks. USB drives have been known to carry infamous malware strains including Stuxnet and WannaCry. More than 20 industrial sites located around the world detected malicious files from USB storage devices, according to 2018 findings from Honeywell. A financially-motivated hacking group also aimed to infect targets by sending them USB devices in the mail, researchers learned in 2020.”

Title: Cryptominers Slither Into Python Projects in Supply-Chain Campaign
Date Published: June 22, 2021

https://threatpost.com/cryptominers-python-supply-chain/167135/

Excerpt: “A group of cryptominers was found to have infiltrated the Python Package Index (PyPI), which is a repository of software code created in the Python programming language. Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply chain. It offers a place where coders can upload software packages for use by developers in building various applications, services and other projects. Unfortunately, a single malicious package can be baked into multiple different projects – infecting them with cryptominers, info-stealers and more, and making remediation a complex process.”

Title: A Ransomware Attack Disrupted the IT Network of the City of Liege
Date Published: June 22, 2021

https://securityaffairs.co/wordpress/119240/malware/city-of-liege-ransomware.html

Excerpt: “The City of Liège is currently the victim of a large-scale targeted computer attack, obviously of a criminal nature.” reads the status page published by the city. “The City of Liège, surrounded by experts of international competence, analyzes the scale of this attack and its consequences, in particular in terms of duration on the partial unavailability of its IT system. It is doing everything to restore the situation as soon as possible. Services to the public are currently heavily impacted.”

Title: Fake Text File can Load Malware on Computers
Date Published: June 23, 2021

https://titanhq.medium.com/fake-text-file-can-load-malware-on-computers-617c9477e369

Excerpt: “The .txt extension is known to be a harmless text file and when email clients and Windows load a file with the extension, the popular Notepad icon appears. However, one of the latest threats uses RTLO and the Unicode character U+202E to make a text file into an advanced attack. As most users are familiar with the Notepad icon, they are likely to open the attachment. In many current RTLO attacks the malicious file is a PowerShell script, which allows attackers to download external files and change computer settings on the computer.”

Title: Hackers Are Trying to Attack Big Companies. Small Suppliers Are the Weakest Link
Date Published: June 22, 2021

https://www.zdnet.com/article/hackers-are-trying-to-attack-big-companies-small-suppliers-are-the-weakest-link/

Excerpt: “Researchers also found that many of the companies examined were running unpatched or unsupported software, making them vulnerable to cyberattacks that exploit known vulnerabilities – and something they suggest means there’s an absence of a patch-management strategy. Cyber criminals regularly take advantage of known vulnerabilities in an effort to gain access to networks – and in the case of the defense industry, a small contractor being compromised could lead to a larger company on the supply chain being subject to cyberattacks.”

Title: Phishing Asking Recipients Not to Report Abuse
Date Published: June 22, 2021

https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/

Excerpt: “As you may see, it is in Hungarian, and according to a translation by Google Translate, it basically says “you need to run a check on your email using this link to be able to receive further messages”. This would be hardly unusual, however the last sentence next to the copyright comes down to “Your system administrator has advised you not to report abuse.”

Recent Posts

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...

OSN August 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks Date Published: August 26, 2021 https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may...

OSN August 25, 2021

Title: Fake Opensea Support Staff Are Stealing Cryptowallets and NFTS Date Published: August 24, 2021 https://www.bleepingcomputer.com/news/security/fake-opensea-support-staff-are-stealing-cryptowallets-and-nfts/ Excerpt: “When an OpenSea user needs support, they can...

OSN August 24, 2021

Title: A Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health Date Published: August 23, 2021 https://www.thespectrum.com/story/news/2021/08/23/phishing-attack-exposes-information-12-000-patients-st-george/8214230002/ Excerpt: “A healthcare...

OSN August 23, 2021

Title: WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws Date Published: August 22, 2021 https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html Excerpt: “Now according to researchers from Huntress Labs, at least five distinct styles...