OSN July 12, 2021

Fortify Security Team
Jul 12, 2021

Title: Kaseya Rolled out a Patch for VSA Supply-Chain Attack
Date Published: July 12, 2021


Excerpt: “The company has published the readiness guide and best practice guide for the customers to read before they proceed with patching the VSA Supply-Chain Attack. In the recently released patch VSA version 9.5.7a (, Kaseya has made password reset mandatory. Those who install the new patch should change their passwords post login to meet new password requirements.All users will be redirected to the System > User Settings > Change Logon page, after installing the patch. There they need to change their password.”

Title: CNA Financial Customers Notified of Data Breach Following a Ransomware Attack
Date Published: July 12, 2021


Excerpt: “The majority of people being informed are employees who have worked or currently work at CNA, contract workers, and their dependents. According to the notification, the company was able to immediately recover the copied information and there was no evidence that the data was viewed, retained, or shared. Therefore, CNA has no reason to suspect that their clients’ information has or will be misused.”

Title: Magecart Hackers Hide Stolen Credit Card Data Into Images and Bogus CSS Files
Date Published: July 12, 2021


Excerpt: “Hacker groups under the Magecart umbrella continue to target e-stores to steal payment card data with software skimmers. Security firms have monitored the activities of a dozen groups at least since 2010.  According to a previous report published by RiskIQ and FlashPoint, some groups are more advanced than others, in particular, the gang tracked as Group 4 appears to be very sophisticated. The list of victims of the groups is long and includes several major platforms such as British Airways, Newegg, Ticketmaster, MyPillow and Amerisleep, and Feedify.”

Title: Gaming Industry Plagued by Hackers
Date Published: July 12, 2021


Excerpt: “It’s no secret the gaming industry has been hit several times quite recently. Starting with the huge CDPR ransomware attack, then dependency hijack of Halo Waypoint, now we find a much more worrying case in the breach of Apex Legends and Titanfall 2. These attacks aren’t just denying services or damaging reputation. They represent the vulnerabilities that lead to loss of secure and sensitive data. The CDPR breach is one of the biggest examples, with not just source code to every title being leaked. But also personal details and documents of the entire staff.”

Title: Biden Discussed Russian Ransomware Gangs With Putin in a Phone Call
Date Published: July 11, 2021


Excerpt: “The President made clear, as I think you could see in the readout, that – he underscored the need for President Putin to take action to disrupt these ransomware groups. While REvil, we know, operates in Russia and other countries around the world, and we don’t have additional or new information suggesting the Russian government directed these attacks, we also know and we also believe that they have a responsibility.” said Jen Psaki, White House press secretary. “They have a responsibility to take action, and as you can see in the readout, the President also made clear that the United States will take any necessary action to defend its people and its critical infrastructure.”

Title: Hackers Accessed Mint Mobile Subscribers’ Data and Ported Some Numbers
Date Published: July 11, 2021


Excerpt: “Between June 8, 2021 and June 10, 2021, a very small number of Mint Mobile subscribers’ phone numbers, including yours, were temporarily ported to another carrier without permission,” reads the data breach notification sent by Mint Mobile. “While we immediately took steps to reverse the process and restore your service, an unauthorized individual potentially gained access to some of your information, which may have included your name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number, and subscription features.”

Title: Analyzing the Bitcoin Network: Did You Know That the EU Has the Largest Number of Miners and Peers?
Date Published: July 10, 2021


Excerpt: “An observation here from the researchers is that CN provides three times more mining than peers, which shows the region is more involved in mining than in creating blocks. The researchers outline that there has been a massive change as a previous study showed that the CN region provided 77.6% of mined blocks, while only accounting for 3.9% of the peers. The researchers use their experiments to build a model of the Bitcoin network using the bns framework. They think it is much better in its construction than existing simulators such BlockSim, as it takes into account real-life variations on a geographical level.”

Title: FBI Warns Cryptocurrency Owners, Exchanges of Ongoing Attacks
Date Published: July 9, 2021


Excerpt: “The FBI advises financial organizations that could be targeted in similar attacks to check for mails coming from spoofed email addresses and keep track and monitor recently created accounts. Cryptocurrency owners are also encouraged to enable multi-factor authentication (MFA) on all their cryptocurrency accounts, deny requests to download and use remote access applications, and always contact exchanges and payment companies via official phone numbers and email addresses. The FBI issued another SIM swapping alert in March 2019 after an increase in SIM hijacking incidents with guidance on defending against such attacks.”

Title: Microsoft Office Users Warned on New Malware-Protection Bypass
Date Published: July 9, 2021


Excerpt: “The initial attack vector is inbox-based phishing messages with Word document attachments that contain no malicious code. Thus, it wouldn’t typically trigger an email gateway or client-side antivirus software to block the attack. The macro-obfuscation technique meanwhile leverages both Microsoft Office’s Excel dynamic data exchange (DDE) fields and Windows-based Visual Basic for Applications (VBA) to launch attacks against systems that support legacy XLS formats.”

Title: Solarwinds Patches Critical Serv-U Vulnerability Exploited in the Wild
Date Published: July 12, 2021


Excerpt: “SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability that was exploited in the wild by “a single threat actor” in attacks targeting a limited number of customers. The vulnerability (tracked as CVE-2021-35211) impacts Serv-U Managed File Transfer and Serv-U Secure FTP, and it enables remote threat actors to execute arbitrary code with privileges following successful exploitation. The bug found by Microsoft Threat Intelligence Center (MSTIC) and Microsoft Offensive Security Research teams in the latest Serv-U 15.2.3 HF1 released in May 2021 also affects all prior versions.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...