OSN August 13, 2021

Fortify Security Team
Aug 13, 2021
Title: Vice Society Ransomware Joins Ongoing PrintNightmare Attacks

Date Published:  August 13, 2021


Excerpt:  “The Vice Society ransomware gang is now also actively exploiting Windows print spooler PrintNightmare vulnerability for lateral movement through their victims’ networks.  PrintNightmare is a set of recently disclosed security flaws (tracked as CVE-2021-1675, CVE-2021-34527, and CVE-2021-36958) found to affect the Windows Print Spooler service, Windows print drivers, and the Windows Point and Print feature.  Microsoft has released security updates to address the CVE-2021-1675 and CVE-2021-34527 bugs in June, July, and August, and has also published a security advisory this week with a workaround for CVE-2021-36958 (a zero-day bug allowing privilege escalation).”

Title: Microsoft Exchange Servers Are Getting Hacked via ProxyShell Exploits

Date Published:  August 12, 2021


Excerpt:  “Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access.  ProxyShell is the name of an attack that uses three chained Microsoft Exchange vulnerabilities to perform unauthenticated, remote code execution.  The three vulnerabilities, listed below, were discovered by Devcore Principal Security Researcher Orange Tsai, who chained them together to take over a Microsoft Exchange server in April’s Pwn2Own 2021 hacking contest.”

Title: 50% of Cybersecurity Attacks Are from Repeat Offenders

Date Published:  August 13, 2021


Excerpt:  “Lack of awareness and gaps in knowledge are a weak link for cybersecurity leadership who are responsible for strategic planning of cybersecurity defenses, leaving organizations exposed to risks, a Ponemon survey reveals.  With 2021 already claiming high-profile victims such as Colonial Pipeline and JBS, along with the world’s first bank announcing a $1 billion cybersecurity budget, there is an urgent need for CISOs to rethink their strategy and look for alternative ways to empower their teams.  The survey queried almost 1800 cybersecurity leaders and practitioners about their views specifically on external threat hunting and the people involved in this emerging and increasingly necessary technique organizations are adopting to build their defensive capabilities.”

Title: Trend Micro Warns Customers of Zero-day Attacks Against its Products

Date Published:  August 12, 2021


Excerpt:  “On July 28, Trend Micro released security patches for multiple incorrect permission assignment privilege escalation, incorrect permission preservation authentication bypass, arbitrary file upload, and local privilege escalation vulnerabilities in Apex One and Apex One as a Service products. The security firm also reported that attackers are already exploits at least two of the flaws (CVE-2021-32464, CVE-2021-32465, CVE-2021-36741, CVE-2021-36742) in attacks in the wild.”

Title: Microsoft Warns of a Evasive Year-long Spear-phishing Campaign Targeting Office 365 Users

Date Published:  August 13, 2021


Excerpt:  “Microsoft revealed that a year-long spear-phishing campaign has targeted Office 365 customers in multiple attacks starting with July 2020.  The attackers used invoice-themed XLS.HTML attachments, Microsoft reported that they changed obfuscation and encryption mechanisms every 37 days on average, a circumstance that demonstrates high motivation and the threat actors’ abilities to constantly evade detection.  “The HTML attachment is divided into several segments, including the JavaScript files used to steal passwords, which are then encoded using various mechanisms. These attackers moved from using plaintext HTML code to employing multiple encoding techniques, including old and unusual encryption methods like Morse code, to hide these attack segments.” reads the report published by the Microsoft 365 Defender Threat Intelligence Team. “Some of these code segments are not even present in the attachment itself. Instead, they reside in various open directories and are called by encoded scripts.””

Title: Cornell University Researchers Discover ‘Code-poisoning’ Attack

Date Published:  August 12, 2021


Excerpt:  “A team of researchers with the Cornell University Tech team have uncovered a new type of backdoor attack that they showed can “manipulate natural-language modeling systems to produce incorrect outputs and evade any known defense.”  The Cornell Tech team said they believe the attacks would be able to compromise algorithmic trading, email accounts and more. The research was supported with a Google Faculty Research Award as well as backing from the NSF and the Schmidt Futures program.  According to a study released on Thursday, the backdoor can manipulate natural-language modeling systems without “any access to the original code or model by uploading malicious code to open-source sites that are frequently used by many companies and programmers.”  The researchers named the attacks “code poisoning” during a presentation at the USENIX Security conference on Thursday. ”

Title: This ‘Unique’ Phishing Attack Uses Morse Code to Hide Its Approach

Date Published:  August 13, 2021


Excerpt:  “Microsoft has revealed the inner-workings of a phishing attack group’s techniques that uses a ‘jigsaw puzzle’ technique plus unusual features like Morse code dashes and dots to hide its attacks.  The group is using invoices in Excel HTML or web documents to distribute forms that capture credentials for later hacking efforts. The technique is notable because it bypasses traditional email filter systems.  “The HTML attachment is divided into several segments, including the JavaScript files used to steal passwords, which are then encoded using various mechanisms. These attackers moved from using plaintext HTML code to employing multiple encoding techniques, including old and unusual encryption methods like Morse code, to hide these attack segments,” Microsoft Security Intelligence says.”

Title: Philips Study Finds Hospitals Struggling to Manage Thousands of IoT Devices

Date Published:  August 13, 2021


Excerpt:  “Health technology company Philips released a new report this week covering cybersecurity spending and trends at mid-sized as well as large hospitals.  Working with cybersecurity company CyberMDX, researchers with Philips surveyed 130 IT healthcare decision-makers to figure out how they were managing the thousands of medical devices that populate most hospitals today.  The “Perspectives in Healthcare Security Report” split most of the study between large hospital systems with more than 1,000 beds and mid-sized ones with less than 1,000 beds.  More than 31% of respondents worked at hospitals with less than 10,000 medical devices while another 29% worked in hospital systems with less than 25,000. Almost 20% worked for hospital systems deploying under 50,000 devices.”

Title: 23 Charged Over BEC Scam

Date Published:  August 12, 2021


Excerpt:  “Police in Europe have arrested nearly two dozen individuals on suspicion of being part of an international group of online fraudsters.  The alleged cyber-criminals are accused of cheating companies in at least 20 countries out of approximately $1.17m.  Charges were brought against 23 individuals on August 10. The suspects were taken into custody in a series of raids simultaneously carried out at 34 addresses in Ireland, Romania, and the Netherlands.  Europol, which coordinated the action, said the cyber-criminal gang had been running scams for years, updating its tactics to exploit current events.”

Title: Over a Third of Organizations Damaged by Ransomware or Breach

Date Published:  August 13, 2021


Excerpt:  “Over one-third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months, according to new research.  In a survey conducted by the International Data Corporation (IDC), it was found that many organizations that fell victim to ransomware experienced multiple ransomware events. In the US, the incident rate was notably lower (7%) compared to the worldwide rate of 37%.  “Ransomware has become the enemy of the day; the threat that was first feared on Pennsylvania Avenue and subsequently detested on Wall Street is now the topic of conversation on Main Street,” commented Frank Dickson, program vice president, cybersecurity products, IDC. “As the greed of cyber miscreants has been fed, ransomware has evolved in sophistication, moving laterally, elevating privileges, actively evading detection, exfiltrating data and leveraging multifaceted extortion. Welcome to digital transformation’s dark side.””

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...