OSN June 23, 2021

Fortify Security Team
Jun 24, 2021

Title: How Cyber Sleuths Cracked an ATM Shimmer Gang
Date Published: June 23, 2021


Excerpt: “Dant and other investigators looking into the shimmers didn’t know at the time how the thieves who planted the devices went about gathering the stolen data. Traditional ATM skimmers are either retrieved manually, or they are programmed to transmit the stolen data wirelessly, such as via text message or Bluetooth. But recall that these shimmers don’t have anywhere near the power needed to transmit data wirelessly, and the flexible shimmers themselves tend to rip apart when retrieved from the mouth of a compromised ATM. So how were the crooks collecting the loot?”

Title: Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
Date Published: June 23, 2021


Excerpt: “An unpatched stored cross-site-scripting (XSS) security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found. The bug was found to affect Pling-based markets by researchers at Positive Security, including AppImage Hub, Gnome-Look, KDE Discover App Store, Pling.com and XFCE-Look. To boot, the PlingStore application is affected by an unpatched remote code-execution (RCE) vulnerability, which researchers said can be triggered from any website while the app is running – allowing for drive-by attacks.”

Title: ATT&CK Workbench: A Tool for Extending Att&ck
Date Published: June 22, 2021


Excerpt: “Workbench allows users to explore, create, annotate, and share extensions of the ATT&CK knowledge base. Organizations or individuals can initialize their own instances of the application to serve as the centerpiece to a customized variant of the ATT&CK knowledge base, attaching other tools and interfaces as desired. Through the Workbench this local knowledge base can be extended with new or updated techniques, tactics, mitigations groups, and software. Additionally, Workbench provides means for a user to share their extensions with the greater ATT&CK community facilitating a greater level of collaboration within the community than is possible with current tools.”

Title: Former Cedar Rapids Hospital Employee Sentenced for Accessing Ex-Boyfriend’s Medical Records
Date Published: June 21, 2021


Excerpt: “On multiple occasions between April and October 2017, Bacor used her login credentials to access her ex-boyfriend’s protected private health information even though he was not one of her patients.  In September 2017, Bacor took a picture of a medical photograph that showed one of her ex-boyfriend’s injuries and sent the picture to a third person.  The third person then sent the picture to the ex-boyfriend and others on Facebook messenger along with taunting language and emojis.”

Title: USB-Based Malware Is a Growing Concern for Industrial Firms, New Honeywell Findings Show
Date Published: June 22, 2021


Excerpt: “Since many industrial systems are cut off from the internet, external devices like USB drives can provide hackers with a foothold into sensitive networks. USB drives have been known to carry infamous malware strains including Stuxnet and WannaCry. More than 20 industrial sites located around the world detected malicious files from USB storage devices, according to 2018 findings from Honeywell. A financially-motivated hacking group also aimed to infect targets by sending them USB devices in the mail, researchers learned in 2020.”

Title: Cryptominers Slither Into Python Projects in Supply-Chain Campaign
Date Published: June 22, 2021


Excerpt: “A group of cryptominers was found to have infiltrated the Python Package Index (PyPI), which is a repository of software code created in the Python programming language. Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply chain. It offers a place where coders can upload software packages for use by developers in building various applications, services and other projects. Unfortunately, a single malicious package can be baked into multiple different projects – infecting them with cryptominers, info-stealers and more, and making remediation a complex process.”

Title: A Ransomware Attack Disrupted the IT Network of the City of Liege
Date Published: June 22, 2021


Excerpt: “The City of Liège is currently the victim of a large-scale targeted computer attack, obviously of a criminal nature.” reads the status page published by the city. “The City of Liège, surrounded by experts of international competence, analyzes the scale of this attack and its consequences, in particular in terms of duration on the partial unavailability of its IT system. It is doing everything to restore the situation as soon as possible. Services to the public are currently heavily impacted.”

Title: Fake Text File can Load Malware on Computers
Date Published: June 23, 2021


Excerpt: “The .txt extension is known to be a harmless text file and when email clients and Windows load a file with the extension, the popular Notepad icon appears. However, one of the latest threats uses RTLO and the Unicode character U+202E to make a text file into an advanced attack. As most users are familiar with the Notepad icon, they are likely to open the attachment. In many current RTLO attacks the malicious file is a PowerShell script, which allows attackers to download external files and change computer settings on the computer.”

Title: Hackers Are Trying to Attack Big Companies. Small Suppliers Are the Weakest Link
Date Published: June 22, 2021


Excerpt: “Researchers also found that many of the companies examined were running unpatched or unsupported software, making them vulnerable to cyberattacks that exploit known vulnerabilities – and something they suggest means there’s an absence of a patch-management strategy. Cyber criminals regularly take advantage of known vulnerabilities in an effort to gain access to networks – and in the case of the defense industry, a small contractor being compromised could lead to a larger company on the supply chain being subject to cyberattacks.”

Title: Phishing Asking Recipients Not to Report Abuse
Date Published: June 22, 2021


Excerpt: “As you may see, it is in Hungarian, and according to a translation by Google Translate, it basically says “you need to run a check on your email using this link to be able to receive further messages”. This would be hardly unusual, however the last sentence next to the copyright comes down to “Your system administrator has advised you not to report abuse.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...