OSN July 2, 2021

Fortify Security Team
Jul 2, 2021
Title: U.S. Insurance Giant AJG Reports Data Breach After Ransomware Attack

Date Published: July 2, 2021


Excerpt: “Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September. “Working with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected, we determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020 and September 26, 2020,” AJG said.”

Title: Israeli Researchers Discover Global Cyberattack in Over 1,300 Locations
Date Published: July 2, 2021


Excerpt: “The attack hit Microsoft’s SMB protocol, where the hackers found a way to access user data and possibly sell the information on the dark web. The estimated value of these exploits is listed at hundreds of dollars. Guardicore, which also develops software for malware protection, used its analysts to to help identify cyberattacks and provide recommendations for protection against them. The company employs over 270 people, with offices in Israel, the United States, Canada, South America, India, Western Europe and Ukraine.”

Title: Babuk Ransomware, if You Hit and Run Do Not Leave a Trace
Date Published: July 2, 2021


Excerpt: “On the Server, we saw a weird directory that we start to check, after the scan we were able to see that the website onion is full with Active Chat sessions. In the active session, we can view all conversations between the Babuk ransomware group and the victims. the sessions basically get you inside the “Chat Conversation Page” with all the History chats. that gives us an inside look into the negotiations process.”

Title: Cybersecurity: Hacker Gets Thousands of Confidential Data on LimeVPN Users
Date Published: July 2, 2021


Excerpt: “The supposed leak has turned into an all-out website breach as slashx has shut down the website himself. LimeVPN has spoken with PrivacySharks and said that there is a Trojan lingering on the website.  The hacker is asking for a $400 bitcoin payment to anyone willing to part with the sensitive information of thousands of users that include usernames, email addresses, passwords, and billing information. The hacker said that he has all the private keys of every LimeVPN user, in which case he can decrypt the user’s traffic without any problems.”

Title: Former Anonymous and Lulzsec Hacker Discusses His Criminal Past and Gives His Top Tips for Avoiding Ransomware
Date Published: July 2, 2021


Excerpt: “Things got a little out of hand. We were 17 and 18 at the time. We didn’t realize the scope of how the real world would respond, until we saw our ridiculous imagery of a man in a top hat sipping wine with a cat flying through space, on the front page of the Wall Street Journal. The headline was ‘Hackers broaden their attacks’. “People started to dress like us, and we were trending on Twitter with boy band One Direction at number two. We realized things have gone too far and we were doomed. And indeed we were”.”

Title: Mongolian Certificate Authority Hacked to Distribute Backdoored CA Software
Date Published: July 2, 2021


Excerpt: “The malicious installer is an unsigned [Portable Executable] file,” the researchers said. “It starts by downloading the legitimate version of the installer from the MonPass official website. This legitimate version is dropped to the ‘C:\Users\Public\’ folder and executed under a new process. This guarantees that the installer behaves as expected, meaning that a regular user is unlikely to notice anything suspicious.”

Title: CISA Offers New Mitigation for PrintNightmare Bug
Date Published: July 2, 2021


Excerpt: “Regarding the latter, the company dropped a notice Thursday for a bug called “Windows Print Spooler Remote Code Execution Vulnerability” that appears to be the same vulnerability, but with a different CVE number—in this case, CVE-2021-34527. The description of the bug sounds like PrintNightmare; indeed, Microsoft acknowledges that it is “an evolving situation. “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” according to the notice. “An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights”.”

Title: Microsoft Exec Reveals “Routine” Secrecy Orders From Government Investigators
Date Published: July 1, 2021


Excerpt: “In this case, the subpoena, which was issued by a federal grand jury and included a nondisclosure order signed by a federal magistrate judge, provided no information on the nature of the investigation and it would have been virtually impossible for Apple to understand the intent of the desired information without digging through users’ accounts,” said Apple spokesperson Fred Sainz in the statement. “Consistent with the request, Apple limited the information it provided to account subscriber information and did not provide any content such as emails or pictures.”

Title: NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers
Date Published: July 1, 2021


Excerpt: “The threat actor is also tracked under various monikers, including APT28 (FireEye Mandiant), Fancy Bear (CrowdStrike), Sofacy (Kaspersky), STRONTIUM (Microsoft), and Iron Twilight (Secureworks). APT28 has a track record of leveraging password spray and brute-force login attempts to harvest valid credentials that enable future surveillance or intrusion operations. In November 2020, Microsoft disclosed credential harvesting activities staged by the adversary aimed at companies involved in researching vaccines and treatments for COVID-19.”

Title: Spanish Telecom Giant Masmovil Hit by Revil Ransomware Gang
Date Published: July 1, 2021


Excerpt: “Spain’s 4th largest telecom operator MasMovil Ibercom or MasMovil is the latest victim of the infamous REvil ransomware gang (aka Sodinokibi). On its official blog accessible via Tor browser, as seen by Hackread.com, the ransomware operator claims to have “downloaded databases and other important data” belonging to the telecom giant. As proof of its hack, the group has also shared screenshots apparently of the stolen MasMovil data that shows folders named Backup, RESELLERS, PARLEM, and OCU, etc.”

Recent Posts

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...

November 16, 2022

Title: North Korean Hackers Target European Orgs With Updated Malware Date Published: November 15, 2022 https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-european-orgs-with-updated-malware/ Excerpt: “North Korean hackers are using a new...

November 15, 2022

Title: China-Based Campaign Uses 42,000 Phishing Domains Date Published: November 15, 2022 https://www.infosecurity-magazine.com/news/chinabased-campaign-42000-phishing/ Excerpt: “Security researchers have uncovered a sophisticated phishing campaign using tens of...

November 14, 2022

Title: Kmsdbot, a New Evasive Bot for Cryptomining Activity and Ddos Attacks Date Published: November 14, 2022 https://securityaffairs.co/wordpress/138514/malware/kmsdbot-golang-malware.html Excerpt: “Researchers spotted a new evasive malware, tracked as KmsdBot, that...

November 14, 2022

Title: Kmsdbot, a New Evasive Bot for Cryptomining Activity and Ddos Attacks Date Published: November 14, 2022 https://securityaffairs.co/wordpress/138514/malware/kmsdbot-golang-malware.html Excerpt: “Researchers spotted a new evasive malware, tracked as KmsdBot, that...

November 10, 2022

Title: New Strelastealer Malware Steals Your Outlook, Thunderbird Accounts Date Published: November 10, 2022 https://www.bleepingcomputer.com/news/security/new-strelastealer-malware-steals-your-outlook-thunderbird-accounts/ Excerpt: “A new information-stealing malware...

November 9, 2022

Title: Microsoft Patch Tuesday Fixes 11 Critical Security Vulnerabilities and Six Zero-Days Being Actively Exploited Date Published: November 9, 2022...