OSN July 30, 2021

Fortify Security Team
Jul 30, 2021
Title: Doppelpaymer Ransomware Gang Rebrands as the Grief Group

Date Published: July 29, 2021


Excerpt: “After a period of little to no activity, the DoppelPaymer ransomware operation has made a rebranding move, now going by the name Grief (a.k.a. Pay or Grief). It is unclear if any of the original developers are still behind this ransomware-as-a-service (RaaS) but clues uncovered by security researchers point to a continuation of the “project.” DoppelPaymer’s activity started to decline in mid-May, about a week after DarkSide ransomware’s attack on Colonial Pipeline, one of the largest fuel pipeline operators in the U.S.”

Title: CISA Announces Vulnerability Disclosure Policy (VDP) Platform

Date Published: July 30, 2021


Excerpt: “CISA has announced the establishment of its Vulnerability Disclosure Policy (VDP) Platform for the federal civilian enterprise, which will allow the Federal Civilian Executive Branch to coordinate with the civilian security research community in a streamlined fashion. The VDP Platform provides a single, centrally managed website that agencies can leverage as the primary point of entry for intaking, triaging, and routing vulnerabilities disclosed by researchers. It enables researchers and members of the general public to find vulnerabilities in agency websites and submit reports for analysis.”

Title: Chipotle’s Marketing Account Hacked to Send Phishing Emails

Date Published: July 29, 2021


Excerpt: “The campaign sent out in three days at least 120 malicious emails from a hacked Mailgun account used by Chipotle for email marketing purposes [mail[.]chipotle[.]com]. Using a legitimate email address increases the chances of a successful delivery, especially when there are automated security solutions in place that check if email addresses pass the DomainKeys Identified Mail (DKIM) and Sender Policy Framework authentication methods. Almost all malicious emails impersonated Microsoft with the purpose of collecting login information. Email security company Inky says in a blog post today that they caught 105 such emails in this three-day campaign.”

Title: Microsoft Shares Mitigation for Recent Windows Server Printing Issues

Date Published: July 30, 2021


Excerpt: “The affected devices are smart card authenticating printers, scanners, and multifunction devices that don’t support either Diffie-Hellman (DH) for key-exchange during PKINIT Kerberos authentication or don’t advertise support for des-ede3-cbc (“triple DES”) during the Kerberos AS request.” Customers who encounter this issue are advised to first check if they have the latest drivers and firmware installed on impacted devices. If the known issue still appears on up-to-date devices, affected customers should contact the device manufacturer and ask for setting changes or updates to make the printer or scanner compliant with CVE-2021-33764 hardenings deployed via July Windows 10 security updates.”

Title: Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers

Date Published: July 30, 2021


Excerpt: “One year ago, amid a global pandemic, the UK, US, and Canadian governments issued a joint advisory detailing a Russian espionage campaign that targeted COVID-19 vaccine research efforts in their respective countries. They attributed the campaign to Russia’s APT29 (The Dukes, Yttrium, Cozy Bear) and explicitly identified the group as an extension of Russia’s Foreign Intelligence Services (SVR). They attributed the malware used in the campaign, known as WellMess and WellMail, with APT29, for the first time publicly.”

Title: DevSecOps Training – Data Center Attack: The Game

Date Published: July 29, 2021


Excerpt: “What comes first, the application or security? In an ideal world—both. Your greatest applications can be damaged by a single misconfiguration, but on the other hand, cumbersome, rigid security policies can keep you from building and shipping on schedule. That’s where DevSecOps comes into play. You’ve most likely heard about why DevSecOps and collaboration between teams is important. But hearing about why it’s important is different than experiencing it yourself. It’s like hearing your friends rave about a restaurant and you agree that it’s good, even though you’ve never eaten there. How can you decide if you’ve never taken a bite?”

Title: Defeating Malicious Cyber Actors Requires Partnerships

Date Published: July 29, 2021


Excerpt: “As we grapple with this threat — and a lot of it is foreign originated — it’s our collective responsibility to create a counter pressure there,” said Mr. Barnes, NSA’s highest civilian leader. “We have the President’s support in coming up with ways to do that. At the same time we have to prepare our society to actually limit and endure in this type of a situation, making the impacts of this activity less disruptive to us. Collaboration is really what this is all about today.”

Title: Blackmatter and Haron, Two New Ransomware Gangs in the Threat Landscape

Date Published: July 29, 2021


Excerpt: “Avaddon, like other RaaS program have disappeared in June fearing the reaction of the federal authorities to the Colonial Pipeline ransomware attack conducted by DarkSide. The cybercrime group shut down its operations and provided the decryption keys to BleepingComputer website. The group has also shut down its servers and deleted profiles on hacking forums, they also shut down their leak site. “Haron ransomware was first discovered in July 2021. When infected with this ransomware, the extension of the encrypted file is changed to the victim’s name. They are using a ransom note and operating their own leak site similar to Avaddon ransomware.” reads the analysis published by S2W LAB on Medium.”

Title: NSA Shares Guidance on How to Secure Your Wireless Devices

Date Published: July 29, 2021


Excerpt: “Hijacked wireless devices, including laptops, tablets, mobile, and wearable accessories, can lead to the compromise of personal and corporate data, such as credentials and sensitive documents. To mitigate these risks, the NSA recommends avoiding public Wi-Fi networks as they expose traffic data to theft or manipulation, disabling Bluetooth and NFC radios while in public and not in use to avoid exposing info that can be used to hack the device. “Users should consider additional security measures, including limiting/disabling device location features, using strong device passwords, and only using trusted device accessories, such as original charging cords.”

Title: Risks in Telecommunications IT

Date Published: July 29, 2021


Excerpt: “The integration of telecommunications infrastructure for almost all critical verticals has been an ongoing trend, and it will likely continue with the opportunities brought about by 5G and 6G in terms of technologies, capabilities, financials, and attack surfaces. As a result, IT and security teams need to become aware of the evolving risks to IT assets, as well as of the differences in required concepts, equipment, skills, and training to deal with such risks. Ultimately, when choosing tools to improve visibility and security baselining, the new dependencies, network relationships, and vulnerabilities resulting from these new technologies and developments must be taken into consideration.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...