OSN July 9, 2021

Fortify Security Team
Jul 9, 2021
Title: Insurance Giant CNA Reports Data Breach after Ransomware Attack

Date Published:  July 9, 2021

https://www.bleepingcomputer.com/news/security/insurance-giant-cna-reports-data-breach-after-ransomware-attack/

Excerpt:  “CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March.  CNA is considered the seventh-largest commercial insurance firm in the US based on stats from the Insurance Information Institute.  The company provides an extensive array of insurance products, including cyber insurance policies, to individuals and businesses across the US, Canada, Europe, and Asia.”

Title: Kaseya Warns of Phishing Campaign Pushing Fake Security Updates
Date Published:  July 9, 2021

https://www.bleepingcomputer.com/news/security/kaseya-warns-of-phishing-campaign-pushing-fake-security-updates/

Excerpt:  “Kaseya has warned customers that an ongoing phishing campaign attempts to breach their networks by spamming emails bundling malicious attachments and embedded links posing as legitimate VSA security updates.  “Spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments,” the company said in an alert issued on Thursday evening.  “Do not click on any links or download any attachments claiming to be a Kaseya advisory. Moving forward, Kaseya email updates will not contain any links or attachments.””

Title: Microsoft: PrintNightmare Security Updates Work, Start Patching!
Date Published:  July 9, 2021

https://www.bleepingcomputer.com/news/security/microsoft-printnightmare-security-updates-work-start-patching/

Excerpt:  “Microsoft says the emergency security updates released at the start of the week correctly patch the PrintNightmare Print Spooler vulnerability for all supported Windows versions and urges users to start applying the updates as soon as possible.  This clarified guidance comes after security researchers tagged the patches as incomplete after finding that the OOB security updates could be bypassed in specific scenarios.  “Our investigation has shown that the OOB security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare,” the Microsoft Security Response Center explains.”

Title: Hackers Use a New Technique in Malspam Attacks to Disable Macro Security Warnings in Weaponized Docs
Date Published:  July 9, 2021

https://securityaffairs.co/wordpress/119902/hacking/malspam-new-evasion-technique-macro.html

Excerpt:  “Most of the malspam campaigns leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients into enabling the macros.  Now experts from McAfee Labs warn of a novel technique used by threat actors that are using non-malicious documents to disable security warnings prior to executing macro code on the recipient’s PC.  Hackers downloads and executes malicious DLLs (ZLoader) without any malicious code present in the initial spammed attachment macro.  Zloader has been active at least since 2016, it borrows some functions from the notorious Zeus 2.0.8.9 banking Trojan and was used to spread Zeus-like banking trojan (i.e. Zeus OpenSSL).”

Title: Cisco fixes High Severity Issue in BPA and WSA
Date Published:  July 9, 2021

https://securityaffairs.co/wordpress/119877/breaking-news/cisco-fixes-high-severity-issue-in-bpa-and-wsa.html

Excerpt:  “Cisco released security patches for high severity vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks.  The IT giant fixed two flaws (CVE-2021-1574, CVE-2021-1576) in Business Process Automation (BPA), an authenticated attacker could remotely exploit them to elevate their privileges to Administrator. Both issues resides in the web-based management interface of Business Process Automation (BPA), they received a CVSS score of 8.8.  “Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator.” reads the advisory published by the company. “These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions with the privileges of an administrator, or by retrieving sensitive data from the logs and using it to impersonate a legitimate privileged user. A successful exploit could allow the attacker to elevate privileges to Administrator.“”

Title: Texas Resident Jailed for Role in $2.2 Million Romance, Business Email Scams
Date Published:  July 9, 2021

https://www.zdnet.com/article/texas-resident-jailed-for-2-2-million-romance-business-email-scams/

Excerpt:  “A resident of Houston, Texas, has been sentenced to over seven years in jail for his role in romance and business scams that netted over $2.2 million in illicit proceeds.  Akhabue Ehis Onoimoimilin, otherwise known as David Harrison, stood before US District Judge Robert Pitman this week and was sentenced to 87 months in prison and ordered to pay back just over $865,000 in restitution.  According to the US Department of Justice (DoJ), the 29-year-old has been embroiled in romance and Business Email Compromise (BEC) scams since approximately 2015.  Romance scams will often begin with the creation of fake profiles on social media and dating apps. Predators will target individuals and will try to establish trust with their victim, who believes they are a potential romantic partner. ”

Title: Ransomware: Banning Victims from Paying Ransoms Might Reduce Attacks, But it Won’t Stop Them
Date Published:  July 9, 2021

https://www.zdnet.com/article/ransomware-banning-victims-from-paying-ransoms-might-reduce-attacks-but-it-wont-stop-them/

Excerpt:  “Ransomware is very profitable. The reason why cyber criminals continue to hack into corporate networks, encrypting files and servers, is that enough victims will pay the ransom – usually in Bitcoin or another cryptocurrency – to make it worth their while.  Some of those ransoms can be enormous; recent weeks have seen one company pay $5 million to restore the network after falling victim to Darkside ransomware, while another hit by a REvil ransomware attack paid $11 million for the decryption key.  REvil ransomware was also used in a massive ransomware attack, which saw management software company Kaseya hacked, affecting 1,500 companies around the world.”

