OSN August 24, 2021

Fortify Security Team
Aug 24, 2021

Title: A Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health
Date Published: August 23, 2021


Excerpt: “A healthcare employee was the subject of a phishing email attack that exposed some medical records for approximately 12,000 patients, including patients of cardiology practice in St. George, according to a press release sent out by healthcare company Revere Health on Friday. Revere Health came to this conclusion after a two-month investigation into the breach and found the patients’ medical information wasn’t being shared online and deemed the breach to be a “low-level risk” to affected patients. Freeze says the company has contacted the affected patients about the situation and advised them to keep an eye out if any of their medical information has been shared.”

Title: FBI Sends Its First-Ever Alert About a ‘Ransomware Affiliate’
Date Published: August 23, 2021


Excerpt: “The US Federal Bureau of Investigations has published today its first-ever public advisory detailing the modus operandi of a “ransomware affiliate.” A relatively new term, a ransomware affiliate refers to a person or group who rents access to Ransomware-as-a-Service (RaaS) platforms, orchestrates intrusions into corporate networks, encrypt files with the “rented ransomware,” and then earn a commission from successful extortions. Going by the name of OnePercent Group, the FBI said today this threat actor has been active since at least November 2020.”

Title: Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group
Date Published: August 24, 2021


Excerpt: “The latest disclosure is significant, not least because the zero-click attack successfully works against the latest versions of iOS, but also for the fact that it bypasses a new software security feature called BlastDoor that Apple built into iOS 14 to prevent such intrusions by filtering untrusted data sent over iMessage. The tightly sandboxed service was detailed by Google Project Zero researcher Samuel Groß earlier this January, noting that it’s “written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base”.”

Title: Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc
Date Published: August 24, 2021


Excerpt: “If anything, the emergence of new ransomware variants show that cybercriminals are doubling down on ransomware attacks, underscoring the extremely profitable nature of the crime. “With major ransomware groups such as REvil and DarkSide lying low or rebranding to evade law enforcement heat and media attention, new groups will emerge to replace the ones that are no longer actively targeting victims,” the researchers said. “While LockBit and HelloKitty have been previously active, their recent evolution makes them a good example on how old groups can re-emerge and remain persistent threats”.”

Title: Apple, Microsoft and Amazon Chiefs to Meet Biden Over Critical Infrastructure Cyber Attacks
Date Published: August 20, 2021


Excerpt: “Microsoft, AWS, Cisco, FireEye and IBM are currently participating in the government-led effort to shore up US critical infrastructure as part of Biden’s May cybersecurity executive order. The rise of software supply chain attacks has European cybersecurity teams worried too, because of the difficulties in validating third-party code — be it open-source or proprietary software. The SolarWinds attack, which resulted in compromises at Microsoft, multiple top US cybersecurity firms, and several government agencies, highlighted the cybersecurity risks to US critical infrastructure.”

Title: 38 Million Records Exposed From Microsoft Power Apps of Dozens of Organisations
Date Published: August 24, 2021


Excerpt: “The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses,” UpGuard Research team said in a disclosure made public on Monday. Governmental bodies like Indiana, Maryland, and New York City, and private companies such as American Airlines, Ford, J.B. Hunt, and Microsoft are said to have been impacted. Among the most sensitive information that was left in the open were 332,000 email addresses and employee IDs used by Microsoft’s own global payroll services, as well as more than 85,000 records related to Business Tools Support and Mixed Reality portals.”

Title: Konni RAT Variant Targeting Russia in Ongoing Attack Campaign
Date Published: August 24, 2021


Excerpt: “The IT security researchers at Malwarebytes Labs have reported a new and ongoing malware campaign in which the prime target is Russia. The payload dropped by threat actors in this attack is the Konni RAT that was first spotted in 2014 being used by the North Korean Black Hat group of hackers known as Thallium and APT37. On the other hand, on July 6th, 2017, days after its missile test, North Korea was also hit by Konni RAT. At that time, Kaspersky Lab claimed that the hackers behind Konni malware campaigns might be of Korean origin, and the attacks were probably originating from South Korea.”

Title: Trend Micro Detected Over 13 Million Malware Events Targeting Linux-based Cloud Environments
Date Published: August 23, 2021


Excerpt: “As of 2017, 90% of public clouds workloads ran on Linux. According to Gartner®, “Rising interest in cloud-native architectures is prompting questions about the future need for server virtualization in the data center. The most common driver is Linux-OS-based virtualization, which is the basis for containers.1” Linux allows organizations to make the most of their cloud-based environments and power their digital transformation strategies. Many of today’s most cutting-edge IoT devices and cloud-based applications and technology run on some flavor of Linux, making it a critical area of modern technology to secure.”

Title: Phishing Campaign Uses Ups.Com Xss Vuln to Distribute Malware
Date Published: August 23, 2021


Excerpt: “A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious ‘Invoice’ Word documents. The phishing scam was first discovered by security researcher Daniel Gallagher and pretended to be an email from UPS stating that a package had an “exception” and needed to be picked up by the customer. What makes this phishing attack stand out is that the threat actor used the XSS vulnerability in UPS.com to modify the site’s regular page to look like a legitimate download page.”

Title: Botnet Targets Hundreds of Thousands of Devices Using Realtek Sdk
Date Published: August 23, 2021


Excerpt: “A Mirai-based botnet now targets a critical vulnerability in the software SDK used by hundreds of thousands of Realtek-based devices, encompassing 200 models from at least 65 vendors, including Asus, Belkin, D-Link, Netgear, Tenda, ZTE, and Zyxel. The security flaw that IoT Inspector security researchers found is now tracked as CVE-2021-35395 and was assigned a 9.8/10 severity rating. It impacts many Internet-exposed wireless devices ranging from residential gateways and travel routers to Wi-Fi repeaters, IP cameras, and smart lightning gateways or connected toys.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...