OSN July 16, 2021

Fortify Security Team
Jul 16, 2021

Title: Cryptominer Farm Rigged with 3,800 PS4s Busted in Ukraine

Date Published: July 14, 2021

https://threatpost.com/cryptominer-farm-ps4s-busted-ukraine/167809/

Excerpt: “The cryptomining operation was set up in a warehouse in the city of Vinnytsia, formerly owned by a company called JSC Vinnytsiaoblenerho, which denies any involvement and refutes any electricity was stolen from the location, according to a translated statement from the company. “During the inspection, the representatives of the controlling body did not reveal any facts of theft of electricity,” the company said. “Therefore, the information about the multimillion-dollar theft of electricity is not true. The management of JSC Vinnytsiaoblenergo actively cooperates with the investigation and is interested in establishing all the facts and punishing the perpetrators”.”

Title: Artwork Archive Cloud Storage Misconfiguration Exposed User Data, Revenue Records

Date Published: July 16, 2021

https://www.zdnet.com/article/artwork-archive-cloud-storage-misconfiguration-exposed-user-data-revenue-records/

Excerpt: “The security researchers discovered the bucket, which did not require any authentication to access, on May 23. In total, 421GB of data was exposed. Dating back to August 2015, the records relate to over 7,000 artists, collectors, and galleries, and “potentially their customers, too,” according to WizCase. Data available to view included full names, physical addresses, and email addresses. Purchase details, too, were exposed. WizCase found approximately 9,000 invoices, as shown below, including the price of artwork and sales agreements, alongside revenue reports.”

Title: Google Chrome 91.0.4472.164 Fixes a New Zero-Day Exploited in the Wild

Date Published: July 16, 2021

https://securityaffairs.co/wordpress/120205/security/google-chrome-zero-day-2.html

Excerpt: “Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux that addresses seven vulnerabilities, including a high severity zero-day vulnerability, tracked as CVE-2021-30563, that has been exploited in the wild. The CVE-2021-30563 is a “type confusion” issue that affects the V8 JavaScript and WebAssembly engine. “Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild,” reads Google’s announcement.”

Title: Chinese APT Luminousmoth Abuses Zoom Brand to Target Gov’t Agencies

Date Published: July 16, 2021

https://www.zdnet.com/article/chinese-apt-luminousmoth-abuses-zoom-brand-to-target-govt-agencies/

Excerpt: “The APT begins by sending spear phishing emails that contain Dropbox download links to a .RAR archive, named with political or COVID-19 themes. This file contains two malicious .DLL files which are able to then pull and deploy malicious executables on an infected system. Once this stage of infection has been completed, LuminousMoth will download a Cobalt Strike beacon and side-load two malicious libraries designed to establish persistence and to copy the malware onto any removable storage drives connected to a victim system.”

Title: Microsoft: Israeli Firm Used Windows Zero-Days to Deploy Spyware

Date Published: July 15, 2021

https://www.bleepingcomputer.com/news/security/microsoft-israeli-firm-used-windows-zero-days-to-deploy-spyware/

Excerpt: “Attackers delivered the DevilsTongue malware to victims’ computers using an exploit chain that abused vulnerabilities in several popular browsers and the Windows operating system. DevilsTongue allows its operators to collect and steal victims’ files, decrypt and steal Signal messages on Windows devices, and steal cookies and saved passwords from LSASS and Chrome, Internet Explorer, Firefox, Safari, and Opera web browsers. It can also use cookies stored on the victim’s computer for websites like Facebook, Twitter, Gmail, Yahoo, Mail.ru, Odnoklassniki, and Vkontakte to harvest sensitive information, read its victims’ messages, and exfiltrate photos.”

Title: Windows Print Spooler Hit With Local Privilege Escalation Vulnerability

Date Published: July 16, 2021

https://www.zdnet.com/article/windows-print-spooler-hit-with-local-privilege-escalation-vulnerability/

Excerpt: “An attacker must have the ability to execute code on a victim system to exploit this vulnerability. “The workaround for this vulnerability is stopping and disabling the Print Spooler service.” Microsoft rates the exploitability of the vulnerability as “more likely”. “Microsoft analysis has shown that exploit code could be created in such a way that an attacker could consistently exploit this vulnerability. Moreover, Microsoft is aware of past instances of this type of vulnerability being exploited. This would make it an attractive target for attackers, and therefore more likely that exploits could be created”.”

Title: Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE

Date Published: July 15, 2021

https://www.darkreading.com/attacks-breaches/attackers-exploited-4-zero-day-flaws-in-chrome-safari-and-ie/d/d-id/1341542

Excerpt: “Yaniv Bar-Dayan, CEO and co-founder at Vulcan Cyber, says zero-day attacks are increasing simply because they offer the path of least resistance for threat actors. “As IT security teams get better at protecting business from threat actors who exploit known vulnerabilities, these same actors are moving to sneak attack, or engineered, methods of hacking businesses,” he says. “We are witnessing the economics of cybersecurity at play.”

Title: U.S Govt Launches New Website to Fight Ransomware, Help Victims

Date Published: July 15, 2021

https://www.hackread.com/us-govt-new-website-ransomware-help-victims/

Excerpt: “With the recent wave of ransomware attacks deeply impacting businesses across the United States, Washington has decided to take direct action. In the latest, it has announced rewards that go up to $10 million for people who provide information about foreign state-sponsored cyberattacks against the United States. Not only this, but it has also launched a new website named StopRansomware.gov which will help both the private sector and the government fight against cyberattacks. The project has been underway in collaboration with different federal agencies such as the Department of Justice (DOJ) and Homeland Security.”

Title: Another Mercenary Spyware Vendor Comes into Focus

Date Published: July 15, 2021

https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/

Excerpt: “Like many of its peers, Candiru appears to license its spyware by number of concurrent infections, which reflects the number of targets that can be under active surveillance at any one instant in time. Like NSO Group, Candiru also appears to restrict the customer to a set of approved countries. The €16 million project proposal allows for an unlimited number of spyware infection attempts, but the monitoring of only 10 devices simultaneously. For an additional €1.5M, the customer can purchase the ability to monitor 15 additional devices simultaneously, and to infect devices in a single additional country. For an additional €5.5M, the customer can monitor 25 additional devices simultaneously, and conduct espionage in five more countries.”

Title: D-Box Technologies Hit by Ransomware That Affected Most of Its Systems

Date Published: July 16, 2021

https://www.databreaches.net/d-box-technologies-hit-by-ransomware-that-affected-most-of-its-systems/

Excerpt: “D-BOX redefines and creates realistic, immersive and haptic entertainment experiences by providing whole-body feedback and stimulating the imagination through movement. Haptics essentially allows for sensations that would be perceived if the body were to interact directly with physical objects. This expertise explains why D-BOX has collaborated with some of the world’s best companies to tell captivating stories. Whether it be movies, video games, virtual reality applications, themed entertainment or professional simulators, D-BOX’s mission is to make the world live and vibrate like never before. D-BOX Technologies Inc. (TSX: DBO) is headquartered in Montreal, Canada with offices in Los Angeles, USA and Beijing, China. D-BOX[.]com.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...