OSN August 25, 2021

Fortify Security Team
Aug 25, 2021

Title: Fake Opensea Support Staff Are Stealing Cryptowallets and NFTS
Date Published: August 24, 2021


Excerpt: “When an OpenSea user needs support, they can request help at OpenSea’s help center or via the site’s Discord server. When a user joins the Discord server and posts a request for help, scammers lurking on the server start sending private messages to the user. These messages include an invite to an ‘OpenSea Support’ server to receive support, as shown below. Artist Jeff Nicholas, who fell victim to this scam, told BleepingComputer that after joining the fake OpenSea support server, the scammers asked him to open a screen share so that they could provide support and guidance in fixing the problem.”

Title: Researchers Uncover FIN8’s New Backdoor Targeting Financial Institutions
Date Published: August 25, 2021


Excerpt: “A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed “Sardonic” by Romanian cybersecurity technology company Bitdefender, which it encountered during a forensic investigation in the wake of an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S.”

Title: Ransomware Gang’s Script Shows Exactly the Files They’re After
Date Published: August 24, 2021


Excerpt: “This script is designed to scan each drive for data folders whose names match certain strings on a device. If a folder matches the search criteria, the script will upload the folder’s files to a remote drop server under the threat actor’s control. Of particular interest are the 123 keywords that the script searches for, which give us a glimpse into what the ransomware gang considers valuable.”

Title: CVE-2021-3711 in OpenSSL Can Allow to Change an Application’s Behavior
Date Published: August 24, 2021


Excerpt: “A malicious attacker who is able present SM2 content for decryption to an application could cause attacker-chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).”

Title: Hold the Door: Why Organizations Need to Prioritize Patching SSL VPNs
Date Published: August 25, 2021


Excerpt: “Nation-state actors have shown a preference for SSL VPN vulnerabilities. On April 15, 2021, the National Security Agency (NSA) and Federal Bureau of Investigation (FBI) published a joint alert about Russian Foreign Intelligence Service (SVR) activity leveraging all of these vulnerabilities. This followed alerts from 2020 pointing to state-sponsored attacks from China, Iran and Russia leveraging these vulnerabilities. These vulnerabilities were often leveraged in exploit chains leading to the takeover of domain controllers through the use of CVE-2020-1472, also known as Zerologon.”

Title: New SideWalk Backdoor Targets U.S.-based Computer Retail Business
Date Published: August 25, 2021


Excerpt: “SideWalk is a modular backdoor that can dynamically load additional modules sent from its C&C [command-and-control] server, makes use of Google Docs as a dead drop resolver, and Cloudflare workers as a C&C server,” ESET researchers Thibaut Passilly and Mathieu Tartare said in a report published Tuesday. “It can also properly handle communication behind a proxy.” Since first emerging on the threat landscape in 2019, SparklingGoblin has been linked to several attacks aimed at Hong Kong universities using backdoors such as Spyder and ShadowPad, the latter of which has become a preferred malware of choice among multiple Chinese threat clusters in recent years.”

Title: China’s New Data Security Law (DSL): What You Need To Know
Date Published: August 25, 2021


Excerpt: “Under the DSL, sharing any data that is stored in China with law enforcement authorities or to judicial bodies outside of China without the approval of the Chinese government is strictly prohibited. However, this provision significantly impacts cross-border litigation and other legal proceedings. Failure to obtain approval before the transfer of this data can result in large fines, or even the suspension of the business and revocation of the business licenses.This provision is expected to create significant confusion for many companies that are established in China, offer their goods and services to data subjects in the European Union (EU), and are subject to the General Data Protection Regulation (GDPR).”

Title: EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as “Gootloader”
Date Published: August 25, 2021


Excerpt: “We believe that “Gootloader” may in fact be a continuation of the EITest activity that began in 2014, and not actually associated with Gootkit beyond the fact that Gootkit is sometimes delivered by this payload delivery technique. EITest campaigns heavily targeted WordPress sites for compromise starting in 2014, used social engineering in order to trick users into downloading malware, and used infrastructure belonging to Petersburg Internet Network ltd. for C2. When their operations were sinkholed in 2018, the actors took action within a few days to stand up new C2 on an IP address they had used previously, and quickly launched a new social engineering campaign exploiting compromised WordPress sites to deliver malware payloads that continues to this day.”

Title: Over a Third of Smart Device Owners Do Not Take Security Measures
Date Published: August 24, 2021


Excerpt: “The research, based on an online survey of more than 1000 UK adults by The Harris Poll, found that 71% of UK adults own a smart home device, with smart TVs (52%) and smart speakers/home assistants (33%) the most common types. While many find these devices to be helpful (41%) and convenient (36%), a significant proportion described them as a security risk (24%) and intrusive (22%). Some even said they are not trustworthy (15%), creepy (12%) or scary (8%). The study also highlighted how the increase in screen time during the COVID-19 pandemic has negatively impacted many consumers’ physical (52%) and mental health (41%), in addition to making them more vulnerable to online harms.”

Title: IBM Launches New Sase Service to Bolster Zero-Trust Enterprise Security
Date Published: August 25, 2021


Excerpt: “According to the company, IBM Security Services for SASE will help support a now-hybrid workforce, third-party access systems, merger acquisition execution, and network upgrades to facilitate the cloud, 5G, and Internet of Things (IoT) devices. Traditional approaches to network security are no longer viable in a digital world where users and applications are distributed,” commented Mary O’Brien, General Manager at IBM Security. “We’re seeing this transformation happen right before our eyes as many organizations plan to operate in a hybrid model for the foreseeable future. This new approach requires a shift in culture, processes and collaboration across teams alongside a new technology architecture.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...