OSN June 23, 2021

Fortify Security Team
Jun 24, 2021

Title: How Cyber Sleuths Cracked an ATM Shimmer Gang
Date Published: June 23, 2021


Excerpt: “Dant and other investigators looking into the shimmers didn’t know at the time how the thieves who planted the devices went about gathering the stolen data. Traditional ATM skimmers are either retrieved manually, or they are programmed to transmit the stolen data wirelessly, such as via text message or Bluetooth. But recall that these shimmers don’t have anywhere near the power needed to transmit data wirelessly, and the flexible shimmers themselves tend to rip apart when retrieved from the mouth of a compromised ATM. So how were the crooks collecting the loot?”

Title: Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
Date Published: June 23, 2021


Excerpt: “An unpatched stored cross-site-scripting (XSS) security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found. The bug was found to affect Pling-based markets by researchers at Positive Security, including AppImage Hub, Gnome-Look, KDE Discover App Store, Pling.com and XFCE-Look. To boot, the PlingStore application is affected by an unpatched remote code-execution (RCE) vulnerability, which researchers said can be triggered from any website while the app is running – allowing for drive-by attacks.”

Title: ATT&CK Workbench: A Tool for Extending Att&ck
Date Published: June 22, 2021


Excerpt: “Workbench allows users to explore, create, annotate, and share extensions of the ATT&CK knowledge base. Organizations or individuals can initialize their own instances of the application to serve as the centerpiece to a customized variant of the ATT&CK knowledge base, attaching other tools and interfaces as desired. Through the Workbench this local knowledge base can be extended with new or updated techniques, tactics, mitigations groups, and software. Additionally, Workbench provides means for a user to share their extensions with the greater ATT&CK community facilitating a greater level of collaboration within the community than is possible with current tools.”

Title: Former Cedar Rapids Hospital Employee Sentenced for Accessing Ex-Boyfriend’s Medical Records
Date Published: June 21, 2021


Excerpt: “On multiple occasions between April and October 2017, Bacor used her login credentials to access her ex-boyfriend’s protected private health information even though he was not one of her patients.  In September 2017, Bacor took a picture of a medical photograph that showed one of her ex-boyfriend’s injuries and sent the picture to a third person.  The third person then sent the picture to the ex-boyfriend and others on Facebook messenger along with taunting language and emojis.”

Title: USB-Based Malware Is a Growing Concern for Industrial Firms, New Honeywell Findings Show
Date Published: June 22, 2021


Excerpt: “Since many industrial systems are cut off from the internet, external devices like USB drives can provide hackers with a foothold into sensitive networks. USB drives have been known to carry infamous malware strains including Stuxnet and WannaCry. More than 20 industrial sites located around the world detected malicious files from USB storage devices, according to 2018 findings from Honeywell. A financially-motivated hacking group also aimed to infect targets by sending them USB devices in the mail, researchers learned in 2020.”

Title: Cryptominers Slither Into Python Projects in Supply-Chain Campaign
Date Published: June 22, 2021


Excerpt: “A group of cryptominers was found to have infiltrated the Python Package Index (PyPI), which is a repository of software code created in the Python programming language. Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply chain. It offers a place where coders can upload software packages for use by developers in building various applications, services and other projects. Unfortunately, a single malicious package can be baked into multiple different projects – infecting them with cryptominers, info-stealers and more, and making remediation a complex process.”

Title: A Ransomware Attack Disrupted the IT Network of the City of Liege
Date Published: June 22, 2021


Excerpt: “The City of Liège is currently the victim of a large-scale targeted computer attack, obviously of a criminal nature.” reads the status page published by the city. “The City of Liège, surrounded by experts of international competence, analyzes the scale of this attack and its consequences, in particular in terms of duration on the partial unavailability of its IT system. It is doing everything to restore the situation as soon as possible. Services to the public are currently heavily impacted.”

Title: Fake Text File can Load Malware on Computers
Date Published: June 23, 2021


Excerpt: “The .txt extension is known to be a harmless text file and when email clients and Windows load a file with the extension, the popular Notepad icon appears. However, one of the latest threats uses RTLO and the Unicode character U+202E to make a text file into an advanced attack. As most users are familiar with the Notepad icon, they are likely to open the attachment. In many current RTLO attacks the malicious file is a PowerShell script, which allows attackers to download external files and change computer settings on the computer.”

Title: Hackers Are Trying to Attack Big Companies. Small Suppliers Are the Weakest Link
Date Published: June 22, 2021


Excerpt: “Researchers also found that many of the companies examined were running unpatched or unsupported software, making them vulnerable to cyberattacks that exploit known vulnerabilities – and something they suggest means there’s an absence of a patch-management strategy. Cyber criminals regularly take advantage of known vulnerabilities in an effort to gain access to networks – and in the case of the defense industry, a small contractor being compromised could lead to a larger company on the supply chain being subject to cyberattacks.”

Title: Phishing Asking Recipients Not to Report Abuse
Date Published: June 22, 2021


Excerpt: “As you may see, it is in Hungarian, and according to a translation by Google Translate, it basically says “you need to run a check on your email using this link to be able to receive further messages”. This would be hardly unusual, however the last sentence next to the copyright comes down to “Your system administrator has advised you not to report abuse.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...