OSN June 3, 2021

by | Jun 3, 2021 | Open Source News

Title: White House Urges Businesses to “Take Ransomware Crime Seriously”
Date Published: June 3, 2021

https://www.bleepingcomputer.com/news/security/white-house-urges-businesses-to-take-ransomware-crime-seriously/

Excerpt: “The most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organizations around the world believe that companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively,” Neuberger said. The letter comes after a significant increase in the numbers and severity of ransomware attacks targeting the public and private sectors.”

Title: REvil Ransomware Responsible for the JBS Attack, FBI Says
Date Published: June 3, 2021

https://heimdalsecurity.com/blog/revil-ransomware-responsible-for-the-jbs-attack-fbi-says/

Excerpt: “We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice. We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable. Our private sector partnerships are essential to responding quickly when a cyber intrusion occurs and providing support to victims affected by our cyber adversaries. A cyberattack on one is an attack on us all. We encourage any entity that is the victim of a cyberattack to immediately notify the FBI through one of our 56 field offices.”

Title: FUJIFILM Had Shut Down Its Network After a Suspected Ransomware Attack
Date Published: June 3, 2021

https://heimdalsecurity.com/blog/fujifilm-had-shut-down-its-network-after-a-suspected-ransomware-attack/

Excerpt: “FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence. We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities.”

Title: Massachusetts’ Largest Ferry Service Hit by Ransomware Attack
Date Published: June 3, 2021

https://www.bleepingcomputer.com/news/security/massachusetts-largest-ferry-service-hit-by-ransomware-attack/

Excerpt: “There is no impact to the safety of vessel operations, as the issue does not affect radar or GPS functionality. Scheduled trips to both islands continue to operate, although customers may experience some delays during the ticketing process.” In an update issued today, the Steamship Authority says that it’s still working on restoring services, with trips already scheduled to operate without disruption. However, the availability of credit card systems for processing vehicle and passenger tickets is limited, so paying in cash is preferred.”

Title: Necro Python Bot Adds New Exploits and Tezos Mining to Its Bag of Tricks
Date Published: June 3, 2021

https://blog.talosintelligence.com/2021/06/necro-python-bot-adds-new-tricks.html

Excerpt: “Cisco Talos recently discovered the increased activity of the bot discovered in January 2021 in Cisco Secure Endpoint product telemetry, although the bot has been in development since 2015, according to its author. This threat demonstrates several techniques of the MITRE ATT&CK framework, most notably Exploit Public-Facing Application T1190, Scripting – T1064, PowerShell – T1059.001, Process Injection – T1055, Non-Standard Port – T1571, Remote Access Software – T1219, Input Capture – T1056, Obfuscated Files or Information – T1027 and Registry Run Keys/Startup Folder – T1547.001.”

Title: Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module
Date Published: June 3, 2021

https://thehackernews.com/2021/06/researchers-warn-of-critical-bugs.html

Excerpt: “The findings follow an earlier analysis in February that found similar weaknesses in the Realtek RTL8195A Wi-Fi module, chief among them being a buffer overflow vulnerability (CVE-2020-9395) that permits an attacker in the proximity of an RTL8195 module to completely take over the module without having to know the Wi-Fi network password.”

Title: Chinese Cybercriminals Spent Three Years Creating a New Backdoor to Spy on Governments
Date Published: June 3, 2021

https://www.zdnet.com/article/chinese-cybercriminals-spent-three-years-creating-a-new-backdoor-to-spy-on-governments/

Excerpt: “The RTF document contains shellcode and an encrypted payload designed to create a scheduled task and to launch time-scanning anti-sandboxing techniques, as well as a downloader for the final backdoor.  Dubbed “VictoryDll_x86.dll,” the backdoor has been developed to contain a number of functions suitable for spying and the exfiltration of data to a command-and-control server (C2). These include the read/write and deletion of files; harvesting OS, process, registry key and services information, the ability to run commands through cmd.exe, screen grabbing, creating or terminating processes, obtaining the titles of top-level windows, and the option to close down PCs.”

Title: Teen Crashes Florida School District’s Network
Date Published: June 2, 2021

https://www.infosecurity-magazine.com/news/teen-crashes-florida-school/

Excerpt: “According to a search warrant from the St. Petersburg Police Department, the youth said he had become “fixated” on the idea of disrupting the district’s digital peace after watching a video online that highlighted the vulnerability of school networks. CI Security founder Michael Hamilton said: “What the student did was he brought down a distributed denial-of-service attack, which is not the same as breaking in and stealing things and changing grades. What it does, is it makes the whole network unavailable”.”

Title: AMSI Bypasses Remain Tricks of the Malware Trade
Date Published: June 2, 2021

https://news.sophos.com/en-us/2021/06/02/amsi-bypasses-remain-tricks-of-the-malware-trade/

Excerpt: “AMSI gives antimalware software visibility into Microsoft components and applications, including into Windows’ PowerShell engine and script hosts (wscript.exe and cscript.exe), Office document macros, the current .NET Framework (version 4.8), and Windows Management Instrumentation (WMI)—components frequently used in “living off the land” (LOL) tactics by adversaries and in the execution of “fileless” malware. Windows third-party developers can leverage AMSI with their own applications as well, to allow anti-malware software to check for content passed to them that could turn their applications into “LOLbins” (living off the land binaries)—applications abused for malicious purposes by malware or network intruders.”

Title: Coronavirus phishing: “Welcome back to the office…”
Date Published: June 3, 2021

https://blog.malwarebytes.com/scams/2021/06/coronavirus-phishing-welcome-back-to-the-office/

Excerpt: “As offices start to slowly open back up, the theoretically post-pandemic world is changing its threat landscape once again, and that includes the likely inclusion of coronavirus phishing attempts. With the move to remote work, attackers switched up their tactics. Personal devices and home networks became hot targets. Organizations struggled with securing devices remotely, rolling out VPNs, and forming best practices for potentially sensitive work done outside the office environment.”