July 9, 2021

Fortify Security Team
Jul 9, 2021
Title: Insurance Giant CNA Reports Data Breach after Ransomware Attack

Date Published:  July 9, 2021


Excerpt:  “CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March.  CNA is considered the seventh-largest commercial insurance firm in the US based on stats from the Insurance Information Institute.  The company provides an extensive array of insurance products, including cyber insurance policies, to individuals and businesses across the US, Canada, Europe, and Asia.”

Title: Kaseya Warns of Phishing Campaign Pushing Fake Security Updates
Date Published:  July 9, 2021


Excerpt:  “Kaseya has warned customers that an ongoing phishing campaign attempts to breach their networks by spamming emails bundling malicious attachments and embedded links posing as legitimate VSA security updates.  “Spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments,” the company said in an alert issued on Thursday evening.  “Do not click on any links or download any attachments claiming to be a Kaseya advisory. Moving forward, Kaseya email updates will not contain any links or attachments.””

Title: Microsoft: PrintNightmare Security Updates Work, Start Patching!
Date Published:  July 9, 2021


Excerpt:  “Microsoft says the emergency security updates released at the start of the week correctly patch the PrintNightmare Print Spooler vulnerability for all supported Windows versions and urges users to start applying the updates as soon as possible.  This clarified guidance comes after security researchers tagged the patches as incomplete after finding that the OOB security updates could be bypassed in specific scenarios.  “Our investigation has shown that the OOB security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare,” the Microsoft Security Response Center explains.”

Title: Hackers Use a New Technique in Malspam Attacks to Disable Macro Security Warnings in Weaponized Docs
Date Published:  July 9, 2021


Excerpt:  “Most of the malspam campaigns leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients into enabling the macros.  Now experts from McAfee Labs warn of a novel technique used by threat actors that are using non-malicious documents to disable security warnings prior to executing macro code on the recipient’s PC.  Hackers downloads and executes malicious DLLs (ZLoader) without any malicious code present in the initial spammed attachment macro.  Zloader has been active at least since 2016, it borrows some functions from the notorious Zeus banking Trojan and was used to spread Zeus-like banking trojan (i.e. Zeus OpenSSL).”

Title: Cisco fixes High Severity Issue in BPA and WSA
Date Published:  July 9, 2021


Excerpt:  “Cisco released security patches for high severity vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks.  The IT giant fixed two flaws (CVE-2021-1574, CVE-2021-1576) in Business Process Automation (BPA), an authenticated attacker could remotely exploit them to elevate their privileges to Administrator. Both issues resides in the web-based management interface of Business Process Automation (BPA), they received a CVSS score of 8.8.  “Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator.” reads the advisory published by the company. “These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions with the privileges of an administrator, or by retrieving sensitive data from the logs and using it to impersonate a legitimate privileged user. A successful exploit could allow the attacker to elevate privileges to Administrator.“”

Title: Texas Resident Jailed for Role in $2.2 Million Romance, Business Email Scams
Date Published:  July 9, 2021


Excerpt:  “A resident of Houston, Texas, has been sentenced to over seven years in jail for his role in romance and business scams that netted over $2.2 million in illicit proceeds.  Akhabue Ehis Onoimoimilin, otherwise known as David Harrison, stood before US District Judge Robert Pitman this week and was sentenced to 87 months in prison and ordered to pay back just over $865,000 in restitution.  According to the US Department of Justice (DoJ), the 29-year-old has been embroiled in romance and Business Email Compromise (BEC) scams since approximately 2015.  Romance scams will often begin with the creation of fake profiles on social media and dating apps. Predators will target individuals and will try to establish trust with their victim, who believes they are a potential romantic partner. ”

Title: Ransomware: Banning Victims from Paying Ransoms Might Reduce Attacks, But it Won’t Stop Them
Date Published:  July 9, 2021


Excerpt:  “Ransomware is very profitable. The reason why cyber criminals continue to hack into corporate networks, encrypting files and servers, is that enough victims will pay the ransom – usually in Bitcoin or another cryptocurrency – to make it worth their while.  Some of those ransoms can be enormous; recent weeks have seen one company pay $5 million to restore the network after falling victim to Darkside ransomware, while another hit by a REvil ransomware attack paid $11 million for the decryption key.  REvil ransomware was also used in a massive ransomware attack, which saw management software company Kaseya hacked, affecting 1,500 companies around the world.”

Title: Lazarus Gang Targets Engineers with Job Offers Using Poisoned Emails
Date Published:  July 8, 2021


Excerpt:  “Security researchers at AT&T Alien Labs report that a notorious hacking group has been targeting engineers working in the defense industry.  In recent months there have been a series of reports of malicious emails that use the disguise of a job offer to target defense contractors in the United States and Europe.  Attached to the emails are Word documents containing macros that plant malicious code onto a victim’s computer, and make changes to the targeted computer’s settings in an attempt to avoid detection.  According to security researchers, the attacks carry the hallmarks of being the work of the notorious Lazarus Group, a North Korean-linked hacking gang that has been blamed for the 2014 attack on Sony Pictures, and the theft of $81 million from the Bank of Bangladesh in 2016, amongst other attacks.”

Title: Year-long Spear-phishing Campaign Targets Global Energy Industry
Date Published:  July 8, 2021


Excerpt:  “An unknown group has been conducting a year-long spear-phishing campaign against energy companies and other industries around the world.  The campaign has been happening for at least a year and targets companies and employees in the gas and oil, energy, information technology, media and electronics industries around the world, according to new research from Intezer, though many of the affected businesses are located in South Korea. The spear-phish emails leverage both typosquatting and spoofing to make the incoming emails look like they’re coming from established companies. They also reference executives from the company by name and include legitimate business addresses and company logos.  Many of the spear-phishing emails demonstrate how the threat actor appears to have done their homework, filled with procurement language jargon, referencing real ongoing projects the impersonated company is working on and inviting the target to bid for a portion of the work by clicking on an attachment.”

Title: Proposed Law Seeks to Boost Federal Cyber Workforce Through Apprenticeships, Training
Date Published:  July 8, 2021


Excerpt:  “Infosec training and apprenticeship experts are applauding a recently proposed bipartisan legislation that, if signed into law, would bolster the federal cyber workforce through an apprenticeship program at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and a pilot training program administered by the Department of Veterans Affairs.  That said, one pundit said the deadlines this law would allot to the agencies are too generous to generate the near-term workforce reinforcements that are so desperately needed. And cyber experts, while on board with the concept, said success or failure depends on the structure of the program.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...