OSN September 20, 2021

Fortify Security Team
Sep 20, 2021

Title: Researchers Compile List of Vulnerabilities Abused by Ransomware Gangs
Date Published: September 18, 2021


Excerpt: “This year alone, ransomware groups and affiliates have added multiple exploits to their arsenal, targeting actively exploited vulnerabilities. For instance, this week, an undisclosed number of ransomware-as-a-service affiliates have started using RCE exploits targeting the recently patched Windows MSHTML vulnerability (CVE-2021-40444). In early September, Conti ransomware also began targeting Microsoft Exchange servers, breaching enterprise networks using ProxyShell vulnerability exploits (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207).”

Title: ALTDOS Claims to Have Hacked One of Malaysia’s Biggest Conglomerates
Date Published: September 20, 2021


Excerpt: “Threat actors known as ALTDOS continue to romp their way through attacks on ASEAN entities, garnering very little media attention as they acquire and dump millions of consumer records and proprietary information on businesses. The majority of the victims whose data they have dumped appear to be from Singapore and Thailand, but they do have victims in other countries as well. While they have tended to fly under the media radar, ALTDOS has not gone unnoticed by Singapore law enforcement.  The Singapore government recently issued a joint advisory on ALTDOS. That advisory did not save one of Malaysia’s biggest conglomerates from becoming a victim, however.”

Title: CMA CGM Hit by Another Cyber Attack
Date Published: September 20, 2021


Excerpt: “CMA CGM has been hit by another cyberattack, just under one year since its last big breach. The French containerline told customers today that it had suffered a leak of data on limited customer information involving first and last names, employer, position, email address and phone number. CMA CGM said its IT teams have immediately developed and installed security patches. CMA CGM advised clients not to share their account passwords or any personal information. Clients were also asked to check the authenticity of an email requesting to log in to the carrier’s platforms, especially if requested to reset a password.”

Title: Facebook Rebukes WSJ Over Investigation on the Platform’s Ability to Harm, ‘Toxic’ Impact
Date Published: September 20, 2021


Excerpt: “In response, former UK politician and now Facebook Vice President of Global Affairs Nick Clegg said in a blog post on Saturday that the series “contained deliberate mischaracterizations of what we are trying to do, and conferred egregiously false motives to Facebook’s leadership and employees.” Clegg also says that the accusation at the core of the reports, that Facebook conducts research and dismisses anything that is not of benefit to the company, “is plain false” and is based on the “cherry-picked” selection of leaked documents.”

Title: 106 Arrested in a Sting Against Online Fraudsters
Date Published: September 20, 2021


Excerpt: “This large criminal network was very well organised in a pyramid structure, which included different specialised areas and roles. Among the members of the criminal group were computer experts, who created the phishing domains and carried out the cyber fraud; recruiters and organisers of the money muling; and money laundering experts, including experts in cryptocurrencies. Most of the suspected members are Italian nationals, some of whom have links to mafia organisations. Located in Tenerife (Canary Islands, Spain), the suspects tricked their victims, mainly Italian nationals, into sending large sums to bank accounts controlled by the criminal network. They then laundered the criminal proceeds through a wide network of money mules and shell companies.”

Title: A New Wave of Malware Attack Targeting Organizations in South America
Date Published: September 20, 2021


Excerpt: “Should the victim meet the location criteria, the user is redirected to a file hosting server, and a password-protected archive is automatically downloaded, the password for which is specified in the email or the attachment, ultimately leading to the execution of a C++-based remote access trojan called BitRAT that first came to light in August 2020. Multiple verticals, including government, financial, healthcare, telecommunications, and energy, oil, and gas, are said to have been affected, with a majority of the targets for the latest campaign located in Colombia and a smaller fraction also coming from Ecuador, Spain, and Panama.”

Title: Mirai Botnet Exploiting Azure Omigod Vulnerabilities
Date Published: September 20, 2021


Excerpt: “An attacker can remotely exploit CVE-2021-38647 simply by sending out a well-crafted request to a vulnerable device using a publicly accessible remote management port, such as 5986m 5985, or 1270. If the attack is successful, the attacker can become a root on a remote device. Furthermore, Azure will automatically install the OMI agent after a user set up Linux VM and other services, including monitoring, are enabled on the device. Then, OMI will run with root access by default, making the system highly vulnerable to compromise.”

Title: Pakistani Man Sentenced to 12 Years of Prison for His Role in AT&T Hacking Scheme
Date Published: September 20, 2021


Excerpt: “Beginning in 2012, Fahd, 35, conspired with others to recruit AT&T employees at a call center located in Bothell, Washington, to unlock large numbers of cellular phones for profit. Fahd recruited and bribed AT&T employees to use their AT&T credentials to unlock phones for ineligible customers.” reads the press release published by DoJ. “Later in the conspiracy, Fahd had the bribed employees install custom malware and hacking tools that allowed him to unlock phones remotely from Pakistan. In September 2020, he pleaded guilty to conspiracy to commit wire fraud.”

Title: How Will The World Look Like In 2025 And The Future Of Cybersecurity
Date Published: September 20, 2021


Excerpt: “Experts predict that by 2025, the information that people share over the Internet will get interwoven into their daily life activities, so much so that information flow will become invisible, like electricity. An analogy is that Internet usage will become akin to breathing. An expert from Media Psychology Research Center, Pamela Rutledge, argues that today, universal access is the term associated with phone lines. However, by 2025, access to the Internet will become a basic right. The greater access and capabilities will help bridge the digital divide and allow universal access to quality tools and digital participation skills..”

Title: The Biden Administration Plans to Target Exchanges Supporting Ransomware Operations With Sanctions
Date Published: September 18, 2021


Excerpt: “The Biden administration is preparing an array of actions, including sanctions, to make it harder for hackers to use digital currency to profit from ransomware attacks, according to people familiar with the matter.” states the WSJ. “The government hopes to choke off access to a form of payment that has supported a booming criminal industry and a rising national security threat.” Over the past years, the number of ransomware attacks has exponentially increased, causing huge losses to the victims and disrupting their activities. The operations also targeted the US critical infrastructure, the attack against Colonial Pipeline demonstrates the potential damages that such kind of criminal practice could cause to the US citizens.”

Recent Posts

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...