OSN August 24, 2021

Fortify Security Team
Aug 24, 2021

Title: A Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health
Date Published: August 23, 2021

https://www.thespectrum.com/story/news/2021/08/23/phishing-attack-exposes-information-12-000-patients-st-george/8214230002/

Excerpt: “A healthcare employee was the subject of a phishing email attack that exposed some medical records for approximately 12,000 patients, including patients of cardiology practice in St. George, according to a press release sent out by healthcare company Revere Health on Friday. Revere Health came to this conclusion after a two-month investigation into the breach and found the patients’ medical information wasn’t being shared online and deemed the breach to be a “low-level risk” to affected patients. Freeze says the company has contacted the affected patients about the situation and advised them to keep an eye out if any of their medical information has been shared.”

Title: FBI Sends Its First-Ever Alert About a ‘Ransomware Affiliate’
Date Published: August 23, 2021

https://securityaffairs.co/wordpress/121354/hacking/us-state-department-hit-cyber-attack.html

Excerpt: “The US Federal Bureau of Investigations has published today its first-ever public advisory detailing the modus operandi of a “ransomware affiliate.” A relatively new term, a ransomware affiliate refers to a person or group who rents access to Ransomware-as-a-Service (RaaS) platforms, orchestrates intrusions into corporate networks, encrypt files with the “rented ransomware,” and then earn a commission from successful extortions. Going by the name of OnePercent Group, the FBI said today this threat actor has been active since at least November 2020.”

Title: Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group
Date Published: August 24, 2021

https://thehackernews.com/2021/08/bahraini-activists-targeted-using-new.html

Excerpt: “The latest disclosure is significant, not least because the zero-click attack successfully works against the latest versions of iOS, but also for the fact that it bypasses a new software security feature called BlastDoor that Apple built into iOS 14 to prevent such intrusions by filtering untrusted data sent over iMessage. The tightly sandboxed service was detailed by Google Project Zero researcher Samuel Groß earlier this January, noting that it’s “written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base”.”

Title: Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc
Date Published: August 24, 2021

https://thehackernews.com/2021/08/researchers-warn-of-4-new-ransomware.html

Excerpt: “If anything, the emergence of new ransomware variants show that cybercriminals are doubling down on ransomware attacks, underscoring the extremely profitable nature of the crime. “With major ransomware groups such as REvil and DarkSide lying low or rebranding to evade law enforcement heat and media attention, new groups will emerge to replace the ones that are no longer actively targeting victims,” the researchers said. “While LockBit and HelloKitty have been previously active, their recent evolution makes them a good example on how old groups can re-emerge and remain persistent threats”.”

Title: Apple, Microsoft and Amazon Chiefs to Meet Biden Over Critical Infrastructure Cyber Attacks
Date Published: August 20, 2021

https://www.zdnet.com/article/apple-microsoft-and-amazon-chiefs-to-meet-biden-over-critical-infrastructure-cyber-attacks/

Excerpt: “Microsoft, AWS, Cisco, FireEye and IBM are currently participating in the government-led effort to shore up US critical infrastructure as part of Biden’s May cybersecurity executive order. The rise of software supply chain attacks has European cybersecurity teams worried too, because of the difficulties in validating third-party code — be it open-source or proprietary software. The SolarWinds attack, which resulted in compromises at Microsoft, multiple top US cybersecurity firms, and several government agencies, highlighted the cybersecurity risks to US critical infrastructure.”

Title: 38 Million Records Exposed From Microsoft Power Apps of Dozens of Organisations
Date Published: August 24, 2021

https://thehackernews.com/2021/08/38-million-records-exposed-from.html

Excerpt: “The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses,” UpGuard Research team said in a disclosure made public on Monday. Governmental bodies like Indiana, Maryland, and New York City, and private companies such as American Airlines, Ford, J.B. Hunt, and Microsoft are said to have been impacted. Among the most sensitive information that was left in the open were 332,000 email addresses and employee IDs used by Microsoft’s own global payroll services, as well as more than 85,000 records related to Business Tools Support and Mixed Reality portals.”

Title: Konni RAT Variant Targeting Russia in Ongoing Attack Campaign
Date Published: August 24, 2021

https://www.hackread.com/konni-rat-variant-hits-russia-ongoing-attack/

Excerpt: “The IT security researchers at Malwarebytes Labs have reported a new and ongoing malware campaign in which the prime target is Russia. The payload dropped by threat actors in this attack is the Konni RAT that was first spotted in 2014 being used by the North Korean Black Hat group of hackers known as Thallium and APT37. On the other hand, on July 6th, 2017, days after its missile test, North Korea was also hit by Konni RAT. At that time, Kaspersky Lab claimed that the hackers behind Konni malware campaigns might be of Korean origin, and the attacks were probably originating from South Korea.”

Title: Trend Micro Detected Over 13 Million Malware Events Targeting Linux-based Cloud Environments
Date Published: August 23, 2021

https://newsroom.trendmicro.com/2021-08-23-Trend-Micro-Detected-Nearly-13-Million-Malware-Events-Targeting-Linux-based-Cloud-Environments

Excerpt: “As of 2017, 90% of public clouds workloads ran on Linux. According to Gartner®, “Rising interest in cloud-native architectures is prompting questions about the future need for server virtualization in the data center. The most common driver is Linux-OS-based virtualization, which is the basis for containers.1” Linux allows organizations to make the most of their cloud-based environments and power their digital transformation strategies. Many of today’s most cutting-edge IoT devices and cloud-based applications and technology run on some flavor of Linux, making it a critical area of modern technology to secure.”

Title: Phishing Campaign Uses Ups.Com Xss Vuln to Distribute Malware
Date Published: August 23, 2021

https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-upscom-xss-vuln-to-distribute-malware/

Excerpt: “A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious ‘Invoice’ Word documents. The phishing scam was first discovered by security researcher Daniel Gallagher and pretended to be an email from UPS stating that a package had an “exception” and needed to be picked up by the customer. What makes this phishing attack stand out is that the threat actor used the XSS vulnerability in UPS.com to modify the site’s regular page to look like a legitimate download page.”

Title: Botnet Targets Hundreds of Thousands of Devices Using Realtek Sdk
Date Published: August 23, 2021

https://www.bleepingcomputer.com/news/security/botnet-targets-hundreds-of-thousands-of-devices-using-realtek-sdk/

Excerpt: “A Mirai-based botnet now targets a critical vulnerability in the software SDK used by hundreds of thousands of Realtek-based devices, encompassing 200 models from at least 65 vendors, including Asus, Belkin, D-Link, Netgear, Tenda, ZTE, and Zyxel. The security flaw that IoT Inspector security researchers found is now tracked as CVE-2021-35395 and was assigned a 9.8/10 severity rating. It impacts many Internet-exposed wireless devices ranging from residential gateways and travel routers to Wi-Fi repeaters, IP cameras, and smart lightning gateways or connected toys.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...