OSN July 2, 2021

Fortify Security Team
Jul 2, 2021
Title: U.S. Insurance Giant AJG Reports Data Breach After Ransomware Attack

Date Published: July 2, 2021


Excerpt: “Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September. “Working with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected, we determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020 and September 26, 2020,” AJG said.”

Title: Israeli Researchers Discover Global Cyberattack in Over 1,300 Locations
Date Published: July 2, 2021


Excerpt: “The attack hit Microsoft’s SMB protocol, where the hackers found a way to access user data and possibly sell the information on the dark web. The estimated value of these exploits is listed at hundreds of dollars. Guardicore, which also develops software for malware protection, used its analysts to to help identify cyberattacks and provide recommendations for protection against them. The company employs over 270 people, with offices in Israel, the United States, Canada, South America, India, Western Europe and Ukraine.”

Title: Babuk Ransomware, if You Hit and Run Do Not Leave a Trace
Date Published: July 2, 2021


Excerpt: “On the Server, we saw a weird directory that we start to check, after the scan we were able to see that the website onion is full with Active Chat sessions. In the active session, we can view all conversations between the Babuk ransomware group and the victims. the sessions basically get you inside the “Chat Conversation Page” with all the History chats. that gives us an inside look into the negotiations process.”

Title: Cybersecurity: Hacker Gets Thousands of Confidential Data on LimeVPN Users
Date Published: July 2, 2021


Excerpt: “The supposed leak has turned into an all-out website breach as slashx has shut down the website himself. LimeVPN has spoken with PrivacySharks and said that there is a Trojan lingering on the website.  The hacker is asking for a $400 bitcoin payment to anyone willing to part with the sensitive information of thousands of users that include usernames, email addresses, passwords, and billing information. The hacker said that he has all the private keys of every LimeVPN user, in which case he can decrypt the user’s traffic without any problems.”

Title: Former Anonymous and Lulzsec Hacker Discusses His Criminal Past and Gives His Top Tips for Avoiding Ransomware
Date Published: July 2, 2021


Excerpt: “Things got a little out of hand. We were 17 and 18 at the time. We didn’t realize the scope of how the real world would respond, until we saw our ridiculous imagery of a man in a top hat sipping wine with a cat flying through space, on the front page of the Wall Street Journal. The headline was ‘Hackers broaden their attacks’. “People started to dress like us, and we were trending on Twitter with boy band One Direction at number two. We realized things have gone too far and we were doomed. And indeed we were”.”

Title: Mongolian Certificate Authority Hacked to Distribute Backdoored CA Software
Date Published: July 2, 2021


Excerpt: “The malicious installer is an unsigned [Portable Executable] file,” the researchers said. “It starts by downloading the legitimate version of the installer from the MonPass official website. This legitimate version is dropped to the ‘C:\Users\Public\’ folder and executed under a new process. This guarantees that the installer behaves as expected, meaning that a regular user is unlikely to notice anything suspicious.”

Title: CISA Offers New Mitigation for PrintNightmare Bug
Date Published: July 2, 2021


Excerpt: “Regarding the latter, the company dropped a notice Thursday for a bug called “Windows Print Spooler Remote Code Execution Vulnerability” that appears to be the same vulnerability, but with a different CVE number—in this case, CVE-2021-34527. The description of the bug sounds like PrintNightmare; indeed, Microsoft acknowledges that it is “an evolving situation. “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” according to the notice. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights”.”

Title: Microsoft Exec Reveals “Routine” Secrecy Orders From Government Investigators
Date Published: July 1, 2021


Excerpt: “In this case, the subpoena, which was issued by a federal grand jury and included a nondisclosure order signed by a federal magistrate judge, provided no information on the nature of the investigation and it would have been virtually impossible for Apple to understand the intent of the desired information without digging through users’ accounts,” said Apple spokesperson Fred Sainz in the statement. “Consistent with the request, Apple limited the information it provided to account subscriber information and did not provide any content such as emails or pictures.”

Title: NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers
Date Published: July 1, 2021


Excerpt: “The threat actor is also tracked under various monikers, including APT28 (FireEye Mandiant), Fancy Bear (CrowdStrike), Sofacy (Kaspersky), STRONTIUM (Microsoft), and Iron Twilight (Secureworks). APT28 has a track record of leveraging password spray and brute-force login attempts to harvest valid credentials that enable future surveillance or intrusion operations. In November 2020, Microsoft disclosed credential harvesting activities staged by the adversary aimed at companies involved in researching vaccines and treatments for COVID-19.”

Title: Spanish Telecom Giant Masmovil Hit by Revil Ransomware Gang
Date Published: July 1, 2021


Excerpt: “Spain’s 4th largest telecom operator MasMovil Ibercom or MasMovil is the latest victim of the infamous REvil ransomware gang (aka Sodinokibi). On its official blog accessible via Tor browser, as seen by Hackread.com, the ransomware operator claims to have “downloaded databases and other important data” belonging to the telecom giant. As proof of its hack, the group has also shared screenshots apparently of the stolen MasMovil data that shows folders named Backup, RESELLERS, PARLEM, and OCU, etc.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...