OSN June 28,2021

Fortify Security Team
Jun 28, 2021

Title: Microsoft Admits to Have Mistakenly-Signed a Software Driver Loaded With Rootkit Malware
Date Published: June 28, 2021


Excerpt: “Microsoft was saved by a thin margin because there is no sign of the malware corrupting or stealing any certificates from the company servers. The Windows-maker is not sure how the malware got into the system and that it would be refining its signing process, validation, and access policies, according to reports. The malware spread to the entire Microsoft gaming community but unless a user goes out of the way to access the malware, it cannot automatically harm any gamer’s system. Microsoft says that the rootkit malware only works post-exploitation and obtaining administrator access for installation is necessary.”

Title: Spear Phishing Campaign with New Techniques Aimed at Aviation Companies
Date Published: June 25, 2021


Excerpt: “The infection cycle begins with phishing emails sent to aviation companies that contain malicious links disguised as pdf attachments. The link in the email directs the user to VB Script hosting sites, from which the initial payload (.vbs) is delivered. The .vbs script then drops the second stage payload, an xml file containing inline C# .NET assembly code that acts as a RAT loader. The loader hollows and injects the final payload, AsyncRAT, into the victim process (RegSvcs.exe). AsyncRAT, also known as RevengeRAT, connects to its C2 server, takes control of the compromised machine, and introduces additional payloads. I will now dive into each of these steps in a bit more detail.”

Title: A Cisco ASA Vulnerability Is Actively Exploited
Date Published: June 28, 2021


Excerpt: “This specific Cisco ASA vulnerability is a cross-site scripting (XSS) vulnerability tracked as CVE-2020-3580. Cisco was the first to disclose the vulnerability as they issued a fix in October 202o but it seems that the initial patch issued for the Cisco ASA vulnerability CVE-2020-3580 was incomplete, as a further fix was released in April 2021. The Cisco ASA is a cybersecurity perimeter-defense appliance that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities, therefore the successful exploitation in regard to this means that unauthenticated, remote attackers might be able to execute arbitrary code within the [ASA] interface.”

Title: Details of Over 200,000 Students Leaked in Cyberattack
Date Published: June 28, 2021


Excerpt: “A pro-Palestinian Malaysian hacker group known as “DragonForce” claimed that it hacked into AcadeME last week, stating “THE LARGEST AND MOST ADVANCED STUDENT AND GRADUATE RECRUITMENT NETWORK IN ISRAEL Hacked By DragonForce Malaysia” in a Telegram message on June 20. The group claimed that they leaked emails, passwords, first and last names, addresses and even phone numbers of students who were registered on AcadeME. DragonForce attacked screenshots of code, server addresses and a table including email addresses and names.”

Title: Cybercrime Malware News Builder for Babuk Locker Ransomware Leaked Online
Date Published: June 27, 2021


Excerpt: “The leak of the Babuk Locker builder comes two months after the Babuk Locker ransomware gang announced that it was retiring from ransomware operations after a high-profile attack on the Washington, DC police department in late April. The gang is believed to have followed through on its retirement plans in late May when it rebranded its ransomware leak site into Payload[.]bin and started operating as a third-party host for other ransomware gangs that wanted to leak files from victims but did not want to operate their own leak site.”

Title: NFC Flaws Let Researchers Hack ATMs by Waving a Phone
Date Published: June 24, 2021


Excerpt: “Rodriguez says he alerted the affected vendors—which include ID Tech, Ingenico, Verifone, Crane Payment Innovations, BBPOS, Nexgo, and the unnamed ATM vendor—to his findings between 7 months and a year ago. Even so, he warns that the sheer number of affected systems and the fact that many point-of-sale terminals and ATMs don’t regularly receive software updates—and in many cases require physical access to update—mean that many of those devices likely remain vulnerable. “Patching so many hundreds of thousands of ATMs physically, it’s something that would require a lot of time,” Rodriguez says.”

Title: Mercedes-Benz USA Announces Initial Findings of Data Investigation Affecting Customers and Interested Buyers
Date Published: June 24, 2021


Excerpt: “On June 11, 2021, a vendor informed Mercedes-Benz that sensitive personal information of less than 1,000 Mercedes-Benz customers and interested buyers was inadvertently made accessible on a cloud storage platform. This confirmation was part of an ongoing investigation conducted in cooperation with the vendor. The issue was uncovered through the dedicated work of an external security researcher. It is our understanding the information was entered by customers and interested buyers on dealer and Mercedes-Benz websites between January 1, 2014 and June 19, 2017. No Mercedes-Benz system was compromised as a result of this incident, and at this time, we have no evidence that any Mercedes-Benz files were maliciously misused.”

Title: Epsilon Red – Our Research Reveals More Than 3.5 Thousand Servers Are Still Vulnerable
Date Published: June 26, 2021


Excerpt: “During our research, we checked all publicly obtainable sources offering actionable intelligence on Epsilon Red. Our findings suggest that the new ransomware variant appears to be properly detected by the majority of leading antivirus vendors. This specific ransomware variant is attempting to propagate using a variety of recently discovered Microsoft Exchange server vulnerabilities, such as CVE-2020-1472, CVE-2021-26855, CVE-2021-27065 to drop ransomware on the affected hosts. We found 695 vulnerable ZeroLogon servers in the US, an additional 71 vulnerable servers in Australia, and 36 more in Argentina. These servers are directly susceptible and exploitable by the Epsilon Red ransomware campaign.”

Title: ISPs Must Provide Emergency Video Service to Deaf Users: Ofcom
Date Published: June 25, 2021


Excerpt: “UK telecom and broadcasting regulator, Ofcom has mandated new requirements for Internet Service Providers (ISPs) and phone companies to provide additional services for users with special needs. These include companies in the sector—even those not typically providing telephony services to offer an emergency video relay service that users with hearing or speech impairments can rely on. Although these requirements are may impose new challenges on telecoms, their goal is to provide equivalent access to emergency services for British Sign Language (BSL) users.”

Title: Industrial Automation And Control Systems Under Cyberattack
Date Published: June 25, 2021


Excerpt: “Cybersecurity experts across the industry share the rugged journey through industrial control security and the demanding criteria for IEC certifications. Enterprises struggle to merge security design, concepts of defense, and life cycle management into a solid product development framework. Failing to document security configurations, updated management policies, and other pertinent information is a guaranteed deal-breaker. But the major land mine to certification is failure to execute appropriate standards in security testing throughout the development lifecycle. “Each organization has unique IIoT components that must meet specific levels of process maturity and product security requirements,” says Morgan Hung, CEO and general manager at Onward Security.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...