Title: Lazarus Gang Targets Engineers with Job Offers Using Poisoned Emails
Date Published:  July 8, 2021

https://www.tripwire.com/state-of-security/security-data-protection/lazarus-gang-targets-engineers-with-job-offers-using-poisoned-emails/

Excerpt:  “Security researchers at AT&T Alien Labs report that a notorious hacking group has been targeting engineers working in the defense industry.  In recent months there have been a series of reports of malicious emails that use the disguise of a job offer to target defense contractors in the United States and Europe.  Attached to the emails are Word documents containing macros that plant malicious code onto a victim’s computer, and make changes to the targeted computer’s settings in an attempt to avoid detection.  According to security researchers, the attacks carry the hallmarks of being the work of the notorious Lazarus Group, a North Korean-linked hacking gang that has been blamed for the 2014 attack on Sony Pictures, and the theft of $81 million from the Bank of Bangladesh in 2016, amongst other attacks.”

Title: Year-long Spear-phishing Campaign Targets Global Energy Industry
Date Published:  July 8, 2021

https://www.scmagazine.com/home/security-news/phishing/year-long-spear-phishing-campaign-targets-global-energy-industry/

Excerpt:  “An unknown group has been conducting a year-long spear-phishing campaign against energy companies and other industries around the world.  The campaign has been happening for at least a year and targets companies and employees in the gas and oil, energy, information technology, media and electronics industries around the world, according to new research from Intezer, though many of the affected businesses are located in South Korea. The spear-phish emails leverage both typosquatting and spoofing to make the incoming emails look like they’re coming from established companies. They also reference executives from the company by name and include legitimate business addresses and company logos.  Many of the spear-phishing emails demonstrate how the threat actor appears to have done their homework, filled with procurement language jargon, referencing real ongoing projects the impersonated company is working on and inviting the target to bid for a portion of the work by clicking on an attachment.”

Title: Proposed Law Seeks to Boost Federal Cyber Workforce Through Apprenticeships, Training
Date Published:  July 8, 2021

https://www.scmagazine.com/home/government/proposed-law-seeks-to-boost-federal-cyber-workforce-through-apprenticeships-training/

Excerpt:  “Infosec training and apprenticeship experts are applauding a recently proposed bipartisan legislation that, if signed into law, would bolster the federal cyber workforce through an apprenticeship program at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and a pilot training program administered by the Department of Veterans Affairs.  That said, one pundit said the deadlines this law would allot to the agencies are too generous to generate the near-term workforce reinforcements that are so desperately needed. And cyber experts, while on board with the concept, said success or failure depends on the structure of the program.”

Recent Posts

OSN August 12, 2021

Title: Accenture Confirms Hack After LockBit Ransomware Data Leak Threats Date Published:  August 12, 2021 https://www.bleepingcomputer.com/news/security/accenture-confirms-hack-after-lockbit-ransomware-data-leak-threats/ Excerpt:  “Accenture, a global IT consultancy...

OSN July 15, 2021

Title: Microsoft: Update Windows Server 2012 Before Extended Support Ends Date Published: July 15, 2021 https://www.bleepingcomputer.com/news/microsoft/microsoft-update-windows-server-2012-before-extended-support-ends/ Excerpt: “The company says Windows Server and SQL...

OSN July 6, 2021

Title: REvil Ransomware Asks $70 Million to Decrypt all Kaseya Attack Victims Date Published:  July 5, 2021 https://www.bleepingcomputer.com/news/security/revil-ransomware-asks-70-million-to-decrypt-all-kaseya-attack-victims/ Excerpt:  “REvil ransomware has set a...

OSN June 14, 2021

Title: REvil Hits US Nuclear Weapons Contractor: Report Date Published: June 11, 2021 https://threatpost.com/revil-hits-us-nuclear-weapons-contractor-sol-oriens/166858/ Excerpt: "Whether REvil – or whichever gang proves to be responsible for the attack – got its hands...

Fortify 24×7 Named to Top 100 Vertical Market MSPs: 2021 Edition

BEGIN PRESS RELEASE: Fortify 24x7 Named to ChannelE2E Top 100 Vertical Market MSPs: 2021 Edition Sixth-Annual List Reveals Leading MSPs In Healthcare, Legal, Government, Financial Services & More May 26, 2021, Point Robets, WA: For the third year in a row, Fortify...

Beers & Bytes Recognized as a Top Industry Podcast

Beers & Bytes was recently named the Gold Winner for Best Cybersecurity Podcast among North American-based companies with between 10 and 49 employees. The honor was conveyed by the highly-coveted Cybersecurity Excellence Awards program. The recognition comes as...

Fortify 24×7 Named To MSSP Top 250 MSSPs List For 2020

Fourth-Annual List Honors Leading MSSP, MDR, and SOCaaS Cybersecurity Companies Worldwide September 28, 2020, Point Roberts, WA: MSSP Alert, published by After Nines Inc., has named Fortify 24x7 to the Top 250 MSSPs list for 2020 (https://www.msspalert.com/top250)....