OSN September 20, 2021

Fortify Security Team
Sep 20, 2021

Title: Researchers Compile List of Vulnerabilities Abused by Ransomware Gangs
Date Published: September 18, 2021

bleepingcomputer.com/news/security/researchers-compile-list-of-vulnerabilities-abused-by-ransomware-gangs/ 

Excerpt: “This year alone, ransomware groups and affiliates have added multiple exploits to their arsenal, targeting actively exploited vulnerabilities. For instance, this week, an undisclosed number of ransomware-as-a-service affiliates have started using RCE exploits targeting the recently patched Windows MSHTML vulnerability (CVE-2021-40444). In early September, Conti ransomware also began targeting Microsoft Exchange servers, breaching enterprise networks using ProxyShell vulnerability exploits (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207).”

Title: ALTDOS Claims to Have Hacked One of Malaysia’s Biggest Conglomerates
Date Published: September 20, 2021

https://www.databreaches.net/altdos-claims-to-have-hacked-one-of-malaysias-biggest-conglomerates/

Excerpt: “Threat actors known as ALTDOS continue to romp their way through attacks on ASEAN entities, garnering very little media attention as they acquire and dump millions of consumer records and proprietary information on businesses. The majority of the victims whose data they have dumped appear to be from Singapore and Thailand, but they do have victims in other countries as well. While they have tended to fly under the media radar, ALTDOS has not gone unnoticed by Singapore law enforcement.  The Singapore government recently issued a joint advisory on ALTDOS. That advisory did not save one of Malaysia’s biggest conglomerates from becoming a victim, however.”

Title: CMA CGM Hit by Another Cyber Attack
Date Published: September 20, 2021

https://splash247.com/cma-cgm-hit-by-another-cyber-attack/

Excerpt: “CMA CGM has been hit by another cyberattack, just under one year since its last big breach. The French containerline told customers today that it had suffered a leak of data on limited customer information involving first and last names, employer, position, email address and phone number. CMA CGM said its IT teams have immediately developed and installed security patches. CMA CGM advised clients not to share their account passwords or any personal information. Clients were also asked to check the authenticity of an email requesting to log in to the carrier’s platforms, especially if requested to reset a password.”

Title: Facebook Rebukes WSJ Over Investigation on the Platform’s Ability to Harm, ‘Toxic’ Impact
Date Published: September 20, 2021

https://www.zdnet.com/article/facebook-rebukes-wsj-over-investigation-on-the-platforms-ability-to-harm-toxic-impact/

Excerpt: “In response, former UK politician and now Facebook Vice President of Global Affairs Nick Clegg said in a blog post on Saturday that the series “contained deliberate mischaracterizations of what we are trying to do, and conferred egregiously false motives to Facebook’s leadership and employees.” Clegg also says that the accusation at the core of the reports, that Facebook conducts research and dismisses anything that is not of benefit to the company, “is plain false” and is based on the “cherry-picked” selection of leaked documents.”

Title: 106 Arrested in a Sting Against Online Fraudsters
Date Published: September 20, 2021

https://www.europol.europa.eu/newsroom/news/106-arrested-in-sting-against-online-fraudsters

Excerpt: “This large criminal network was very well organised in a pyramid structure, which included different specialised areas and roles. Among the members of the criminal group were computer experts, who created the phishing domains and carried out the cyber fraud; recruiters and organisers of the money muling; and money laundering experts, including experts in cryptocurrencies. Most of the suspected members are Italian nationals, some of whom have links to mafia organisations. Located in Tenerife (Canary Islands, Spain), the suspects tricked their victims, mainly Italian nationals, into sending large sums to bank accounts controlled by the criminal network. They then laundered the criminal proceeds through a wide network of money mules and shell companies.”

Title: A New Wave of Malware Attack Targeting Organizations in South America
Date Published: September 20, 2021

https://thehackernews.com/2021/09/a-new-wave-of-malware-attack-targeting.html

Excerpt: “Should the victim meet the location criteria, the user is redirected to a file hosting server, and a password-protected archive is automatically downloaded, the password for which is specified in the email or the attachment, ultimately leading to the execution of a C++-based remote access trojan called BitRAT that first came to light in August 2020. Multiple verticals, including government, financial, healthcare, telecommunications, and energy, oil, and gas, are said to have been affected, with a majority of the targets for the latest campaign located in Colombia and a smaller fraction also coming from Ecuador, Spain, and Panama.”

Title: Mirai Botnet Exploiting Azure Omigod Vulnerabilities
Date Published: September 20, 2021

https://www.hackread.com/mirai-botnet-exploiting-azure-omigod-vulnerabilities/

Excerpt: “An attacker can remotely exploit CVE-2021-38647 simply by sending out a well-crafted request to a vulnerable device using a publicly accessible remote management port, such as 5986m 5985, or 1270. If the attack is successful, the attacker can become a root on a remote device. Furthermore, Azure will automatically install the OMI agent after a user set up Linux VM and other services, including monitoring, are enabled on the device. Then, OMI will run with root access by default, making the system highly vulnerable to compromise.”

Title: Pakistani Man Sentenced to 12 Years of Prison for His Role in AT&T Hacking Scheme
Date Published: September 20, 2021

https://securityaffairs.co/wordpress/122382/cyber-crime/att-hacking-scheme-man-sentenced.html

Excerpt: “Beginning in 2012, Fahd, 35, conspired with others to recruit AT&T employees at a call center located in Bothell, Washington, to unlock large numbers of cellular phones for profit. Fahd recruited and bribed AT&T employees to use their AT&T credentials to unlock phones for ineligible customers.” reads the press release published by DoJ. “Later in the conspiracy, Fahd had the bribed employees install custom malware and hacking tools that allowed him to unlock phones remotely from Pakistan. In September 2020, he pleaded guilty to conspiracy to commit wire fraud.”

Title: How Will The World Look Like In 2025 And The Future Of Cybersecurity
Date Published: September 20, 2021

https://medium.com/@piterson6/how-will-the-world-look-like-in-2025-and-the-future-of-cybersecurity-727ecc924af7

Excerpt: “Experts predict that by 2025, the information that people share over the Internet will get interwoven into their daily life activities, so much so that information flow will become invisible, like electricity. An analogy is that Internet usage will become akin to breathing. An expert from Media Psychology Research Center, Pamela Rutledge, argues that today, universal access is the term associated with phone lines. However, by 2025, access to the Internet will become a basic right. The greater access and capabilities will help bridge the digital divide and allow universal access to quality tools and digital participation skills..”

Title: The Biden Administration Plans to Target Exchanges Supporting Ransomware Operations With Sanctions
Date Published: September 18, 2021

https://securityaffairs.co/wordpress/122352/laws-and-regulations/biden-administration-ransomware-sanctions.html

Excerpt: “The Biden administration is preparing an array of actions, including sanctions, to make it harder for hackers to use digital currency to profit from ransomware attacks, according to people familiar with the matter.” states the WSJ. “The government hopes to choke off access to a form of payment that has supported a booming criminal industry and a rising national security threat.” Over the past years, the number of ransomware attacks has exponentially increased, causing huge losses to the victims and disrupting their activities. The operations also targeted the US critical infrastructure, the attack against Colonial Pipeline demonstrates the potential damages that such kind of criminal practice could cause to the US citizens.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...