OSN June 3, 2021

Fortify Security Team
Jun 3, 2021

Title: White House Urges Businesses to “Take Ransomware Crime Seriously”
Date Published: June 3, 2021

https://www.bleepingcomputer.com/news/security/white-house-urges-businesses-to-take-ransomware-crime-seriously/

Excerpt: “The most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organizations around the world believe that companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively,” Neuberger said. The letter comes after a significant increase in the numbers and severity of ransomware attacks targeting the public and private sectors.”

Title: REvil Ransomware Responsible for the JBS Attack, FBI Says
Date Published: June 3, 2021

https://heimdalsecurity.com/blog/revil-ransomware-responsible-for-the-jbs-attack-fbi-says/

Excerpt: “We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice. We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable. Our private sector partnerships are essential to responding quickly when a cyber intrusion occurs and providing support to victims affected by our cyber adversaries. A cyberattack on one is an attack on us all. We encourage any entity that is the victim of a cyberattack to immediately notify the FBI through one of our 56 field offices.”

Title: FUJIFILM Had Shut Down Its Network After a Suspected Ransomware Attack
Date Published: June 3, 2021

https://heimdalsecurity.com/blog/fujifilm-had-shut-down-its-network-after-a-suspected-ransomware-attack/

Excerpt: “FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence. We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities.”

Title: Massachusetts’ Largest Ferry Service Hit by Ransomware Attack
Date Published: June 3, 2021

https://www.bleepingcomputer.com/news/security/massachusetts-largest-ferry-service-hit-by-ransomware-attack/

Excerpt: “There is no impact to the safety of vessel operations, as the issue does not affect radar or GPS functionality. Scheduled trips to both islands continue to operate, although customers may experience some delays during the ticketing process.” In an update issued today, the Steamship Authority says that it’s still working on restoring services, with trips already scheduled to operate without disruption. However, the availability of credit card systems for processing vehicle and passenger tickets is limited, so paying in cash is preferred.”

Title: Necro Python Bot Adds New Exploits and Tezos Mining to Its Bag of Tricks
Date Published: June 3, 2021

https://blog.talosintelligence.com/2021/06/necro-python-bot-adds-new-tricks.html

Excerpt: “Cisco Talos recently discovered the increased activity of the bot discovered in January 2021 in Cisco Secure Endpoint product telemetry, although the bot has been in development since 2015, according to its author. This threat demonstrates several techniques of the MITRE ATT&CK framework, most notably Exploit Public-Facing Application T1190, Scripting – T1064, PowerShell – T1059.001, Process Injection – T1055, Non-Standard Port – T1571, Remote Access Software – T1219, Input Capture – T1056, Obfuscated Files or Information – T1027 and Registry Run Keys/Startup Folder – T1547.001.”

Title: Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module
Date Published: June 3, 2021

https://thehackernews.com/2021/06/researchers-warn-of-critical-bugs.html

Excerpt: “The findings follow an earlier analysis in February that found similar weaknesses in the Realtek RTL8195A Wi-Fi module, chief among them being a buffer overflow vulnerability (CVE-2020-9395) that permits an attacker in the proximity of an RTL8195 module to completely take over the module without having to know the Wi-Fi network password.”

Title: Chinese Cybercriminals Spent Three Years Creating a New Backdoor to Spy on Governments
Date Published: June 3, 2021

https://www.zdnet.com/article/chinese-cybercriminals-spent-three-years-creating-a-new-backdoor-to-spy-on-governments/

Excerpt: “The RTF document contains shellcode and an encrypted payload designed to create a scheduled task and to launch time-scanning anti-sandboxing techniques, as well as a downloader for the final backdoor.  Dubbed “VictoryDll_x86.dll,” the backdoor has been developed to contain a number of functions suitable for spying and the exfiltration of data to a command-and-control server (C2). These include the read/write and deletion of files; harvesting OS, process, registry key and services information, the ability to run commands through cmd.exe, screen grabbing, creating or terminating processes, obtaining the titles of top-level windows, and the option to close down PCs.”

Title: Teen Crashes Florida School District’s Network
Date Published: June 2, 2021

https://www.infosecurity-magazine.com/news/teen-crashes-florida-school/

Excerpt: “According to a search warrant from the St. Petersburg Police Department, the youth said he had become “fixated” on the idea of disrupting the district’s digital peace after watching a video online that highlighted the vulnerability of school networks. CI Security founder Michael Hamilton said: “What the student did was he brought down a distributed denial-of-service attack, which is not the same as breaking in and stealing things and changing grades. What it does, is it makes the whole network unavailable”.”

Title: AMSI Bypasses Remain Tricks of the Malware Trade
Date Published: June 2, 2021

https://news.sophos.com/en-us/2021/06/02/amsi-bypasses-remain-tricks-of-the-malware-trade/

Excerpt: “AMSI gives antimalware software visibility into Microsoft components and applications, including into Windows’ PowerShell engine and script hosts (wscript.exe and cscript.exe), Office document macros, the current .NET Framework (version 4.8), and Windows Management Instrumentation (WMI)—components frequently used in “living off the land” (LOL) tactics by adversaries and in the execution of “fileless” malware. Windows third-party developers can leverage AMSI with their own applications as well, to allow anti-malware software to check for content passed to them that could turn their applications into “LOLbins” (living off the land binaries)—applications abused for malicious purposes by malware or network intruders.”

Title: Coronavirus phishing: “Welcome back to the office…”
Date Published: June 3, 2021

https://blog.malwarebytes.com/scams/2021/06/coronavirus-phishing-welcome-back-to-the-office/

Excerpt: “As offices start to slowly open back up, the theoretically post-pandemic world is changing its threat landscape once again, and that includes the likely inclusion of coronavirus phishing attempts. With the move to remote work, attackers switched up their tactics. Personal devices and home networks became hot targets. Organizations struggled with securing devices remotely, rolling out VPNs, and forming best practices for potentially sensitive work done outside the office environment.”

Recent Posts

January 20, 2022

Title: New MoonBounce UEFI Malware Used by APT41 in Targeted Attacks Date Published: January 20, 2022 https://www.bleepingcomputer.com/news/security/new-moonbounce-uefi-malware-used-by-apt41-in-targeted-attacks/ Excerpt: "Security analysts have discovered and linked...

January 19, 2022

Title: Office 365 Phishing Attack Impersonates the US Department of Labor Date Published: January 19, 2022 https://www.bleepingcomputer.com/news/security/office-365-phishing-attack-impersonates-the-us-department-of-labor/ Excerpt: "A new phishing campaign...

January 18, 2022

Title: Europol Shuts Down VPN Service Used by Ransomware Groups Date Published: January 18, 2022 https://www.bleepingcomputer.com/news/security/europol-shuts-down-vpn-service-used-by-ransomware-groups/ Excerpt: "Law enforcement authorities from 10 countries took down...

January 14, 2022

Title: Android users can now disable 2G to block Stingray attacks Date Published: January 13, 2022 https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Excerpt: "Google has finally rolled out an option on Android...

November 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks Date Published: November 23, 2021 https://www.infosecurity-magazine.com/news/4000-uk-retailers-compromised/ Excerpt: “UK government security experts have been forced to notify over 4000 domestic online...

November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...