OSN July 12, 2021

Fortify Security Team
Jul 12, 2021

Title: Kaseya Rolled out a Patch for VSA Supply-Chain Attack
Date Published: July 12, 2021

https://thesecmasterblog.medium.com/kaseya-rolled-out-a-patch-for-vsa-supply-chain-attack-7517e6680d9c

Excerpt: “The company has published the readiness guide and best practice guide for the customers to read before they proceed with patching the VSA Supply-Chain Attack. In the recently released patch VSA version 9.5.7a (9.5.7.2994), Kaseya has made password reset mandatory. Those who install the new patch should change their passwords post login to meet new password requirements.All users will be redirected to the System > User Settings > Change Logon page, after installing the patch. There they need to change their password.”

Title: CNA Financial Customers Notified of Data Breach Following a Ransomware Attack
Date Published: July 12, 2021

https://heimdalsecurity.com/blog/cna-financial-customers-notified-of-data-breach-following-a-ransomware-attack/

Excerpt: “The majority of people being informed are employees who have worked or currently work at CNA, contract workers, and their dependents. According to the notification, the company was able to immediately recover the copied information and there was no evidence that the data was viewed, retained, or shared. Therefore, CNA has no reason to suspect that their clients’ information has or will be misused.”

Title: Magecart Hackers Hide Stolen Credit Card Data Into Images and Bogus CSS Files
Date Published: July 12, 2021

https://securityaffairs.co/wordpress/119975/cyber-crime/magecart-hides-data-into-images.html

Excerpt: “Hacker groups under the Magecart umbrella continue to target e-stores to steal payment card data with software skimmers. Security firms have monitored the activities of a dozen groups at least since 2010.  According to a previous report published by RiskIQ and FlashPoint, some groups are more advanced than others, in particular, the gang tracked as Group 4 appears to be very sophisticated. The list of victims of the groups is long and includes several major platforms such as British Airways, Newegg, Ticketmaster, MyPillow and Amerisleep, and Feedify.”

Title: Gaming Industry Plagued by Hackers
Date Published: July 12, 2021

https://cyrextech.medium.com/gaming-industry-plagued-by-hackers-b4685ccf252

Excerpt: “It’s no secret the gaming industry has been hit several times quite recently. Starting with the huge CDPR ransomware attack, then dependency hijack of Halo Waypoint, now we find a much more worrying case in the breach of Apex Legends and Titanfall 2. These attacks aren’t just denying services or damaging reputation. They represent the vulnerabilities that lead to loss of secure and sensitive data. The CDPR breach is one of the biggest examples, with not just source code to every title being leaked. But also personal details and documents of the entire staff.”

Title: Biden Discussed Russian Ransomware Gangs With Putin in a Phone Call
Date Published: July 11, 2021

https://securityaffairs.co/wordpress/119961/cyber-crime/biden-putin-phone-call-ransomware.html

Excerpt: “The President made clear, as I think you could see in the readout, that – he underscored the need for President Putin to take action to disrupt these ransomware groups. While REvil, we know, operates in Russia and other countries around the world, and we don’t have additional or new information suggesting the Russian government directed these attacks, we also know and we also believe that they have a responsibility.” said Jen Psaki, White House press secretary. “They have a responsibility to take action, and as you can see in the readout, the President also made clear that the United States will take any necessary action to defend its people and its critical infrastructure.”

Title: Hackers Accessed Mint Mobile Subscribers’ Data and Ported Some Numbers
Date Published: July 11, 2021

https://securityaffairs.co/wordpress/119954/data-breach/mint-mobile-data-breach.html

Excerpt: “Between June 8, 2021 and June 10, 2021, a very small number of Mint Mobile subscribers’ phone numbers, including yours, were temporarily ported to another carrier without permission,” reads the data breach notification sent by Mint Mobile. “While we immediately took steps to reverse the process and restore your service, an unauthorized individual potentially gained access to some of your information, which may have included your name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number, and subscription features.”

Title: Analyzing the Bitcoin Network: Did You Know That the EU Has the Largest Number of Miners and Peers?
Date Published: July 10, 2021

https://medium.com/asecuritysite-when-bob-met-alice/analysing-the-bitcoin-network-did-you-know-that-the-eu-has-the-largest-number-of-miners-and-peers-4ec49d311837

Excerpt: “An observation here from the researchers is that CN provides three times more mining than peers, which shows the region is more involved in mining than in creating blocks. The researchers outline that there has been a massive change as a previous study showed that the CN region provided 77.6% of mined blocks, while only accounting for 3.9% of the peers. The researchers use their experiments to build a model of the Bitcoin network using the bns framework. They think it is much better in its construction than existing simulators such BlockSim, as it takes into account real-life variations on a geographical level.”

Title: FBI Warns Cryptocurrency Owners, Exchanges of Ongoing Attacks
Date Published: July 9, 2021

https://www.bleepingcomputer.com/news/security/fbi-warns-cryptocurrency-owners-exchanges-of-ongoing-attacks/

Excerpt: “The FBI advises financial organizations that could be targeted in similar attacks to check for mails coming from spoofed email addresses and keep track and monitor recently created accounts. Cryptocurrency owners are also encouraged to enable multi-factor authentication (MFA) on all their cryptocurrency accounts, deny requests to download and use remote access applications, and always contact exchanges and payment companies via official phone numbers and email addresses. The FBI issued another SIM swapping alert in March 2019 after an increase in SIM hijacking incidents with guidance on defending against such attacks.”

Title: Microsoft Office Users Warned on New Malware-Protection Bypass
Date Published: July 9, 2021

https://threatpost.com/microsoft-office-malware-protection-bypass/167652/

Excerpt: “The initial attack vector is inbox-based phishing messages with Word document attachments that contain no malicious code. Thus, it wouldn’t typically trigger an email gateway or client-side antivirus software to block the attack. The macro-obfuscation technique meanwhile leverages both Microsoft Office’s Excel dynamic data exchange (DDE) fields and Windows-based Visual Basic for Applications (VBA) to launch attacks against systems that support legacy XLS formats.”

Title: Solarwinds Patches Critical Serv-U Vulnerability Exploited in the Wild
Date Published: July 12, 2021

https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-serv-u-vulnerability-exploited-in-the-wild/

Excerpt: “SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability that was exploited in the wild by “a single threat actor” in attacks targeting a limited number of customers. The vulnerability (tracked as CVE-2021-35211) impacts Serv-U Managed File Transfer and Serv-U Secure FTP, and it enables remote threat actors to execute arbitrary code with privileges following successful exploitation. The bug found by Microsoft Threat Intelligence Center (MSTIC) and Microsoft Offensive Security Research teams in the latest Serv-U 15.2.3 HF1 released in May 2021 also affects all prior versions.”

Recent Posts

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...

OSN August 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks Date Published: August 26, 2021 https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may...

OSN August 25, 2021

Title: Fake Opensea Support Staff Are Stealing Cryptowallets and NFTS Date Published: August 24, 2021 https://www.bleepingcomputer.com/news/security/fake-opensea-support-staff-are-stealing-cryptowallets-and-nfts/ Excerpt: “When an OpenSea user needs support, they can...

OSN August 24, 2021

Title: A Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health Date Published: August 23, 2021 https://www.thespectrum.com/story/news/2021/08/23/phishing-attack-exposes-information-12-000-patients-st-george/8214230002/ Excerpt: “A healthcare...

OSN August 23, 2021

Title: WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws Date Published: August 22, 2021 https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html Excerpt: “Now according to researchers from Huntress Labs, at least five distinct styles...