OSN July 8, 2021

Fortify Security Team
Jul 8, 2021

Title: Morgan Stanley Reports Data Breach After Vendor Accellion Hack
Date Published:  July 8, 2021

https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/

Excerpt:  “Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor.  Morgan Stanley is a leading global financial services firm providing investment banking, securities, wealth and investment management services worldwide.  The American multinational company’s clients include corporations, governments, institutions, and individuals in more than 41 countries.”

Title: Hacker Deposited $1M in a Popular Cybercrime Marketplace to Buy Zero-day Exploits
Date Published:  July 8, 2021

https://securityaffairs.co/wordpress/119845/cyber-crime/hacker-zero-day.html

Excerpt:  “A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble.  According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012.  The threat actor aims at buying malware with zero detection, The TA is willing to buy the following things with the deposited money zero-day exploits for RCE and LPE, in the latter case the member is offering up to $3 Million.”

Title: Experts Bypassed Microsoft’s Emergency Patch for the PrintNightmare
Date Published:  July 8, 2021

https://securityaffairs.co/wordpress/119839/hacking/printnightmare-patch-bypass.html

Excerpt:  “Yesterday, Microsoft released an out-of-band KB5004945 security update to address the PrintNightmare vulnerability. Unfortunately, the patch is incomplete and still allows remote code execution.  Researchers have demonstrated that it is possible to bypass the emergency patch to achieve remote code execution and local privilege escalation on systems that have installed it.  Shortly after the release of the patch, the popular researcher Matthew Hickey noticed that the fix is incomplete and that threat actors and malware can still locally exploit the vulnerability to gain SYSTEM privileges.”

Title: Wiregrass Electric Cooperative Hit by a Ransomware Attack
Date Published:  July 7, 2021

https://securityaffairs.co/wordpress/119827/cyber-crime/wiregrass-electric-cooperative-attack.html

Excerpt:  “Wiregrass Electric Cooperative, a rural Alabama electric cooperative that serves about 25,000 members, was hit by a ransomware attack.  The cyberattack temporarily blocked the customers’ access to their account information, the cooperative is working to restore the impacted system.  According to the operating chief officer Brad Kimbro, Wiregrass Electric Cooperative did not pay the ransom demanded. Kimbro said that the cooperative did not suffer a data breach and the provision of the electrical service was not impacted. Kimbro also added that the personnel at the utility discovered the security breach on Saturday morning and only one server was impacted.  The cooperative was upgrading its computer systems last week before the attack.”

Title: WildPressure APT Expands Operations Targeting the macOS Platform
Date Published:  July 7, 2021

https://securityaffairs.co/wordpress/119812/apt/wildpressure-apt-macos-malware.html

Excerpt:  “Researchers from Kaspersky have spotted a new malware used by the WildPressure APT group to targets both Windows and macOS systems.  The WildPressure was spotted for the first time in August 2019 when researchers detected a never-before-seen malware, dubbed Milum, that had no similarities with other samples analyzed by the experts.  The Trojan was written in C++ and was employed attacks aimed at organizations from the Middle East. At least some of them are related to industrial sector.  Further investigation led to the discovery of other samples of the same malware that infected systems back in May, 2019.”

Title: Coursera API Vulnerabilities Disclosed by Researchers
Date Published:  July 8, 2021

https://www.zdnet.com/article/coursera-api-vulnerabilities-disclosed-by-researchers/

Excerpt:  “A set of API vulnerabilities in the Coursera platform has been disclosed by researchers.  On Thursday, Checkmarx security researcher Paulo Silva revealed the discovery of multiple security failings in the Coursera online learning platform, which caters to millions of learners, both at home and in the enterprise.  The company collaborates with over 200 universities and companies including Stanford University, Duke University, AWS, Google, Cisco, and IBM. Courses on offer range from degrees in the STEM field to shorter classes in health, the humanities, and languages.”

Title: Cybercrime Costs Organizations Nearly $1.79 Million Per Minute
Date Published:  July 8, 2021

https://www.infosecurity-magazine.com/news/cybercrime-costs-orgs-per-minute/

Excerpt:  “Cybercrime costs organizations an incredible $1.79m every minute, according to RiskIQ’s 2021 Evil Internet Minute Report.  The study, which analyzed the volume of malicious activity on the internet, laid bare the scale and damage of cyber-attacks in the past year, finding that 648 cyber-threats occurred every minute.  The researchers calculated that the average cost of a breach is $7.2 per minute, while the overall predicted cybersecurity spend is $280,060 every minute.  E-commerce has been heavily hit by online payment fraud in the past year, with cyber-criminals taking advantage of the shift to online shopping during the COVID-19 pandemic. While the e-commerce industry saw a record $861.1bn in sales, it lost $38,052 to online payment fraud every minute.  Healthcare, another sector that has faced a surge in cyber-attacks since the start of COVID-19, lost $13 per minute on digital security breaches in the past year.  The report also looked at the impact of different forms of cybercrime. It showed that per minute, there was $3615 lost to cryptocurrency scams, 525,600 records compromised and six organizations victimized by ransomware.”

Title: Kaseya Hacked via Authentication Bypass
Date Published:  July 8, 2021

https://www.darkreading.com/omdia/kaseya-hacked-via-authentication-bypass/a/d-id/1341497

Excerpt:  “The attack is suspected to be the work of REvil (Ransomware Evil; also known as Sodinokibi), a ransomware gang with relative impunity operating out of Russia, where authorities frequently turn a blind eye to such gangs. REvil has demanded $70 million in Bitcoin in return for a universal decryptor that it claims will unlock the files of all victims. It is believed that REvil used an authentication bypass in the Web interface of Kaseya VSA to gain an authenticated session, upload the original payload, and then execute commands via SQL injection.”

Title: The NSA’s ‘New’ Mission: Get More Public With the Private Sector
Date Published:  July 8, 2021

https://www.darkreading.com/edge/theedge/the-nsas-new-mission-get-more-public-with-the-private-sector/b/d-id/1341481

Excerpt:  “The National Security Agency’s gradual emergence from the shadows was “inevitable” in cybersecurity, says Vinnie Liu, co-founder and CEO of offensive security firm Bishop Fox and a former NSA analyst. Now the agency has to figure out how to best work with the private sector, especially organizations outside the well-resourced and seasoned Fortune 100.  NSA’s gradual transformation from a little-known and highly secretive intel agency to one that is making overtures to the private sector, including releasing publicly a detailed technical report on a Russian intel agency’s hacking team’s activities and opening its new Cybersecurity Collaboration Center for working alongside private-sector companies. ”

Title: Ransomware: To Pay or Not to Pay? Legal or Illegal? These Are the Questions
Date Published:  July 8, 2021

https://www.welivesecurity.com/2021/07/08/ransomware-pay-not-pay-legal-illegal-these-are-questions/

Excerpt:  “In simple terms, it may just be, or at least initially seem, more cost effective to pay than not to pay. The current precedent to pay likely dates back to the ethically brave organizations who refused to pay. When WannaCryptor (a.k.a. WannaCry) inflicted its malicious payload on the world in 2017, the United Kingdom’s National Health Service bore a significant hit on its infrastructure. The reasons why they were hit so hard are well documented, as are the costs of rebuilding: an estimated US$120 million. This is without considering the human costs due to the 19,000+ cancelled appointments, including oncology.  In October 2020, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) declared it illegal to pay a ransomware demand in some instances. To clarify, it’s illegal to facilitate the payment to individuals, organizations, regimes and in some instances entire countries that are on the sanctions list. Of significance here is that some cybercrime groups are on the sanctions list.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...