OSN August 27, 2021

Fortify Security Team
Aug 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases

Date Published: August 27, 2021


Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another customer’s information without authorization, researchers found. Cosmos DB is used by thousands of organizations, including Coca Cola, Exxon Mobil and a number of other Fortune 500 companies. Microsoft has since resolved the issue, the company said. “We fixed this issue immediately to keep our customers safe and protected,” a Microsoft spokesperson told CyberScoop.”

Title: Google, Microsoft, and Apple Pledge $30 Billion to Help Bolster Us Cybersecurity

Date Published: August 27, 2021


Excerpt: “US Technology majors Google, Microsoft, and Apple have pledged investments to the tune of billions of dollars to boost cybersecurity defenses and train skilled workers. Google pledged $10 billion, while Microsoft promised $20 billion. The revelation came after US President Joe Biden held a private meeting with top executives of the technology giants in the country. The White House meeting was facilitated due to continuous ransomware attacks disrupting critical infrastructure and significant corporations and fraudulent cyber operations.”

Title: OpenSSL Vulnerabilities Impact Various Synology Products

Date Published: August 27, 2021


Excerpt: “According to BleepingComputer publication, as a general rule, Synology addresses impacted software and provides patches within 90 days, therefore the company is working now on fixing these issues. The company is not only trying to fix the issue of the two OpenSSL vulnerabilities, but it also has in view other bugs that were not CVE identified and regard DSM 7.0, DSM 6.2, DSM UC, SkyNAS, and VS960HD.

The security flaws present in the DiskStation Manager (DSM) were made public on the 17th of August and it is confirmed that they have not been yet exploited by hackers.”

Title: Man Impersonates Apple Support, Steals 620,000 Photos From Icloud Accounts

Date Published: August 26, 2021


Excerpt: “Hao Kuo Chi, a 40-year-old citizen of La Puente, Los Angeles County, pleaded guilty to four counts including committing computer fraud, according to a report by the Los Angeles Times. Going by the online handle “icloudripper4you”, he billed himself as being adept at infiltrating iCloud accounts and pilfering their content, an activity he referred to as “ripping”. According to his plea agreement, Chi was able to access the iCloud accounts of at least 306 victims from around the United States. After investigators searched his house, he also admitted to infiltrating some 200 accounts at the behest of individuals that he had met online.”

Title: Ragnarok Ransomware Releases Master Decryptor After Shutdown

Date Published: August 26, 2021


Excerpt: “Up until earlier today, the Ragnarok ransomware leak site showed 12 victims, added between July 7 and August 16, threat intelligence provider HackNotice told BleepingComputer. By listing victims on their website, Ragnarok sought to force them into paying the ransom, under the threat of leaking unencrypted files stolen during the intrusion. The listed companies are from France, Estonia, Sri Lanka, Turkey, Thailand, U.S, Malaysia, Hong Kong, Spain, and Italy and are active in various sectors ranging from manufacturing to legal services.”

Title: FBI Warns Businesses of New Hive Ransomware

Date Published: August 27, 2021


Excerpt: “The malware itself looks for and terminates processes linked to backups, anti-virus and file copying to boost its chances of success. Encrypted files end with a .hive suffix. “The Hive ransomware then drops a hive.bat script into the directory, which enforces an execution timeout delay of one second in order to perform clean-up after the encryption is finished, by deleting the Hive executable and the hive.bat script,” the alert continued. “A second file, shadow.bat, is dropped into the directory to delete shadow copies, including disc backup copies or snapshots, without notifying the victim and then deletes the shadow.bat file”.”

Title: Fake DMCA Complaints, DDoS Threats Lead to Bazaloader Malware

Date Published: August 27, 2021


Excerpt: “The goal is the same though: use contact forms to deliver BazaLoader malware that often drops Cobalt Strike, which can lead to data theft or a ransomware attack. Microsoft has warned about this delivery method in April, when cybercriminals used it to deliver IcedID malware. The recent campaigns are similar, only the payload and the lure have changed. Website developer and designer Brian Johnson posted last week about two of his clients getting legal notifications about their websites being hacked to run DDoS attacks against a major company (Intuit, Hubspot).”

Title: Chinese Developer Exposes Data on Over One Million Gamers

Date Published: August 27, 2021


Excerpt: “A Chinese game developer has unwittingly exposed the personal and device details of over a million players after leaving an internet-facing server unsecured, according to researchers. A team at vpnMentor led by Noam Rotem and Ran Locar, discovered the unprotected Elasticsearch server on July 5. After no reply from its owner, EskyFun Entertainment Network Limited, they contacted the Hong Kong CERT, and the next day, July 28, the database was secured. The 134GB trove contained an estimated 365 million records linked to players of the firm’s fantasy games: Rainbow Story: Fantasy MMORPG; Metamorph M; and Dynasty Heroes: Legends of Samkok.”

Title: CISA Publishes Malware Analysis Reports on Samples Targeting Pulse Secure Devices

Date Published: August 26, 2021


Excerpt: “The MARs include details on the tactics, techniques, and procedures (TTPs) employed by threat actors along with Indicators of Compromise (IOCs) for the attack. Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. CVE-2021-22893 is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior to b9.1R11.4 that allows remote authenticated attackers to execute arbitrary code as the root user via a maliciously crafted meeting room. According to coordinated reports published by FireEye and Pulse Secure in May, two hacking groups have exploited the zero-day vulnerability in Pulse Secure VPN equipment to break into the networks of US defense contractors and government organizations worldwide.”

Title: 21-Year-Old Tells WSJ He Was Behind Massive T-Mobile Hack

Date Published: August 26, 2021


Excerpt: “On Twitter earlier this month, Gal shared a message he received from Binns that said, “The breach was done to retaliate against the US for the kidnapping and torture of John Erin Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019,” the hacker allegedly told Gal.  “We did it to harm US infrastructure,” Binns allegedly told Gal at the time. Binns has now spoken out publicly in an interview with the Wall Street Journal, telling the newspaper he was in fact behind the attack and conducted it from his home in Izmir, Turkey, where he lives with his mother.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...