OSN July 16, 2021

Fortify Security Team
Jul 16, 2021

Title: Cryptominer Farm Rigged with 3,800 PS4s Busted in Ukraine

Date Published: July 14, 2021

https://threatpost.com/cryptominer-farm-ps4s-busted-ukraine/167809/

Excerpt: “The cryptomining operation was set up in a warehouse in the city of Vinnytsia, formerly owned by a company called JSC Vinnytsiaoblenerho, which denies any involvement and refutes any electricity was stolen from the location, according to a translated statement from the company. “During the inspection, the representatives of the controlling body did not reveal any facts of theft of electricity,” the company said. “Therefore, the information about the multimillion-dollar theft of electricity is not true. The management of JSC Vinnytsiaoblenergo actively cooperates with the investigation and is interested in establishing all the facts and punishing the perpetrators”.”

Title: Artwork Archive Cloud Storage Misconfiguration Exposed User Data, Revenue Records

Date Published: July 16, 2021

https://www.zdnet.com/article/artwork-archive-cloud-storage-misconfiguration-exposed-user-data-revenue-records/

Excerpt: “The security researchers discovered the bucket, which did not require any authentication to access, on May 23. In total, 421GB of data was exposed. Dating back to August 2015, the records relate to over 7,000 artists, collectors, and galleries, and “potentially their customers, too,” according to WizCase. Data available to view included full names, physical addresses, and email addresses. Purchase details, too, were exposed. WizCase found approximately 9,000 invoices, as shown below, including the price of artwork and sales agreements, alongside revenue reports.”

Title: Google Chrome 91.0.4472.164 Fixes a New Zero-Day Exploited in the Wild

Date Published: July 16, 2021

https://securityaffairs.co/wordpress/120205/security/google-chrome-zero-day-2.html

Excerpt: “Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux that addresses seven vulnerabilities, including a high severity zero-day vulnerability, tracked as CVE-2021-30563, that has been exploited in the wild. The CVE-2021-30563 is a “type confusion” issue that affects the V8 JavaScript and WebAssembly engine. “Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild,” reads Google’s announcement.”

Title: Chinese APT Luminousmoth Abuses Zoom Brand to Target Gov’t Agencies

Date Published: July 16, 2021

https://www.zdnet.com/article/chinese-apt-luminousmoth-abuses-zoom-brand-to-target-govt-agencies/

Excerpt: “The APT begins by sending spear phishing emails that contain Dropbox download links to a .RAR archive, named with political or COVID-19 themes. This file contains two malicious .DLL files which are able to then pull and deploy malicious executables on an infected system. Once this stage of infection has been completed, LuminousMoth will download a Cobalt Strike beacon and side-load two malicious libraries designed to establish persistence and to copy the malware onto any removable storage drives connected to a victim system.”

Title: Microsoft: Israeli Firm Used Windows Zero-Days to Deploy Spyware

Date Published: July 15, 2021

https://www.bleepingcomputer.com/news/security/microsoft-israeli-firm-used-windows-zero-days-to-deploy-spyware/

Excerpt: “Attackers delivered the DevilsTongue malware to victims’ computers using an exploit chain that abused vulnerabilities in several popular browsers and the Windows operating system. DevilsTongue allows its operators to collect and steal victims’ files, decrypt and steal Signal messages on Windows devices, and steal cookies and saved passwords from LSASS and Chrome, Internet Explorer, Firefox, Safari, and Opera web browsers. It can also use cookies stored on the victim’s computer for websites like Facebook, Twitter, Gmail, Yahoo, Mail.ru, Odnoklassniki, and Vkontakte to harvest sensitive information, read its victims’ messages, and exfiltrate photos.”

