OSN August 24, 2021

Fortify Security Team
Aug 24, 2021

Title: A Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health
Date Published: August 23, 2021


Excerpt: “A healthcare employee was the subject of a phishing email attack that exposed some medical records for approximately 12,000 patients, including patients of cardiology practice in St. George, according to a press release sent out by healthcare company Revere Health on Friday. Revere Health came to this conclusion after a two-month investigation into the breach and found the patients’ medical information wasn’t being shared online and deemed the breach to be a “low-level risk” to affected patients. Freeze says the company has contacted the affected patients about the situation and advised them to keep an eye out if any of their medical information has been shared.”

Title: FBI Sends Its First-Ever Alert About a ‘Ransomware Affiliate’
Date Published: August 23, 2021


Excerpt: “The US Federal Bureau of Investigations has published today its first-ever public advisory detailing the modus operandi of a “ransomware affiliate.” A relatively new term, a ransomware affiliate refers to a person or group who rents access to Ransomware-as-a-Service (RaaS) platforms, orchestrates intrusions into corporate networks, encrypt files with the “rented ransomware,” and then earn a commission from successful extortions. Going by the name of OnePercent Group, the FBI said today this threat actor has been active since at least November 2020.”

Title: Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group
Date Published: August 24, 2021


Excerpt: “The latest disclosure is significant, not least because the zero-click attack successfully works against the latest versions of iOS, but also for the fact that it bypasses a new software security feature called BlastDoor that Apple built into iOS 14 to prevent such intrusions by filtering untrusted data sent over iMessage. The tightly sandboxed service was detailed by Google Project Zero researcher Samuel Groß earlier this January, noting that it’s “written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base”.”

Title: Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc
Date Published: August 24, 2021


Excerpt: “If anything, the emergence of new ransomware variants show that cybercriminals are doubling down on ransomware attacks, underscoring the extremely profitable nature of the crime. “With major ransomware groups such as REvil and DarkSide lying low or rebranding to evade law enforcement heat and media attention, new groups will emerge to replace the ones that are no longer actively targeting victims,” the researchers said. “While LockBit and HelloKitty have been previously active, their recent evolution makes them a good example on how old groups can re-emerge and remain persistent threats”.”

Title: Apple, Microsoft and Amazon Chiefs to Meet Biden Over Critical Infrastructure Cyber Attacks
Date Published: August 20, 2021


Excerpt: “Microsoft, AWS, Cisco, FireEye and IBM are currently participating in the government-led effort to shore up US critical infrastructure as part of Biden’s May cybersecurity executive order. The rise of software supply chain attacks has European cybersecurity teams worried too, because of the difficulties in validating third-party code — be it open-source or proprietary software. The SolarWinds attack, which resulted in compromises at Microsoft, multiple top US cybersecurity firms, and several government agencies, highlighted the cybersecurity risks to US critical infrastructure.”

Title: 38 Million Records Exposed From Microsoft Power Apps of Dozens of Organisations
Date Published: August 24, 2021


Excerpt: “The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses,” UpGuard Research team said in a disclosure made public on Monday. Governmental bodies like Indiana, Maryland, and New York City, and private companies such as American Airlines, Ford, J.B. Hunt, and Microsoft are said to have been impacted. Among the most sensitive information that was left in the open were 332,000 email addresses and employee IDs used by Microsoft’s own global payroll services, as well as more than 85,000 records related to Business Tools Support and Mixed Reality portals.”

Title: Konni RAT Variant Targeting Russia in Ongoing Attack Campaign
Date Published: August 24, 2021


Excerpt: “The IT security researchers at Malwarebytes Labs have reported a new and ongoing malware campaign in which the prime target is Russia. The payload dropped by threat actors in this attack is the Konni RAT that was first spotted in 2014 being used by the North Korean Black Hat group of hackers known as Thallium and APT37. On the other hand, on July 6th, 2017, days after its missile test, North Korea was also hit by Konni RAT. At that time, Kaspersky Lab claimed that the hackers behind Konni malware campaigns might be of Korean origin, and the attacks were probably originating from South Korea.”

Title: Trend Micro Detected Over 13 Million Malware Events Targeting Linux-based Cloud Environments
Date Published: August 23, 2021


Excerpt: “As of 2017, 90% of public clouds workloads ran on Linux. According to Gartner®, “Rising interest in cloud-native architectures is prompting questions about the future need for server virtualization in the data center. The most common driver is Linux-OS-based virtualization, which is the basis for containers.1” Linux allows organizations to make the most of their cloud-based environments and power their digital transformation strategies. Many of today’s most cutting-edge IoT devices and cloud-based applications and technology run on some flavor of Linux, making it a critical area of modern technology to secure.”

Title: Phishing Campaign Uses Ups.Com Xss Vuln to Distribute Malware
Date Published: August 23, 2021


Excerpt: “A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious ‘Invoice’ Word documents. The phishing scam was first discovered by security researcher Daniel Gallagher and pretended to be an email from UPS stating that a package had an “exception” and needed to be picked up by the customer. What makes this phishing attack stand out is that the threat actor used the XSS vulnerability in UPS.com to modify the site’s regular page to look like a legitimate download page.”

Title: Botnet Targets Hundreds of Thousands of Devices Using Realtek Sdk
Date Published: August 23, 2021


Excerpt: “A Mirai-based botnet now targets a critical vulnerability in the software SDK used by hundreds of thousands of Realtek-based devices, encompassing 200 models from at least 65 vendors, including Asus, Belkin, D-Link, Netgear, Tenda, ZTE, and Zyxel. The security flaw that IoT Inspector security researchers found is now tracked as CVE-2021-35395 and was assigned a 9.8/10 severity rating. It impacts many Internet-exposed wireless devices ranging from residential gateways and travel routers to Wi-Fi repeaters, IP cameras, and smart lightning gateways or connected toys.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...