OSN September 1, 2021

Fortify Security Team
Sep 1, 2021

Title: Watch Out, Ransomware Attack Risk Increases on Holidays and Weekends, FBI and CISA
Date Published: September 1, 2021

https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/

Excerpt: “The ransomware families that have been most active over the last month are Conti, PYSA, LockBit, RansomEXX/Defray777, Zeppelin, Crysis/Dharma/Phobos. Most of the attacks leverage phishing and brute-forcing unsecured remote desktop protocol (RDP) endpoints and initial attack vectors to compromise the networks of the organizations and deploy the ransomware. The FBI and CISA recommend organizations conduct threat hunting on their networks aimed at searching for any signs of threat actor activity to prevent attacks before they occur or to minimize the impact of successful attacks.”

Title: The Leaked Data File Containing Details About the Guntrader Customers Has Been Shared
Date Published: September 1, 2021

https://heimdalsecurity.com/blog/the-leaked-data-file-containing-details-about-the-guntrader-customers-has-been-shared/

Excerpt: “Recently over 111,000 British firearms owners’ names and home addresses belonging to Guntrader’s customers were leaked online. A Google Earth compatible CSV file that pinpoints domestic homes as possible firearm storage locations was leaked online. The database stolen from Guntrader was advertised as being importable into Google Earth, in this way allowing random people to “contact as many [owners] as you can in your area and ask them if they are involved in shooting animals”.”

Title: 4TB Data Including Identity Verification Documents from 44 Countries Compromised Following Oriflame Data Breach
Date Published: September 1, 2021

https://www.riskbasedsecurity.com/2021/09/01/4tb-data-including-identity-verification-documents-from-44-countries-compromised-following-oriflame-data-breach/

Excerpt: “Then on August 6th, 2021 a third installment of data was leaked, this time containing 426,074 files from China, and finally on August 11th, 2021 part four was made available with 3,278,901 files from India released. It is unclear how many of the files are strictly verification documents.More recently, on August 22nd 2021 a fifth installment was leaked with more than 1.5 million files and 700 GBs of data from Russia. Russian authorities announced on August 24th that the relevant government agency, Roskomnadzor, is seeking an explanation of the events from Oriflame. They stated that, “At present, the stolen database of Oriflame clients had been detected on three Internet resources. Two of them have been blocked and the third deleted the link to the base”.”

Title: Hackers Leverage RF to Compromise Smart TV Remotes
Date Published: September 1, 2021

https://cybersecurity.att.com/blogs/security-essentials/hackers-leverage-rf-to-compromise-smart-tv-remotes

Excerpt: “At one level, the reported hack was simple enough. The researchers were able to take a popular model of Comcast TV remote – the XR11 – and use it to record voice commands. They were then able to access these recordings via the internet. At a more technical level, explained the researchers, they were able to trick the XR11 into downloading a modified version of the firmware that added a command to record and transmit audio via the on-board microphone the remote uses for voice commands. The details of how they managed to achieve this are a little more complicated, though.”

Title: Android Game Developer Eskyfun Exposed 1 Million Gamers to Hackers
Date Published: September 1, 2021

https://www.hackread.com/android-game-developer-eskyfun-leaks-gamers-hackers/

Excerpt: “The research team at vpnMentor reported an error on the part of famous Chinese Android game developer EskyFun that leaked sensitive data of at least one million online gamers. Reportedly, EskyFun used an unsecured Elasticsearch server for storing vast amounts of data collected from users. Researchers revealed that the information was stored in rolling 7 days’ user data sets for around three of the company’s games, which contained over 360 million pieces of data.”

Title: Scam Artists Are Recruiting English Speakers for Business Email Campaigns
Date Published: September 1, 2021

https://www.zdnet.com/article/scam-artists-are-recruiting-english-speakers-for-business-email-campaigns/

Excerpt: “A BEC scam will usually start with a phishing email, tailored and customized depending on the victim. Social engineering and email address spoofing may also be used to make the message appear to originate from someone in the target company — such as an executive, the CEO, or a member of an accounts team — in order to fool an employee into making a payment to an account controlled by a criminal. In some cases, these payments — intended to pay an alleged invoice, for example — can reach millions of dollars. In 2020, US companies alone lost roughly $1.8 billion to these forms of cyberattack.”

Title: Blackmatter X Babuk : Using the Same Web Server for Sharing Leaked Files
Date Published: September 1, 2021

https://medium.com/s2wlab/blackmatter-x-babuk-using-the-same-web-server-for-sharing-leaked-files-d01c20a74751

Excerpt: “BlackMatter published the leaked files and documents related to infected victim companies on August 1, 2021. They published the leaked data of 7 infected victim companies on their leak site. BlackMatter is using the file hosting services on their leak site and they are not uploaded the leaked data on their own web server. We checked BlackMatter used Mega Cloud, PrivatLab, DropmeFiles, 2 Tor Web Servers on their leak site. BlackMatter x Babuk : Using the same web server for sharing leaked files
The interesting point is a Tor Web Server(http://flhnknbdg7****.onion) is the same as Babuk’s file server when they share the leaked files with users.”

Title: QNAP Working on Patches for OpenSSL Flaws Affecting its NAS Devices
Date Published: September 1, 2021

https://thehackernews.com/2021/09/qnap-working-on-patches-for-openssl.html

Excerpt: “Network-attached storage (NAS) appliance maker QNAP said it’s currently investigating two recently patched security flaws in OpenSSL to determine their potential impact, adding it will release security updates should its products turn out to be vulnerable. Tracked as CVE-2021-3711 (CVSS score: 7.5) and CVE-2021-3712 (CVSS score: 4.4), the weaknesses concern a high-severity buffer overflow in SM2 decryption function and a buffer overrun issue when processing ASN.1 strings that could be abused by adversaries to run arbitrary code, cause a denial-of-service condition, or result in disclosure of private memory contents, such as private keys, or sensitive plaintext.”

Title: What Are Internet Cookies & What Happens When We Accept Them?
Date Published: September 1, 2021

https://samwritessecurity.medium.com/what-are-internet-cookies-what-happens-when-we-accept-them-d865c875b030

Excerpt: “f you don’t already know private tabs aren’t private at all but this is something private tabs can help you with. Another way to avoid unwanted cookies is to take the time and read about the information the website you choose to visit collects. This is very easy to do as most websites today have pop-ups and banners about cookies. If you own a website and you’re not so sure about what cookies your website uses you can verify using a free tool on cookie law. Next time you choose to accept, remember what you might be giving away.”

Title: U.S. Officials, Experts Fear China Ransacked Exchange Servers for Data to Train AI Systems
Date Published: August 31, 2021

https://www.theregister.com/2021/08/31/in_brief_security/

Excerpt: “It’s said the crew exploited four zero-days in Redmond’s mail software in a chain to hijack the servers and siphon off data. And what started small turned into what Chang Kawaguchi, CISO for Microsoft 365, told NPR this month was the fastest scale-up of a cyber-attack he’d ever seen. US government officials, and those in the infosec industry, are apparently concerned that, given the wide range of organizations targeted – from big biz to shops, dentists, and schools – the Chinese government could be trying to train machine-learning systems on mountains of Americans’ messages, calendars, and files.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...