OSN August 25, 2021

Fortify Security Team
Aug 25, 2021

Title: Fake Opensea Support Staff Are Stealing Cryptowallets and NFTS
Date Published: August 24, 2021


Excerpt: “When an OpenSea user needs support, they can request help at OpenSea’s help center or via the site’s Discord server. When a user joins the Discord server and posts a request for help, scammers lurking on the server start sending private messages to the user. These messages include an invite to an ‘OpenSea Support’ server to receive support, as shown below. Artist Jeff Nicholas, who fell victim to this scam, told BleepingComputer that after joining the fake OpenSea support server, the scammers asked him to open a screen share so that they could provide support and guidance in fixing the problem.”

Title: Researchers Uncover FIN8’s New Backdoor Targeting Financial Institutions
Date Published: August 25, 2021


Excerpt: “A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed “Sardonic” by Romanian cybersecurity technology company Bitdefender, which it encountered during a forensic investigation in the wake of an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S.”

Title: Ransomware Gang’s Script Shows Exactly the Files They’re After
Date Published: August 24, 2021


Excerpt: “This script is designed to scan each drive for data folders whose names match certain strings on a device. If a folder matches the search criteria, the script will upload the folder’s files to a remote drop server under the threat actor’s control. Of particular interest are the 123 keywords that the script searches for, which give us a glimpse into what the ransomware gang considers valuable.”

Title: CVE-2021-3711 in OpenSSL Can Allow to Change an Application’s Behavior
Date Published: August 24, 2021


Excerpt: “A malicious attacker who is able present SM2 content for decryption to an application could cause attacker-chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).”

Title: Hold the Door: Why Organizations Need to Prioritize Patching SSL VPNs
Date Published: August 25, 2021


Excerpt: “Nation-state actors have shown a preference for SSL VPN vulnerabilities. On April 15, 2021, the National Security Agency (NSA) and Federal Bureau of Investigation (FBI) published a joint alert about Russian Foreign Intelligence Service (SVR) activity leveraging all of these vulnerabilities. This followed alerts from 2020 pointing to state-sponsored attacks from China, Iran and Russia leveraging these vulnerabilities. These vulnerabilities were often leveraged in exploit chains leading to the takeover of domain controllers through the use of CVE-2020-1472, also known as Zerologon.”

Title: New SideWalk Backdoor Targets U.S.-based Computer Retail Business
Date Published: August 25, 2021


Excerpt: “SideWalk is a modular backdoor that can dynamically load additional modules sent from its C&C [command-and-control] server, makes use of Google Docs as a dead drop resolver, and Cloudflare workers as a C&C server,” ESET researchers Thibaut Passilly and Mathieu Tartare said in a report published Tuesday. “It can also properly handle communication behind a proxy.” Since first emerging on the threat landscape in 2019, SparklingGoblin has been linked to several attacks aimed at Hong Kong universities using backdoors such as Spyder and ShadowPad, the latter of which has become a preferred malware of choice among multiple Chinese threat clusters in recent years.”

Title: China’s New Data Security Law (DSL): What You Need To Know
Date Published: August 25, 2021


Excerpt: “Under the DSL, sharing any data that is stored in China with law enforcement authorities or to judicial bodies outside of China without the approval of the Chinese government is strictly prohibited. However, this provision significantly impacts cross-border litigation and other legal proceedings. Failure to obtain approval before the transfer of this data can result in large fines, or even the suspension of the business and revocation of the business licenses.This provision is expected to create significant confusion for many companies that are established in China, offer their goods and services to data subjects in the European Union (EU), and are subject to the General Data Protection Regulation (GDPR).”

Title: EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as “Gootloader”
Date Published: August 25, 2021


Excerpt: “We believe that “Gootloader” may in fact be a continuation of the EITest activity that began in 2014, and not actually associated with Gootkit beyond the fact that Gootkit is sometimes delivered by this payload delivery technique. EITest campaigns heavily targeted WordPress sites for compromise starting in 2014, used social engineering in order to trick users into downloading malware, and used infrastructure belonging to Petersburg Internet Network ltd. for C2. When their operations were sinkholed in 2018, the actors took action within a few days to stand up new C2 on an IP address they had used previously, and quickly launched a new social engineering campaign exploiting compromised WordPress sites to deliver malware payloads that continues to this day.”

Title: Over a Third of Smart Device Owners Do Not Take Security Measures
Date Published: August 24, 2021


Excerpt: “The research, based on an online survey of more than 1000 UK adults by The Harris Poll, found that 71% of UK adults own a smart home device, with smart TVs (52%) and smart speakers/home assistants (33%) the most common types. While many find these devices to be helpful (41%) and convenient (36%), a significant proportion described them as a security risk (24%) and intrusive (22%). Some even said they are not trustworthy (15%), creepy (12%) or scary (8%). The study also highlighted how the increase in screen time during the COVID-19 pandemic has negatively impacted many consumers’ physical (52%) and mental health (41%), in addition to making them more vulnerable to online harms.”

Title: IBM Launches New Sase Service to Bolster Zero-Trust Enterprise Security
Date Published: August 25, 2021


Excerpt: “According to the company, IBM Security Services for SASE will help support a now-hybrid workforce, third-party access systems, merger acquisition execution, and network upgrades to facilitate the cloud, 5G, and Internet of Things (IoT) devices. Traditional approaches to network security are no longer viable in a digital world where users and applications are distributed,” commented Mary O’Brien, General Manager at IBM Security. “We’re seeing this transformation happen right before our eyes as many organizations plan to operate in a hybrid model for the foreseeable future. This new approach requires a shift in culture, processes and collaboration across teams alongside a new technology architecture.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...