OSN August 27, 2021

Fortify Security Team
Aug 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases

Date Published: August 27, 2021

https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/

Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another customer’s information without authorization, researchers found. Cosmos DB is used by thousands of organizations, including Coca Cola, Exxon Mobil and a number of other Fortune 500 companies. Microsoft has since resolved the issue, the company said. “We fixed this issue immediately to keep our customers safe and protected,” a Microsoft spokesperson told CyberScoop.”

Title: Google, Microsoft, and Apple Pledge $30 Billion to Help Bolster Us Cybersecurity

Date Published: August 27, 2021

https://digpunews.medium.com/google-microsoft-and-apple-pledge-30-billion-to-help-bolster-us-cybersecurity-a2d3a872085c

Excerpt: “US Technology majors Google, Microsoft, and Apple have pledged investments to the tune of billions of dollars to boost cybersecurity defenses and train skilled workers. Google pledged $10 billion, while Microsoft promised $20 billion. The revelation came after US President Joe Biden held a private meeting with top executives of the technology giants in the country. The White House meeting was facilitated due to continuous ransomware attacks disrupting critical infrastructure and significant corporations and fraudulent cyber operations.”

Title: OpenSSL Vulnerabilities Impact Various Synology Products

Date Published: August 27, 2021

https://heimdalsecurity.com/blog/openssl-vulnerabilities-impact-synology-products/

Excerpt: “According to BleepingComputer publication, as a general rule, Synology addresses impacted software and provides patches within 90 days, therefore the company is working now on fixing these issues. The company is not only trying to fix the issue of the two OpenSSL vulnerabilities, but it also has in view other bugs that were not CVE identified and regard DSM 7.0, DSM 6.2, DSM UC, SkyNAS, and VS960HD.

The security flaws present in the DiskStation Manager (DSM) were made public on the 17th of August and it is confirmed that they have not been yet exploited by hackers.”

Title: Man Impersonates Apple Support, Steals 620,000 Photos From Icloud Accounts

Date Published: August 26, 2021

https://www.welivesecurity.com/2021/08/26/man-impersonates-apple-support-steals-620000-photos-icloud/

Excerpt: “Hao Kuo Chi, a 40-year-old citizen of La Puente, Los Angeles County, pleaded guilty to four counts including committing computer fraud, according to a report by the Los Angeles Times. Going by the online handle “icloudripper4you”, he billed himself as being adept at infiltrating iCloud accounts and pilfering their content, an activity he referred to as “ripping”. According to his plea agreement, Chi was able to access the iCloud accounts of at least 306 victims from around the United States. After investigators searched his house, he also admitted to infiltrating some 200 accounts at the behest of individuals that he had met online.”

Title: Ragnarok Ransomware Releases Master Decryptor After Shutdown

Date Published: August 26, 2021

https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/

Excerpt: “Up until earlier today, the Ragnarok ransomware leak site showed 12 victims, added between July 7 and August 16, threat intelligence provider HackNotice told BleepingComputer. By listing victims on their website, Ragnarok sought to force them into paying the ransom, under the threat of leaking unencrypted files stolen during the intrusion. The listed companies are from France, Estonia, Sri Lanka, Turkey, Thailand, U.S, Malaysia, Hong Kong, Spain, and Italy and are active in various sectors ranging from manufacturing to legal services.”

Title: FBI Warns Businesses of New Hive Ransomware

Date Published: August 27, 2021

https://www.infosecurity-magazine.com/news/fbi-warns-businesses-of-new-hive/

Excerpt: “The malware itself looks for and terminates processes linked to backups, anti-virus and file copying to boost its chances of success. Encrypted files end with a .hive suffix. “The Hive ransomware then drops a hive.bat script into the directory, which enforces an execution timeout delay of one second in order to perform clean-up after the encryption is finished, by deleting the Hive executable and the hive.bat script,” the alert continued. “A second file, shadow.bat, is dropped into the directory to delete shadow copies, including disc backup copies or snapshots, without notifying the victim and then deletes the shadow.bat file”.”

Title: Fake DMCA Complaints, DDoS Threats Lead to Bazaloader Malware

Date Published: August 27, 2021

https://www.bleepingcomputer.com/news/security/fake-dmca-complaints-ddos-threats-lead-to-bazaloader-malware/

Excerpt: “The goal is the same though: use contact forms to deliver BazaLoader malware that often drops Cobalt Strike, which can lead to data theft or a ransomware attack. Microsoft has warned about this delivery method in April, when cybercriminals used it to deliver IcedID malware. The recent campaigns are similar, only the payload and the lure have changed. Website developer and designer Brian Johnson posted last week about two of his clients getting legal notifications about their websites being hacked to run DDoS attacks against a major company (Intuit, Hubspot).”

Title: Chinese Developer Exposes Data on Over One Million Gamers

Date Published: August 27, 2021

https://www.infosecurity-magazine.com/news/chinese-developer-exposes-data/

Excerpt: “A Chinese game developer has unwittingly exposed the personal and device details of over a million players after leaving an internet-facing server unsecured, according to researchers. A team at vpnMentor led by Noam Rotem and Ran Locar, discovered the unprotected Elasticsearch server on July 5. After no reply from its owner, EskyFun Entertainment Network Limited, they contacted the Hong Kong CERT, and the next day, July 28, the database was secured. The 134GB trove contained an estimated 365 million records linked to players of the firm’s fantasy games: Rainbow Story: Fantasy MMORPG; Metamorph M; and Dynasty Heroes: Legends of Samkok.”

Title: CISA Publishes Malware Analysis Reports on Samples Targeting Pulse Secure Devices

Date Published: August 26, 2021

https://securityaffairs.co/wordpress/121492/security/pulse-secure-cisa-mars.html

Excerpt: “The MARs include details on the tactics, techniques, and procedures (TTPs) employed by threat actors along with Indicators of Compromise (IOCs) for the attack. Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. CVE-2021-22893 is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior to b9.1R11.4 that allows remote authenticated attackers to execute arbitrary code as the root user via a maliciously crafted meeting room. According to coordinated reports published by FireEye and Pulse Secure in May, two hacking groups have exploited the zero-day vulnerability in Pulse Secure VPN equipment to break into the networks of US defense contractors and government organizations worldwide.”

Title: 21-Year-Old Tells WSJ He Was Behind Massive T-Mobile Hack

Date Published: August 26, 2021

https://www.zdnet.com/article/21-year-old-tells-wsj-he-was-behind-massive-t-mobile-hack/

Excerpt: “On Twitter earlier this month, Gal shared a message he received from Binns that said, “The breach was done to retaliate against the US for the kidnapping and torture of John Erin Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019,” the hacker allegedly told Gal.  “We did it to harm US infrastructure,” Binns allegedly told Gal at the time. Binns has now spoken out publicly in an interview with the Wall Street Journal, telling the newspaper he was in fact behind the attack and conducted it from his home in Izmir, Turkey, where he lives with his mother.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...