Title: Windows Print Spooler Hit With Local Privilege Escalation Vulnerability

Date Published: July 16, 2021

https://www.zdnet.com/article/windows-print-spooler-hit-with-local-privilege-escalation-vulnerability/

Excerpt: “An attacker must have the ability to execute code on a victim system to exploit this vulnerability. “The workaround for this vulnerability is stopping and disabling the Print Spooler service.” Microsoft rates the exploitability of the vulnerability as “more likely”. “Microsoft analysis has shown that exploit code could be created in such a way that an attacker could consistently exploit this vulnerability. Moreover, Microsoft is aware of past instances of this type of vulnerability being exploited. This would make it an attractive target for attackers, and therefore more likely that exploits could be created”.”

Title: Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE

Date Published: July 15, 2021

https://www.darkreading.com/attacks-breaches/attackers-exploited-4-zero-day-flaws-in-chrome-safari-and-ie/d/d-id/1341542

Excerpt: “Yaniv Bar-Dayan, CEO and co-founder at Vulcan Cyber, says zero-day attacks are increasing simply because they offer the path of least resistance for threat actors. “As IT security teams get better at protecting business from threat actors who exploit known vulnerabilities, these same actors are moving to sneak attack, or engineered, methods of hacking businesses,” he says. “We are witnessing the economics of cybersecurity at play.”

Title: U.S Govt Launches New Website to Fight Ransomware, Help Victims

Date Published: July 15, 2021

https://www.hackread.com/us-govt-new-website-ransomware-help-victims/

Excerpt: “With the recent wave of ransomware attacks deeply impacting businesses across the United States, Washington has decided to take direct action. In the latest, it has announced rewards that go up to $10 million for people who provide information about foreign state-sponsored cyberattacks against the United States. Not only this, but it has also launched a new website named StopRansomware.gov which will help both the private sector and the government fight against cyberattacks. The project has been underway in collaboration with different federal agencies such as the Department of Justice (DOJ) and Homeland Security.”

Title: Another Mercenary Spyware Vendor Comes into Focus

Date Published: July 15, 2021

https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/

Excerpt: “Like many of its peers, Candiru appears to license its spyware by number of concurrent infections, which reflects the number of targets that can be under active surveillance at any one instant in time. Like NSO Group, Candiru also appears to restrict the customer to a set of approved countries. The €16 million project proposal allows for an unlimited number of spyware infection attempts, but the monitoring of only 10 devices simultaneously. For an additional €1.5M, the customer can purchase the ability to monitor 15 additional devices simultaneously, and to infect devices in a single additional country. For an additional €5.5M, the customer can monitor 25 additional devices simultaneously, and conduct espionage in five more countries.”

Title: D-Box Technologies Hit by Ransomware That Affected Most of Its Systems

Date Published: July 16, 2021

https://www.databreaches.net/d-box-technologies-hit-by-ransomware-that-affected-most-of-its-systems/

Excerpt: “D-BOX redefines and creates realistic, immersive and haptic entertainment experiences by providing whole-body feedback and stimulating the imagination through movement. Haptics essentially allows for sensations that would be perceived if the body were to interact directly with physical objects. This expertise explains why D-BOX has collaborated with some of the world’s best companies to tell captivating stories. Whether it be movies, video games, virtual reality applications, themed entertainment or professional simulators, D-BOX’s mission is to make the world live and vibrate like never before. D-BOX Technologies Inc. (TSX: DBO) is headquartered in Montreal, Canada with offices in Los Angeles, USA and Beijing, China. D-BOX[.]com.”

Recent Posts

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...

OSN August 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks Date Published: August 26, 2021 https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may...

OSN August 25, 2021

Title: Fake Opensea Support Staff Are Stealing Cryptowallets and NFTS Date Published: August 24, 2021 https://www.bleepingcomputer.com/news/security/fake-opensea-support-staff-are-stealing-cryptowallets-and-nfts/ Excerpt: “When an OpenSea user needs support, they can...

OSN August 24, 2021

Title: A Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health Date Published: August 23, 2021 https://www.thespectrum.com/story/news/2021/08/23/phishing-attack-exposes-information-12-000-patients-st-george/8214230002/ Excerpt: “A healthcare...

OSN August 23, 2021

Title: WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws Date Published: August 22, 2021 https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html Excerpt: “Now according to researchers from Huntress Labs, at least five distinct styles...