OSN September 23, 2021

Fortify Security Team
Sep 23, 2021

Title: Conti Ransomware Attacks on the Rise, FBI, CISA, and NSA Warn
Date Published: September 22, 2021


Excerpt: “The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. (See FBI Flash: Conti Ransomware Attacks Impact Healthcare and First Responder Networks.) In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment. To secure systems against Conti ransomware, CISA, FBI, and the National Security Agency (NSA) recommend implementing the mitigation measures described in this Advisory, which include requiring multi-factor authentication (MFA), implementing network segmentation, and keeping operating systems and software up to date.”

Title: A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit
Date Published: September 23, 2021


Excerpt: “Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. “These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables,” researchers from Eclypsium said in a report published on Monday. “These tables can be exploited by attackers with direct physical access, with remote access, or through manufacturer supply chains. More importantly, these motherboard-level flaws can obviate initiatives like Secured-core because of the ubiquitous usage of ACPI [Advanced Configuration and Power Interface] and WPBT”.”

Title: Apple Announced that TLS 1.0 and 1.1 Has Been Deprecated in iOS 15, iPadOS 15, macOS 12, and More
Date Published: September 23, 2021


Excerpt: “Transport Layer Security (TLS) is a cryptographic protocol designed to safeguard web traffic. It ensures data integrity and confidentiality in transit between clients and servers accessing and interchanging information. Apps such as voice over IP, instant messaging, and email use this secure communication protocol. As mentioned by BleepingComputer, the first TLS 1.0 specification and its TLS 1.1 successor were utilized for almost two decades. TLS 1.0 was initially defined in January 1999 as an upgrade of SSL Version 3.0 and TLS 1.1 in April 2006, both deprecated in 2020.”

Title: Ransomware Attackers Targeted This Company Then Defenders Discovered Something Curious
Date Published: September 23, 2021


Excerpt: “The attack methods used in the attempted ransomware campaign resembled techniques previously attributed to state-backed Chinese hacking operations including APT27 – also known as Emissary Panda.  eSentire said the low quality of the ransomware and the lack of any known ransomware breaches by this ‘Hello Ransomware’, along with the attackers’ use of intrusion and reconnaissance methods that are typically associated with sophisticated groups, raises the question of whether the ransomware is the primary goal of the operators. ”

Title: A Second Farming Cooperative Got Shut Down by Ransomware This Week
Date Published: September 23, 2021


Excerpt: “It’s important to remember as well that earlier this month, the FBI released a notice in which it was warning the companies from the food and agriculture sector to watch out for ransomware attacks aiming to disrupt supply chains. In the notice, the FBI explains that food and agriculture ransomware attacks interrupt businesses, create financial losses, and have a detrimental impact on the food supply chain. Small farms to big producers, processors, and manufacturers, as well as marketplaces and restaurants, may be affected by ransomware. In a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems, cyber-criminal threat actors can now use network weaknesses in order to exfiltrate data and encrypt systems.”

Title: Researchers Finger New Apt Group, Famoussparrow, for Hotel Attacks
Date Published: September 23, 2021


Excerpt: “Researchers at security specialist ESET claim to have found a shiny new advanced persistent threat (APT) group dubbed FamousSparrow – after discovering its custom backdoor, SparrowDoor, on hotels and government systems around the world. “FamousSparrow is currently the only user of a custom backdoor that we discovered in the investigation and called SparrowDoor,” ESET researcher and co-author of the report Tahseen Bin Taj explained in a prepared statement. “The group also uses two custom versions of Mimikatz. The presence of any of these custom malicious tools could be used to connect incidents to FamousSparrow”.”

Title: Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers
Date Published: September 23, 2021


Excerpt: “More than one terabyte of data containing 5.5 million files has been left exposed, leaking personal information of over 100,000 customers of a Colombian real estate firm, according to cybersecurity company WizCase. The breach was discovered by Ata Hakçil and his team in a database owned by Coninsa Ramon H, a company that specializes in architecture, engineering, construction, and real estate services. “There was no need for a password or login credentials to see this information, and the data was not encrypted,” the researchers said in an exclusive report shared with The Hacker News.”

Title: More Afghan Citizens’ Data Exposed in Second MoD Breach
Date Published: September 23, 2021


Excerpt: “Earlier this week, the government department was forced to apologize for sending an email that exposed the data of more than 250 Afghan interpreters who worked for British forces during the allied occupation of the country. This included their email addresses, names and LinkedIn profile images, putting them at risk of reprisals from the Taliban, who recently retook control of Afghanistan 20 years after being ousted by British and US forces. A second data breach involving Afghan citizens who may be eligible to relocate to the UK has now been uncovered by the BBC, who revealed MoD officials sent an email earlier this month that mistakenly copied in dozens of people. This displayed the email addresses and some names of 55 Afghanis, including those from the Afghan National Army.”

Title: ANZ Reports a 73% Year-on-Year Increase in Scams for the First Eight Months of 2021
Date Published: September 23, 2021


Excerpt: “Australia and New Zealand Group (ANZ) chief executive Shayne Elliot has encouraged the Standing Committee of Economics to prioritise the need to raise further awareness, as well as recommend additional steps industry and government could take, to address the rising number of scams. In fronting the committee, which is currently undertaking a review of the four major banks and other financial institutions, Elliot highlighted that for the first eighteen months of 2021, ANZ had seen a 73% increase in scams being detected or reported by customers, compared to the same time last year.”

Title: Plugging the Holes: How to Prevent Corporate Data Leaks in the Cloud
Date Published: September 22, 2021


Excerpt: “Digital transformation saved many organizations during the pandemic. And now it’s seen as the key to driving success as they exit the global economic crisis. Cloud investments sit at the heart of these projects – supporting applications and business processes designed to power new customer experiences and operational efficiencies. According to Gartner, global spending on public cloud services is forecast to grow 18.4% in 2021 to total nearly $305 billion, and then increase by a further 19% next year. However, this opens the door to human error – as misconfigurations expose sensitive data to potentially malicious actors. Sometimes these records contain personally identifiable information (PII), such as the leak affecting millions at a Spanish developer of hotel reservation software last year. However, sometimes it’s arguably even more sensitive. Just last month it emerged that a classified US terrorist watchlist had been exposed to the public internet.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...