OSN August 17, 2021

Fortify Security Team
Aug 17, 2021

Title: Case Files Affected in Dallas Police Department Data Loss

Date Published: August 11, 2021

https://www.nbcdfw.com/news/local/unknown-number-of-cases-affected-in-dallas-police-department-data-loss/2716209/

Excerpt: “Multiple terabytes of Dallas Police Department data are missing and may be unrecoverable after being deleted during a data migration process in April, according to the Dallas County District Attorney’s Office. District Attorney John Creuzot said in a disclosure notice to defense attorneys Wednesday that the city had learned in April that 22TB of data were deleted between March 31 and April 5 during the migration of a police department network drive. About 14TB of data were recovered, but 8TB are still missing and are thought to be unrecoverable, Creuzot said in the notice.”

Title: Colonial Pipeline Reportedly Admits Data Breach

Date Published: August 17, 2021

https://www.infosecurity-magazine.com/news/colonial-pipeline-admits-data/

Excerpt: “Colonial Pipeline has reportedly admitted that nearly 6000 individuals may have had their personal information compromised by ransomware attackers when they struck earlier this year. The fuel pipeline operator, which was crippled by the attack in May, confirmed to CNN Business that it had begun sending out breach notification letters to 5810 victims. Most of those affected are thought to be current and former employees and family members. The compromised information is thought to include names, contact information, birth dates, Social Security numbers, driver’s license details, military ID numbers, and health insurance information.”

Title: America’s Secret Terrorist Watchlist Exposed on the Web Without a Password: Report

Date Published: August 17, 2021

https://www.infosecurity-magazine.com/news/misconfigured-server-leaks-us/

Excerpt: “On July 19, 2021 I discovered a terrorist watchlist containing 1.9 million records online without a password or any other authentication required to access it. The watchlist came from the Terrorist Screening Center, a multi-agency group administered by the FBI. The TSC maintains the country’s no-fly list, which is a subset of the larger watchlist. A typical record in the list contains a full name, citizenship, gender, date of birth, passport number, no-fly indicator, and more. I immediately reported it to Department of Homeland Security officials, who acknowledged the incident and thanked me for my work. The DHS did not provide any further official comment, though.”

Title: Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices

Date Published: August 16, 2021

https://thehackernews.com/2021/08/multiple-flaws-affecting-realtek-wi-fi.html

Excerpt: “The security issues are said to have remained untouched in Realtek’s codebase for more than a decade, German cybersecurity specialist IoT Inspector, which discovered the weaknesses, said in a report published Monday three months after disclosing them to Realtek in May 2021. “On the product vendor’s end, […] manufacturers with access to the Realtek source code […] missed to sufficiently validate their supply chain, [and] left the issues unspotted and distributed the vulnerabilities to hundreds of thousands of end customers — leaving them vulnerable to attacks,” the researchers said.

Title: Hive Ransomware Attacks Memorial Health System, Steals Patient Data

Date Published: August 16, 2021

https://www.bleepingcomputer.com/news/security/hive-ransomware-attacks-memorial-health-system-steals-patient-data/

Excerpt: “In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts. The attack occurred early Sunday morning and the IT department detected it once they noticed that parts of the infrastructure no longer responded as expected. Memorial Health System is a small network of three hospitals (Marietta Memorial Hospital, Selby General Hospital, and Sistersville General Hospital) in Ohio and West Virginia, outpatient service sites, and provider clinics.”

Title: Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets

Date Published: August 16, 2021

https://threatpost.com/valve-bug-unlimited-funds/168710/

Excerpt: “The bug, which has since been patched, was exploited by abusing Valve’s own application programming interface (API) used to communicate with the third-party web payment firm Smart2Pay, owned by Nuvei. According to DrBrix, the hack allowed an attacker to intercept the POST request sent from Valve to Smart2Pay. This was done via modifying the Steam user’s email address used by Smart2Pay as it passed through the Valve API. “Firstly you will have to change your steam account email to something like (I will explain why in next steps, amount100 is the important part): brixamount100abc@(redacted),” the researcher wrote.”

Title: Malware Dev Infects Own Pc and Data Ends up on Intel Platform

Date Published: August 16, 2021

https://www.bleepingcomputer.com/news/security/malware-dev-infects-own-pc-and-data-ends-up-on-intel-platform/

Excerpt: “A malware developer unleashed their creation on their system to try out new features and the data ended up on a cybercrime intelligence platform, exposing a glimpse of the cybercriminal endeavor. The threat actor is the developer of Raccoon, an information stealer that can collect data from  dozens of applications and has been growing in popularity for the past two years. While testing a variant of the stealer, the developer of Raccoon infected their own system, a move that immediately triggered the data to flow to the command and control (C2) server and further on, to cybercrime forums.”

Title: SEC Charges Pearson PLC for Misleading Investors About Cyber Breach

Date Published: August 16, 2021

https://www.sec.gov/news/press-release/2021-154

Excerpt: “The SEC’s order finds that Pearson made misleading statements and omissions about the 2018 data breach involving the theft of student data and administrator log-in credentials of 13,000 school, district and university customer accounts. In its semi-annual report, filed in July 2019, Pearson referred to a data privacy incident as a hypothetical risk, when, in fact, the 2018 cyber intrusion had already occurred. And in a July 2019 media statement, Pearson stated that the breach may include dates of births and email addresses, when, in fact, it knew that such records were stolen, and that Pearson had “strict protections” in place, when, in fact, it failed to patch the critical vulnerability for six months after it was notified.”

Title: LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK

Date Published: August 16, 2021

https://www.trendmicro.com/en_us/research/21/h/lockbit-resurfaces-with-version-2-0-ransomware-detections-in-chi.html

Excerpt: “The group behind LockBit 2.0 recently conducted a highly publicized attack, so it should go without saying that organizations need to keep a wary eye on this ransomware variant. LockBit 2.0 is especially tricky for its fast encryption. We also assume that this group will continue to make a scene for a long time, especially since it’s currently recruiting affiliates and insiders, making it more capable of infecting many companies and industries. It would also be wise to assume and prepare for upgrades and further developments in LockBit 2.0, especially now that many companies are aware of its capabilities and how it works.”

Title: Brazilian Government Discloses National Treasury Ransomware Attack

Date Published: August 17, 2021

https://www.bleepingcomputer.com/news/security/brazilian-government-discloses-national-treasury-ransomware-attack/

Excerpt: “According to a statement from the Ministry of Economy, initial measures to contain the impact of the cyberattack were immediately taken. The first assessments so far have found there was no damage to the structuring systems of the National Treasury, such as the platforms relating to public debt administration. The effects of the ransomware attack are being analyzed by security specialists from the National Treasury and the Digital Government Secretariat (DGS). The Federal Police has also been notified. The Ministry noted new information on the incident “will be disclosed in a timely manner and with due transparency”.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...