OSN June 23, 2021

Fortify Security Team
Jun 24, 2021

Title: How Cyber Sleuths Cracked an ATM Shimmer Gang
Date Published: June 23, 2021


Excerpt: “Dant and other investigators looking into the shimmers didn’t know at the time how the thieves who planted the devices went about gathering the stolen data. Traditional ATM skimmers are either retrieved manually, or they are programmed to transmit the stolen data wirelessly, such as via text message or Bluetooth. But recall that these shimmers don’t have anywhere near the power needed to transmit data wirelessly, and the flexible shimmers themselves tend to rip apart when retrieved from the mouth of a compromised ATM. So how were the crooks collecting the loot?”

Title: Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
Date Published: June 23, 2021


Excerpt: “An unpatched stored cross-site-scripting (XSS) security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found. The bug was found to affect Pling-based markets by researchers at Positive Security, including AppImage Hub, Gnome-Look, KDE Discover App Store, Pling.com and XFCE-Look. To boot, the PlingStore application is affected by an unpatched remote code-execution (RCE) vulnerability, which researchers said can be triggered from any website while the app is running – allowing for drive-by attacks.”

Title: ATT&CK Workbench: A Tool for Extending Att&ck
Date Published: June 22, 2021


Excerpt: “Workbench allows users to explore, create, annotate, and share extensions of the ATT&CK knowledge base. Organizations or individuals can initialize their own instances of the application to serve as the centerpiece to a customized variant of the ATT&CK knowledge base, attaching other tools and interfaces as desired. Through the Workbench this local knowledge base can be extended with new or updated techniques, tactics, mitigations groups, and software. Additionally, Workbench provides means for a user to share their extensions with the greater ATT&CK community facilitating a greater level of collaboration within the community than is possible with current tools.”

Title: Former Cedar Rapids Hospital Employee Sentenced for Accessing Ex-Boyfriend’s Medical Records
Date Published: June 21, 2021


Excerpt: “On multiple occasions between April and October 2017, Bacor used her login credentials to access her ex-boyfriend’s protected private health information even though he was not one of her patients.  In September 2017, Bacor took a picture of a medical photograph that showed one of her ex-boyfriend’s injuries and sent the picture to a third person.  The third person then sent the picture to the ex-boyfriend and others on Facebook messenger along with taunting language and emojis.”

Title: USB-Based Malware Is a Growing Concern for Industrial Firms, New Honeywell Findings Show
Date Published: June 22, 2021


Excerpt: “Since many industrial systems are cut off from the internet, external devices like USB drives can provide hackers with a foothold into sensitive networks. USB drives have been known to carry infamous malware strains including Stuxnet and WannaCry. More than 20 industrial sites located around the world detected malicious files from USB storage devices, according to 2018 findings from Honeywell. A financially-motivated hacking group also aimed to infect targets by sending them USB devices in the mail, researchers learned in 2020.”

Title: Cryptominers Slither Into Python Projects in Supply-Chain Campaign
Date Published: June 22, 2021


Excerpt: “A group of cryptominers was found to have infiltrated the Python Package Index (PyPI), which is a repository of software code created in the Python programming language. Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply chain. It offers a place where coders can upload software packages for use by developers in building various applications, services and other projects. Unfortunately, a single malicious package can be baked into multiple different projects – infecting them with cryptominers, info-stealers and more, and making remediation a complex process.”

Title: A Ransomware Attack Disrupted the IT Network of the City of Liege
Date Published: June 22, 2021


Excerpt: “The City of Liège is currently the victim of a large-scale targeted computer attack, obviously of a criminal nature.” reads the status page published by the city. “The City of Liège, surrounded by experts of international competence, analyzes the scale of this attack and its consequences, in particular in terms of duration on the partial unavailability of its IT system. It is doing everything to restore the situation as soon as possible. Services to the public are currently heavily impacted.”

Title: Fake Text File can Load Malware on Computers
Date Published: June 23, 2021


Excerpt: “The .txt extension is known to be a harmless text file and when email clients and Windows load a file with the extension, the popular Notepad icon appears. However, one of the latest threats uses RTLO and the Unicode character U+202E to make a text file into an advanced attack. As most users are familiar with the Notepad icon, they are likely to open the attachment. In many current RTLO attacks the malicious file is a PowerShell script, which allows attackers to download external files and change computer settings on the computer.”

Title: Hackers Are Trying to Attack Big Companies. Small Suppliers Are the Weakest Link
Date Published: June 22, 2021


Excerpt: “Researchers also found that many of the companies examined were running unpatched or unsupported software, making them vulnerable to cyberattacks that exploit known vulnerabilities – and something they suggest means there’s an absence of a patch-management strategy. Cyber criminals regularly take advantage of known vulnerabilities in an effort to gain access to networks – and in the case of the defense industry, a small contractor being compromised could lead to a larger company on the supply chain being subject to cyberattacks.”

Title: Phishing Asking Recipients Not to Report Abuse
Date Published: June 22, 2021


Excerpt: “As you may see, it is in Hungarian, and according to a translation by Google Translate, it basically says “you need to run a check on your email using this link to be able to receive further messages”. This would be hardly unusual, however the last sentence next to the copyright comes down to “Your system administrator has advised you not to report abuse.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...