OSN June 3, 2021

Fortify Security Team
Jun 3, 2021

Title: White House Urges Businesses to “Take Ransomware Crime Seriously”
Date Published: June 3, 2021


Excerpt: “The most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organizations around the world believe that companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively,” Neuberger said. The letter comes after a significant increase in the numbers and severity of ransomware attacks targeting the public and private sectors.”

Title: REvil Ransomware Responsible for the JBS Attack, FBI Says
Date Published: June 3, 2021


Excerpt: “We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice. We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable. Our private sector partnerships are essential to responding quickly when a cyber intrusion occurs and providing support to victims affected by our cyber adversaries. A cyberattack on one is an attack on us all. We encourage any entity that is the victim of a cyberattack to immediately notify the FBI through one of our 56 field offices.”

Title: FUJIFILM Had Shut Down Its Network After a Suspected Ransomware Attack
Date Published: June 3, 2021


Excerpt: “FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence. We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities.”

Title: Massachusetts’ Largest Ferry Service Hit by Ransomware Attack
Date Published: June 3, 2021


Excerpt: “There is no impact to the safety of vessel operations, as the issue does not affect radar or GPS functionality. Scheduled trips to both islands continue to operate, although customers may experience some delays during the ticketing process.” In an update issued today, the Steamship Authority says that it’s still working on restoring services, with trips already scheduled to operate without disruption. However, the availability of credit card systems for processing vehicle and passenger tickets is limited, so paying in cash is preferred.”

Title: Necro Python Bot Adds New Exploits and Tezos Mining to Its Bag of Tricks
Date Published: June 3, 2021


Excerpt: “Cisco Talos recently discovered the increased activity of the bot discovered in January 2021 in Cisco Secure Endpoint product telemetry, although the bot has been in development since 2015, according to its author. This threat demonstrates several techniques of the MITRE ATT&CK framework, most notably Exploit Public-Facing Application T1190, Scripting – T1064, PowerShell – T1059.001, Process Injection – T1055, Non-Standard Port – T1571, Remote Access Software – T1219, Input Capture – T1056, Obfuscated Files or Information – T1027 and Registry Run Keys/Startup Folder – T1547.001.”

Title: Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module
Date Published: June 3, 2021


Excerpt: “The findings follow an earlier analysis in February that found similar weaknesses in the Realtek RTL8195A Wi-Fi module, chief among them being a buffer overflow vulnerability (CVE-2020-9395) that permits an attacker in the proximity of an RTL8195 module to completely take over the module without having to know the Wi-Fi network password.”

Title: Chinese Cybercriminals Spent Three Years Creating a New Backdoor to Spy on Governments
Date Published: June 3, 2021


Excerpt: “The RTF document contains shellcode and an encrypted payload designed to create a scheduled task and to launch time-scanning anti-sandboxing techniques, as well as a downloader for the final backdoor.  Dubbed “VictoryDll_x86.dll,” the backdoor has been developed to contain a number of functions suitable for spying and the exfiltration of data to a command-and-control server (C2). These include the read/write and deletion of files; harvesting OS, process, registry key and services information, the ability to run commands through cmd.exe, screen grabbing, creating or terminating processes, obtaining the titles of top-level windows, and the option to close down PCs.”

Title: Teen Crashes Florida School District’s Network
Date Published: June 2, 2021


Excerpt: “According to a search warrant from the St. Petersburg Police Department, the youth said he had become “fixated” on the idea of disrupting the district’s digital peace after watching a video online that highlighted the vulnerability of school networks. CI Security founder Michael Hamilton said: “What the student did was he brought down a distributed denial-of-service attack, which is not the same as breaking in and stealing things and changing grades. What it does, is it makes the whole network unavailable”.”

Title: AMSI Bypasses Remain Tricks of the Malware Trade
Date Published: June 2, 2021


Excerpt: “AMSI gives antimalware software visibility into Microsoft components and applications, including into Windows’ PowerShell engine and script hosts (wscript.exe and cscript.exe), Office document macros, the current .NET Framework (version 4.8), and Windows Management Instrumentation (WMI)—components frequently used in “living off the land” (LOL) tactics by adversaries and in the execution of “fileless” malware. Windows third-party developers can leverage AMSI with their own applications as well, to allow anti-malware software to check for content passed to them that could turn their applications into “LOLbins” (living off the land binaries)—applications abused for malicious purposes by malware or network intruders.”

Title: Coronavirus phishing: “Welcome back to the office…”
Date Published: June 3, 2021


Excerpt: “As offices start to slowly open back up, the theoretically post-pandemic world is changing its threat landscape once again, and that includes the likely inclusion of coronavirus phishing attempts. With the move to remote work, attackers switched up their tactics. Personal devices and home networks became hot targets. Organizations struggled with securing devices remotely, rolling out VPNs, and forming best practices for potentially sensitive work done outside the office environment.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...