OSN July 2, 2021

Fortify Security Team
Jul 2, 2021
Title: U.S. Insurance Giant AJG Reports Data Breach After Ransomware Attack

Date Published: July 2, 2021


Excerpt: “Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September. “Working with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected, we determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020 and September 26, 2020,” AJG said.”

Title: Israeli Researchers Discover Global Cyberattack in Over 1,300 Locations
Date Published: July 2, 2021


Excerpt: “The attack hit Microsoft’s SMB protocol, where the hackers found a way to access user data and possibly sell the information on the dark web. The estimated value of these exploits is listed at hundreds of dollars. Guardicore, which also develops software for malware protection, used its analysts to to help identify cyberattacks and provide recommendations for protection against them. The company employs over 270 people, with offices in Israel, the United States, Canada, South America, India, Western Europe and Ukraine.”

Title: Babuk Ransomware, if You Hit and Run Do Not Leave a Trace
Date Published: July 2, 2021


Excerpt: “On the Server, we saw a weird directory that we start to check, after the scan we were able to see that the website onion is full with Active Chat sessions. In the active session, we can view all conversations between the Babuk ransomware group and the victims. the sessions basically get you inside the “Chat Conversation Page” with all the History chats. that gives us an inside look into the negotiations process.”

Title: Cybersecurity: Hacker Gets Thousands of Confidential Data on LimeVPN Users
Date Published: July 2, 2021


Excerpt: “The supposed leak has turned into an all-out website breach as slashx has shut down the website himself. LimeVPN has spoken with PrivacySharks and said that there is a Trojan lingering on the website.  The hacker is asking for a $400 bitcoin payment to anyone willing to part with the sensitive information of thousands of users that include usernames, email addresses, passwords, and billing information. The hacker said that he has all the private keys of every LimeVPN user, in which case he can decrypt the user’s traffic without any problems.”

Title: Former Anonymous and Lulzsec Hacker Discusses His Criminal Past and Gives His Top Tips for Avoiding Ransomware
Date Published: July 2, 2021


Excerpt: “Things got a little out of hand. We were 17 and 18 at the time. We didn’t realize the scope of how the real world would respond, until we saw our ridiculous imagery of a man in a top hat sipping wine with a cat flying through space, on the front page of the Wall Street Journal. The headline was ‘Hackers broaden their attacks’. “People started to dress like us, and we were trending on Twitter with boy band One Direction at number two. We realized things have gone too far and we were doomed. And indeed we were”.”

Title: Mongolian Certificate Authority Hacked to Distribute Backdoored CA Software
Date Published: July 2, 2021


Excerpt: “The malicious installer is an unsigned [Portable Executable] file,” the researchers said. “It starts by downloading the legitimate version of the installer from the MonPass official website. This legitimate version is dropped to the ‘C:\Users\Public\’ folder and executed under a new process. This guarantees that the installer behaves as expected, meaning that a regular user is unlikely to notice anything suspicious.”

Title: CISA Offers New Mitigation for PrintNightmare Bug
Date Published: July 2, 2021


Excerpt: “Regarding the latter, the company dropped a notice Thursday for a bug called “Windows Print Spooler Remote Code Execution Vulnerability” that appears to be the same vulnerability, but with a different CVE number—in this case, CVE-2021-34527. The description of the bug sounds like PrintNightmare; indeed, Microsoft acknowledges that it is “an evolving situation. “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” according to the notice. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights”.”

Title: Microsoft Exec Reveals “Routine” Secrecy Orders From Government Investigators
Date Published: July 1, 2021


Excerpt: “In this case, the subpoena, which was issued by a federal grand jury and included a nondisclosure order signed by a federal magistrate judge, provided no information on the nature of the investigation and it would have been virtually impossible for Apple to understand the intent of the desired information without digging through users’ accounts,” said Apple spokesperson Fred Sainz in the statement. “Consistent with the request, Apple limited the information it provided to account subscriber information and did not provide any content such as emails or pictures.”

Title: NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers
Date Published: July 1, 2021


Excerpt: “The threat actor is also tracked under various monikers, including APT28 (FireEye Mandiant), Fancy Bear (CrowdStrike), Sofacy (Kaspersky), STRONTIUM (Microsoft), and Iron Twilight (Secureworks). APT28 has a track record of leveraging password spray and brute-force login attempts to harvest valid credentials that enable future surveillance or intrusion operations. In November 2020, Microsoft disclosed credential harvesting activities staged by the adversary aimed at companies involved in researching vaccines and treatments for COVID-19.”

Title: Spanish Telecom Giant Masmovil Hit by Revil Ransomware Gang
Date Published: July 1, 2021


Excerpt: “Spain’s 4th largest telecom operator MasMovil Ibercom or MasMovil is the latest victim of the infamous REvil ransomware gang (aka Sodinokibi). On its official blog accessible via Tor browser, as seen by Hackread.com, the ransomware operator claims to have “downloaded databases and other important data” belonging to the telecom giant. As proof of its hack, the group has also shared screenshots apparently of the stolen MasMovil data that shows folders named Backup, RESELLERS, PARLEM, and OCU, etc.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...