OSN August 27, 2021

Fortify Security Team
Aug 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases

Date Published: August 27, 2021

https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/

Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another customer’s information without authorization, researchers found. Cosmos DB is used by thousands of organizations, including Coca Cola, Exxon Mobil and a number of other Fortune 500 companies. Microsoft has since resolved the issue, the company said. “We fixed this issue immediately to keep our customers safe and protected,” a Microsoft spokesperson told CyberScoop.”

Title: Google, Microsoft, and Apple Pledge $30 Billion to Help Bolster Us Cybersecurity

Date Published: August 27, 2021

https://digpunews.medium.com/google-microsoft-and-apple-pledge-30-billion-to-help-bolster-us-cybersecurity-a2d3a872085c

Excerpt: “US Technology majors Google, Microsoft, and Apple have pledged investments to the tune of billions of dollars to boost cybersecurity defenses and train skilled workers. Google pledged $10 billion, while Microsoft promised $20 billion. The revelation came after US President Joe Biden held a private meeting with top executives of the technology giants in the country. The White House meeting was facilitated due to continuous ransomware attacks disrupting critical infrastructure and significant corporations and fraudulent cyber operations.”

Title: OpenSSL Vulnerabilities Impact Various Synology Products

Date Published: August 27, 2021

https://heimdalsecurity.com/blog/openssl-vulnerabilities-impact-synology-products/

Excerpt: “According to BleepingComputer publication, as a general rule, Synology addresses impacted software and provides patches within 90 days, therefore the company is working now on fixing these issues. The company is not only trying to fix the issue of the two OpenSSL vulnerabilities, but it also has in view other bugs that were not CVE identified and regard DSM 7.0, DSM 6.2, DSM UC, SkyNAS, and VS960HD.

The security flaws present in the DiskStation Manager (DSM) were made public on the 17th of August and it is confirmed that they have not been yet exploited by hackers.”

Title: Man Impersonates Apple Support, Steals 620,000 Photos From Icloud Accounts

Date Published: August 26, 2021

https://www.welivesecurity.com/2021/08/26/man-impersonates-apple-support-steals-620000-photos-icloud/

Excerpt: “Hao Kuo Chi, a 40-year-old citizen of La Puente, Los Angeles County, pleaded guilty to four counts including committing computer fraud, according to a report by the Los Angeles Times. Going by the online handle “icloudripper4you”, he billed himself as being adept at infiltrating iCloud accounts and pilfering their content, an activity he referred to as “ripping”. According to his plea agreement, Chi was able to access the iCloud accounts of at least 306 victims from around the United States. After investigators searched his house, he also admitted to infiltrating some 200 accounts at the behest of individuals that he had met online.”

Title: Ragnarok Ransomware Releases Master Decryptor After Shutdown

Date Published: August 26, 2021

https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/

Excerpt: “Up until earlier today, the Ragnarok ransomware leak site showed 12 victims, added between July 7 and August 16, threat intelligence provider HackNotice told BleepingComputer. By listing victims on their website, Ragnarok sought to force them into paying the ransom, under the threat of leaking unencrypted files stolen during the intrusion. The listed companies are from France, Estonia, Sri Lanka, Turkey, Thailand, U.S, Malaysia, Hong Kong, Spain, and Italy and are active in various sectors ranging from manufacturing to legal services.”

Title: FBI Warns Businesses of New Hive Ransomware

Date Published: August 27, 2021

https://www.infosecurity-magazine.com/news/fbi-warns-businesses-of-new-hive/

Excerpt: “The malware itself looks for and terminates processes linked to backups, anti-virus and file copying to boost its chances of success. Encrypted files end with a .hive suffix. “The Hive ransomware then drops a hive.bat script into the directory, which enforces an execution timeout delay of one second in order to perform clean-up after the encryption is finished, by deleting the Hive executable and the hive.bat script,” the alert continued. “A second file, shadow.bat, is dropped into the directory to delete shadow copies, including disc backup copies or snapshots, without notifying the victim and then deletes the shadow.bat file”.”

Title: Fake DMCA Complaints, DDoS Threats Lead to Bazaloader Malware

Date Published: August 27, 2021

https://www.bleepingcomputer.com/news/security/fake-dmca-complaints-ddos-threats-lead-to-bazaloader-malware/

Excerpt: “The goal is the same though: use contact forms to deliver BazaLoader malware that often drops Cobalt Strike, which can lead to data theft or a ransomware attack. Microsoft has warned about this delivery method in April, when cybercriminals used it to deliver IcedID malware. The recent campaigns are similar, only the payload and the lure have changed. Website developer and designer Brian Johnson posted last week about two of his clients getting legal notifications about their websites being hacked to run DDoS attacks against a major company (Intuit, Hubspot).”

Title: Chinese Developer Exposes Data on Over One Million Gamers

Date Published: August 27, 2021

https://www.infosecurity-magazine.com/news/chinese-developer-exposes-data/

Excerpt: “A Chinese game developer has unwittingly exposed the personal and device details of over a million players after leaving an internet-facing server unsecured, according to researchers. A team at vpnMentor led by Noam Rotem and Ran Locar, discovered the unprotected Elasticsearch server on July 5. After no reply from its owner, EskyFun Entertainment Network Limited, they contacted the Hong Kong CERT, and the next day, July 28, the database was secured. The 134GB trove contained an estimated 365 million records linked to players of the firm’s fantasy games: Rainbow Story: Fantasy MMORPG; Metamorph M; and Dynasty Heroes: Legends of Samkok.”

Title: CISA Publishes Malware Analysis Reports on Samples Targeting Pulse Secure Devices

Date Published: August 26, 2021

https://securityaffairs.co/wordpress/121492/security/pulse-secure-cisa-mars.html

Excerpt: “The MARs include details on the tactics, techniques, and procedures (TTPs) employed by threat actors along with Indicators of Compromise (IOCs) for the attack. Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. CVE-2021-22893 is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior to b9.1R11.4 that allows remote authenticated attackers to execute arbitrary code as the root user via a maliciously crafted meeting room. According to coordinated reports published by FireEye and Pulse Secure in May, two hacking groups have exploited the zero-day vulnerability in Pulse Secure VPN equipment to break into the networks of US defense contractors and government organizations worldwide.”

Title: 21-Year-Old Tells WSJ He Was Behind Massive T-Mobile Hack

Date Published: August 26, 2021

https://www.zdnet.com/article/21-year-old-tells-wsj-he-was-behind-massive-t-mobile-hack/

Excerpt: “On Twitter earlier this month, Gal shared a message he received from Binns that said, “The breach was done to retaliate against the US for the kidnapping and torture of John Erin Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019,” the hacker allegedly told Gal.  “We did it to harm US infrastructure,” Binns allegedly told Gal at the time. Binns has now spoken out publicly in an interview with the Wall Street Journal, telling the newspaper he was in fact behind the attack and conducted it from his home in Izmir, Turkey, where he lives with his mother.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks Date Published: August 26, 2021 https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may...