OSN August 17, 2021

Fortify Security Team
Aug 17, 2021

Title: Case Files Affected in Dallas Police Department Data Loss

Date Published: August 11, 2021


Excerpt: “Multiple terabytes of Dallas Police Department data are missing and may be unrecoverable after being deleted during a data migration process in April, according to the Dallas County District Attorney’s Office. District Attorney John Creuzot said in a disclosure notice to defense attorneys Wednesday that the city had learned in April that 22TB of data were deleted between March 31 and April 5 during the migration of a police department network drive. About 14TB of data were recovered, but 8TB are still missing and are thought to be unrecoverable, Creuzot said in the notice.”

Title: Colonial Pipeline Reportedly Admits Data Breach

Date Published: August 17, 2021


Excerpt: “Colonial Pipeline has reportedly admitted that nearly 6000 individuals may have had their personal information compromised by ransomware attackers when they struck earlier this year. The fuel pipeline operator, which was crippled by the attack in May, confirmed to CNN Business that it had begun sending out breach notification letters to 5810 victims. Most of those affected are thought to be current and former employees and family members. The compromised information is thought to include names, contact information, birth dates, Social Security numbers, driver’s license details, military ID numbers, and health insurance information.”

Title: America’s Secret Terrorist Watchlist Exposed on the Web Without a Password: Report

Date Published: August 17, 2021


Excerpt: “On July 19, 2021 I discovered a terrorist watchlist containing 1.9 million records online without a password or any other authentication required to access it. The watchlist came from the Terrorist Screening Center, a multi-agency group administered by the FBI. The TSC maintains the country’s no-fly list, which is a subset of the larger watchlist. A typical record in the list contains a full name, citizenship, gender, date of birth, passport number, no-fly indicator, and more. I immediately reported it to Department of Homeland Security officials, who acknowledged the incident and thanked me for my work. The DHS did not provide any further official comment, though.”

Title: Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices

Date Published: August 16, 2021


Excerpt: “The security issues are said to have remained untouched in Realtek’s codebase for more than a decade, German cybersecurity specialist IoT Inspector, which discovered the weaknesses, said in a report published Monday three months after disclosing them to Realtek in May 2021. “On the product vendor’s end, […] manufacturers with access to the Realtek source code […] missed to sufficiently validate their supply chain, [and] left the issues unspotted and distributed the vulnerabilities to hundreds of thousands of end customers — leaving them vulnerable to attacks,” the researchers said.

Title: Hive Ransomware Attacks Memorial Health System, Steals Patient Data

Date Published: August 16, 2021


Excerpt: “In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts. The attack occurred early Sunday morning and the IT department detected it once they noticed that parts of the infrastructure no longer responded as expected. Memorial Health System is a small network of three hospitals (Marietta Memorial Hospital, Selby General Hospital, and Sistersville General Hospital) in Ohio and West Virginia, outpatient service sites, and provider clinics.”

Title: Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets

Date Published: August 16, 2021


Excerpt: “The bug, which has since been patched, was exploited by abusing Valve’s own application programming interface (API) used to communicate with the third-party web payment firm Smart2Pay, owned by Nuvei. According to DrBrix, the hack allowed an attacker to intercept the POST request sent from Valve to Smart2Pay. This was done via modifying the Steam user’s email address used by Smart2Pay as it passed through the Valve API. “Firstly you will have to change your steam account email to something like (I will explain why in next steps, amount100 is the important part): [email protected](redacted),” the researcher wrote.”

Title: Malware Dev Infects Own Pc and Data Ends up on Intel Platform

Date Published: August 16, 2021


Excerpt: “A malware developer unleashed their creation on their system to try out new features and the data ended up on a cybercrime intelligence platform, exposing a glimpse of the cybercriminal endeavor. The threat actor is the developer of Raccoon, an information stealer that can collect data from  dozens of applications and has been growing in popularity for the past two years. While testing a variant of the stealer, the developer of Raccoon infected their own system, a move that immediately triggered the data to flow to the command and control (C2) server and further on, to cybercrime forums.”

Title: SEC Charges Pearson PLC for Misleading Investors About Cyber Breach

Date Published: August 16, 2021


Excerpt: “The SEC’s order finds that Pearson made misleading statements and omissions about the 2018 data breach involving the theft of student data and administrator log-in credentials of 13,000 school, district and university customer accounts. In its semi-annual report, filed in July 2019, Pearson referred to a data privacy incident as a hypothetical risk, when, in fact, the 2018 cyber intrusion had already occurred. And in a July 2019 media statement, Pearson stated that the breach may include dates of births and email addresses, when, in fact, it knew that such records were stolen, and that Pearson had “strict protections” in place, when, in fact, it failed to patch the critical vulnerability for six months after it was notified.”

Title: LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK

Date Published: August 16, 2021


Excerpt: “The group behind LockBit 2.0 recently conducted a highly publicized attack, so it should go without saying that organizations need to keep a wary eye on this ransomware variant. LockBit 2.0 is especially tricky for its fast encryption. We also assume that this group will continue to make a scene for a long time, especially since it’s currently recruiting affiliates and insiders, making it more capable of infecting many companies and industries. It would also be wise to assume and prepare for upgrades and further developments in LockBit 2.0, especially now that many companies are aware of its capabilities and how it works.”

Title: Brazilian Government Discloses National Treasury Ransomware Attack

Date Published: August 17, 2021


Excerpt: “According to a statement from the Ministry of Economy, initial measures to contain the impact of the cyberattack were immediately taken. The first assessments so far have found there was no damage to the structuring systems of the National Treasury, such as the platforms relating to public debt administration. The effects of the ransomware attack are being analyzed by security specialists from the National Treasury and the Digital Government Secretariat (DGS). The Federal Police has also been notified. The Ministry noted new information on the incident “will be disclosed in a timely manner and with due transparency”.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...