OSN August 25, 2021

Fortify Security Team
Aug 25, 2021

Title: Fake Opensea Support Staff Are Stealing Cryptowallets and NFTS
Date Published: August 24, 2021

https://www.bleepingcomputer.com/news/security/fake-opensea-support-staff-are-stealing-cryptowallets-and-nfts/

Excerpt: “When an OpenSea user needs support, they can request help at OpenSea’s help center or via the site’s Discord server. When a user joins the Discord server and posts a request for help, scammers lurking on the server start sending private messages to the user. These messages include an invite to an ‘OpenSea Support’ server to receive support, as shown below. Artist Jeff Nicholas, who fell victim to this scam, told BleepingComputer that after joining the fake OpenSea support server, the scammers asked him to open a screen share so that they could provide support and guidance in fixing the problem.”

Title: Researchers Uncover FIN8’s New Backdoor Targeting Financial Institutions
Date Published: August 25, 2021

https://thehackernews.com/2021/08/researchers-uncover-fin8s-new-backdoor.html

Excerpt: “A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed “Sardonic” by Romanian cybersecurity technology company Bitdefender, which it encountered during a forensic investigation in the wake of an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S.”

Title: Ransomware Gang’s Script Shows Exactly the Files They’re After
Date Published: August 24, 2021

https://www.bleepingcomputer.com/news/security/ransomware-gangs-script-shows-exactly-the-files-theyre-after/

Excerpt: “This script is designed to scan each drive for data folders whose names match certain strings on a device. If a folder matches the search criteria, the script will upload the folder’s files to a remote drop server under the threat actor’s control. Of particular interest are the 123 keywords that the script searches for, which give us a glimpse into what the ransomware gang considers valuable.”

Title: CVE-2021-3711 in OpenSSL Can Allow to Change an Application’s Behavior
Date Published: August 24, 2021

https://securityaffairs.co/wordpress/121426/hacking/cve-2021-3711-openssl-flaws.html

Excerpt: “A malicious attacker who is able present SM2 content for decryption to an application could cause attacker-chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).”

Title: Hold the Door: Why Organizations Need to Prioritize Patching SSL VPNs
Date Published: August 25, 2021

https://www.tenable.com/blog/hold-the-door-why-organizations-need-to-prioritize-patching-ssl-vpns

Excerpt: “Nation-state actors have shown a preference for SSL VPN vulnerabilities. On April 15, 2021, the National Security Agency (NSA) and Federal Bureau of Investigation (FBI) published a joint alert about Russian Foreign Intelligence Service (SVR) activity leveraging all of these vulnerabilities. This followed alerts from 2020 pointing to state-sponsored attacks from China, Iran and Russia leveraging these vulnerabilities. These vulnerabilities were often leveraged in exploit chains leading to the takeover of domain controllers through the use of CVE-2020-1472, also known as Zerologon.”

Title: New SideWalk Backdoor Targets U.S.-based Computer Retail Business
Date Published: August 25, 2021

https://thehackernews.com/2021/08/new-sidewalk-backdoor-targets-us-based.html

Excerpt: “SideWalk is a modular backdoor that can dynamically load additional modules sent from its C&C [command-and-control] server, makes use of Google Docs as a dead drop resolver, and Cloudflare workers as a C&C server,” ESET researchers Thibaut Passilly and Mathieu Tartare said in a report published Tuesday. “It can also properly handle communication behind a proxy.” Since first emerging on the threat landscape in 2019, SparklingGoblin has been linked to several attacks aimed at Hong Kong universities using backdoors such as Spyder and ShadowPad, the latter of which has become a preferred malware of choice among multiple Chinese threat clusters in recent years.”

Title: China’s New Data Security Law (DSL): What You Need To Know
Date Published: August 25, 2021

https://blog.focal-point.com/chinas-new-data-security-law-what-you-need-to-know

Excerpt: “Under the DSL, sharing any data that is stored in China with law enforcement authorities or to judicial bodies outside of China without the approval of the Chinese government is strictly prohibited. However, this provision significantly impacts cross-border litigation and other legal proceedings. Failure to obtain approval before the transfer of this data can result in large fines, or even the suspension of the business and revocation of the business licenses.This provision is expected to create significant confusion for many companies that are established in China, offer their goods and services to data subjects in the European Union (EU), and are subject to the General Data Protection Regulation (GDPR).”

Title: EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as “Gootloader”
Date Published: August 25, 2021

https://community.riskiq.com/article/f5d5ed38

Excerpt: “We believe that “Gootloader” may in fact be a continuation of the EITest activity that began in 2014, and not actually associated with Gootkit beyond the fact that Gootkit is sometimes delivered by this payload delivery technique. EITest campaigns heavily targeted WordPress sites for compromise starting in 2014, used social engineering in order to trick users into downloading malware, and used infrastructure belonging to Petersburg Internet Network ltd. for C2. When their operations were sinkholed in 2018, the actors took action within a few days to stand up new C2 on an IP address they had used previously, and quickly launched a new social engineering campaign exploiting compromised WordPress sites to deliver malware payloads that continues to this day.”

Title: Over a Third of Smart Device Owners Do Not Take Security Measures
Date Published: August 24, 2021

https://www.infosecurity-magazine.com/news/third-smart-device-security/

Excerpt: “The research, based on an online survey of more than 1000 UK adults by The Harris Poll, found that 71% of UK adults own a smart home device, with smart TVs (52%) and smart speakers/home assistants (33%) the most common types. While many find these devices to be helpful (41%) and convenient (36%), a significant proportion described them as a security risk (24%) and intrusive (22%). Some even said they are not trustworthy (15%), creepy (12%) or scary (8%). The study also highlighted how the increase in screen time during the COVID-19 pandemic has negatively impacted many consumers’ physical (52%) and mental health (41%), in addition to making them more vulnerable to online harms.”

Title: IBM Launches New Sase Service to Bolster Zero-Trust Enterprise Security
Date Published: August 25, 2021

https://www.zdnet.com/article/ibm-launches-new-sase-service-to-bolster-zero-trust-security/

Excerpt: “According to the company, IBM Security Services for SASE will help support a now-hybrid workforce, third-party access systems, merger acquisition execution, and network upgrades to facilitate the cloud, 5G, and Internet of Things (IoT) devices. Traditional approaches to network security are no longer viable in a digital world where users and applications are distributed,” commented Mary O’Brien, General Manager at IBM Security. “We’re seeing this transformation happen right before our eyes as many organizations plan to operate in a hybrid model for the foreseeable future. This new approach requires a shift in culture, processes and collaboration across teams alongside a new technology architecture.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...