OSN August 11, 2021

Fortify Security Team
Aug 11, 2021

Title: New AdLoad Malware Variant Slips Through Apple’s XProtect Defenses

Date Published:  August 11, 2021


Excerpt:  “A new AdLoad malware variant is slipping through Apple’s YARA signature-based XProtect built-in antivirus tech to infect Macs as part of multiple campaigns tracked by SentinelOne security researchers.  AdLoad is a widespread trojan targeting the macOS platform since at least since late 2017 and used to deploy various malicious payloads, including adware and Potentially Unwanted Applications (PUAs), This malware can also harvest system information that later gets sent to remote servers controlled by its operators.”

Title: Kaseya’s Universal REvil Decryption Key Leaked on a Hacking Forum

Date Published:  August 11, 2021


Excerpt:  “The universal decryption key for REvil’s attack on Kaseya’s customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key.  On July 2nd, the REvil ransomware gang launched a massive attack on managed service providers worldwide by exploiting a zero-day vulnerability in the Kaseya VSA remote management application.  This attack encrypted approximately sixty managed service providers and an estimated 1,500 businesses, making it possibly the largest ransomware attack in history.”

Title: Crytek Confirms Egregor Ransomware Attack, Customer Data Theft

Date Published:  August 10, 2021


Excerpt:  “Game developer and publisher Crytek has confirmed that the Egregor ransomware gang breached its network in October 2020, encrypting systems and stealing files containing customers’ personal info later leaked on the gang’s dark web leak site.  The company acknowledged the attack in breach notification letters sent to impacted individuals earlier this month and shared by one of the victims with BleepingComputer today.  “We want to inform you that Crytek was the victim of a ransomware attack by some unknown cyber-criminals,” Crytek said in a letter mailed to one of their customers impacted in the incident.”

Title: Adobe Fixes Critical Flaws in Magento, Patch It Immediately

Date Published:  August 11, 2021


Excerpt:  “Adobe security updates for August 2021 address a total of 29 flaws, including critical vulnerabilities in Magento and important issues in Adobe Connect: APSB21-64 Security?updates available?for Magento, APSB21-66 Security update available for Adobe Connect.  Multiple critical vulnerabilities could be exploited by attackers to gain arbitrary code execution. Magento has also released updates to fix 26 vulnerabilities, including ten pre-authentication vulnerabilities in Magento that can be exploited by an unauthenticated attacker. A remote attacker could exploit some of these vulnerabilities to gain code execution and take over the e-store.”

Title: Microsoft Patch Tuesday Security Updates Fix PrintNightmare Flaws

Date Published:  August 11, 2021


Excerpt:  “Microsoft released patch Tuesday security updates for August that address 120 CVEs in multiple products, including Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer (IE), Microsoft Scripting Engine, SQL Server, .NET Framework, ASP.NET Core, Office and Office Services and Web Apps, Windows Codecs Library, and Microsoft Dynamics.”

Title: Hackers Take $600m in ‘Biggest’ Cryptocurrency Theft

Date Published:  August 11, 2021


Excerpt:  “A hacker has apparently exploited a vulnerability to steal $600 million from a blockchain finance platform in what could be one of largest cryptocurrency thefts to date.  The makers of Poly Network, a “DeFi” or decentralized finance platform that works across blockchains, said on Tuesday that an attacker stole about $600 million in cryptocurrencies.  The team behind Poly Network appealed to the hackers to “return the hacked assets”.  “The amount of money you hacked is the biggest one in defi history. Law enforcement in any country will regard this as a major economic crime and you will be pursed. It is very unwise for you to do any further transactions. The money stole are from tens of thousands of crypto community members, hence the people. You should talk to us to work out a solution,” the Poly Network team said.”

Title: Cybercrime Victims Reluctant to Call Cops

Date Published:  August 10, 2021


Excerpt:  “A survey by New Zealand’s Ministry of Justice has found that victims of crime in the Land of the Long White Cloud are least likely to report falling prey to cybercrime and sexual assault.  A New Zealander was most likely to contact the police after being impacted by vehicle crime, according to the latest Ministry of Justice New Zealand Crime and Victim Survey. Researchers found that while car crime had an 89% chance of being reported, only around 7% of cybercrimes and sexual assaults were brought to the attention of the police.  Shame, embarrassment, fear of reprisal, and the threat of further humiliation were cited as reasons why victims of cybercrime and sexual assault were unlikely to report the illegal activity to law enforcement.  About 2% of adults experienced sexual assault in the previous 12 months. Victims were proportionately higher among females aged 15-19 (9%) and people with diverse sexualities aged 15-29 (14%).  The survey revealed that while more people are reporting assaults, around three quarters of all crime in New Zealand goes unreported.”

Title: Top 5 Data Breaches in History

Date Published:  August 11, 2021


Excerpt:  “Data breaches happen when confidential, sensitive or protected information is exposed to people who haven’t been authorized to access it. These expensive security incidents stem from various causes, including ransomware attacks, physical theft, phishing campaigns and entrusting your cybersecurity to a one-trick password pony.  While many data breaches result from deliberate cyber-criminal acts, a study by Tessian and Stanford University found that 88% of data breach incidents in 2020 happened simply because somebody somewhere screwed up.  That human error should account for so many data breaches shouldn’t come as that big of a surprise. Sometimes all it takes is accidentally hitting the CC button on an email or neglecting to set a cloud storage device to private.”

Title: Home and Small Business Routers Under Attack – How to See If You Are At Risk

Date Published:  August 10, 2021


Excerpt:  “Evan Grant, a researcher at network security scanning company Tenable, recently decided to have a go at hacking a home router.  The idea, it seems, was more to learn about the general techniques, tools and procedures available to router hackers than to conduct a security assessment of any particular product.  Understandably, therefore, Grant picked a router model using two non-technical criteria: was it popular, and was it available in Canada (Grant’s home country)?  After opening up the router casing to get access to the circuit board, Grant made good progress, by quickly: Finding likely pins on the circuit board where a debugging device could be connected.  Identifying the correct wiring for the debugging circuity to permit a serial connection.  Getting a root shell via a serial line and accessing the files on the device.”

Title: BlackMatter Ransomware Claims to Follow REvil & DarkSide

Date Published:  August 10, 2021


Excerpt:  “BlackMatter, a new ransomware-as-a-service (RaaS), has appeared on the threat landscape and brought tools and techniques from DarkSide, REvil, and the still-active LockBit 2.0.  SophosLabs researchers took a closer look at the malware, which emerged after DarkSide RaaS shut down its operations after an affiliate hit Colonial Pipeline, and after REvil went dark after its attack on Kaseya. BlackMatter’s operators claim their ransomware “incorporates the best features” of DarkSide, REvil, and LockBit 2.0,” and while they are close to DarkSide operators, they are not the same group.  “There are a number of factors that suggest a connection between BlackMatter and DarkSide,” states SophosLabs’ Mark Loman in a blog post. “However, this is not simply a rebranding from one to another. Malware analysis shows that while there are similarities with DarkSide ransomware, the code is not identical.””

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...