OSN September 23, 2021

Fortify Security Team
Sep 23, 2021

Title: Conti Ransomware Attacks on the Rise, FBI, CISA, and NSA Warn
Date Published: September 22, 2021

https://us-cert.cisa.gov/ncas/alerts/aa21-265a

Excerpt: “The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. (See FBI Flash: Conti Ransomware Attacks Impact Healthcare and First Responder Networks.) In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment. To secure systems against Conti ransomware, CISA, FBI, and the National Security Agency (NSA) recommend implementing the mitigation measures described in this Advisory, which include requiring multi-factor authentication (MFA), implementing network segmentation, and keeping operating systems and software up to date.”

Title: A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit
Date Published: September 23, 2021

https://thehackernews.com/2021/09/a-new-bug-in-microsoft-windows-could.html

Excerpt: “Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. “These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables,” researchers from Eclypsium said in a report published on Monday. “These tables can be exploited by attackers with direct physical access, with remote access, or through manufacturer supply chains. More importantly, these motherboard-level flaws can obviate initiatives like Secured-core because of the ubiquitous usage of ACPI [Advanced Configuration and Power Interface] and WPBT”.”

Title: Apple Announced that TLS 1.0 and 1.1 Has Been Deprecated in iOS 15, iPadOS 15, macOS 12, and More
Date Published: September 23, 2021

https://heimdalsecurity.com/blog/apple-announced-that-tls-1-0-and-1-1-has-been-deprecated-in-ios-15-ipados-15-macos-12-and-more/

Excerpt: “Transport Layer Security (TLS) is a cryptographic protocol designed to safeguard web traffic. It ensures data integrity and confidentiality in transit between clients and servers accessing and interchanging information. Apps such as voice over IP, instant messaging, and email use this secure communication protocol. As mentioned by BleepingComputer, the first TLS 1.0 specification and its TLS 1.1 successor were utilized for almost two decades. TLS 1.0 was initially defined in January 1999 as an upgrade of SSL Version 3.0 and TLS 1.1 in April 2006, both deprecated in 2020.”

Title: Ransomware Attackers Targeted This Company Then Defenders Discovered Something Curious
Date Published: September 23, 2021

https://www.zdnet.com/article/ransomware-attackers-targeted-this-company-then-defenders-discovered-something-curious/

Excerpt: “The attack methods used in the attempted ransomware campaign resembled techniques previously attributed to state-backed Chinese hacking operations including APT27 – also known as Emissary Panda.  eSentire said the low quality of the ransomware and the lack of any known ransomware breaches by this ‘Hello Ransomware’, along with the attackers’ use of intrusion and reconnaissance methods that are typically associated with sophisticated groups, raises the question of whether the ransomware is the primary goal of the operators. ”

Title: A Second Farming Cooperative Got Shut Down by Ransomware This Week
Date Published: September 23, 2021

https://heimdalsecurity.com/blog/farming-cooperative-shut-down-by-ransomware/

Excerpt: “It’s important to remember as well that earlier this month, the FBI released a notice in which it was warning the companies from the food and agriculture sector to watch out for ransomware attacks aiming to disrupt supply chains. In the notice, the FBI explains that food and agriculture ransomware attacks interrupt businesses, create financial losses, and have a detrimental impact on the food supply chain. Small farms to big producers, processors, and manufacturers, as well as marketplaces and restaurants, may be affected by ransomware. In a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems, cyber-criminal threat actors can now use network weaknesses in order to exfiltrate data and encrypt systems.”

Title: Researchers Finger New Apt Group, Famoussparrow, for Hotel Attacks
Date Published: September 23, 2021

https://www.theregister.com/2021/09/23/researchers_finger_new_apt_group/

Excerpt: “Researchers at security specialist ESET claim to have found a shiny new advanced persistent threat (APT) group dubbed FamousSparrow – after discovering its custom backdoor, SparrowDoor, on hotels and government systems around the world. “FamousSparrow is currently the only user of a custom backdoor that we discovered in the investigation and called SparrowDoor,” ESET researcher and co-author of the report Tahseen Bin Taj explained in a prepared statement. “The group also uses two custom versions of Mimikatz. The presence of any of these custom malicious tools could be used to connect incidents to FamousSparrow”.”

Title: Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers
Date Published: September 23, 2021

https://thehackernews.com/2021/09/colombian-real-estate-agency-leak.html

Excerpt: “More than one terabyte of data containing 5.5 million files has been left exposed, leaking personal information of over 100,000 customers of a Colombian real estate firm, according to cybersecurity company WizCase. The breach was discovered by Ata Hakçil and his team in a database owned by Coninsa Ramon H, a company that specializes in architecture, engineering, construction, and real estate services. “There was no need for a password or login credentials to see this information, and the data was not encrypted,” the researchers said in an exclusive report shared with The Hacker News.”

Title: More Afghan Citizens’ Data Exposed in Second MoD Breach
Date Published: September 23, 2021

https://www.infosecurity-magazine.com/news/afghan-citizens-data-exposed-mod/

Excerpt: “Earlier this week, the government department was forced to apologize for sending an email that exposed the data of more than 250 Afghan interpreters who worked for British forces during the allied occupation of the country. This included their email addresses, names and LinkedIn profile images, putting them at risk of reprisals from the Taliban, who recently retook control of Afghanistan 20 years after being ousted by British and US forces. A second data breach involving Afghan citizens who may be eligible to relocate to the UK has now been uncovered by the BBC, who revealed MoD officials sent an email earlier this month that mistakenly copied in dozens of people. This displayed the email addresses and some names of 55 Afghanis, including those from the Afghan National Army.”

Title: ANZ Reports a 73% Year-on-Year Increase in Scams for the First Eight Months of 2021
Date Published: September 23, 2021

https://www.zdnet.com/article/anz-reports-a-73-year-on-year-increase-in-scams-for-the-first-eight-months-of-2021/

Excerpt: “Australia and New Zealand Group (ANZ) chief executive Shayne Elliot has encouraged the Standing Committee of Economics to prioritise the need to raise further awareness, as well as recommend additional steps industry and government could take, to address the rising number of scams. In fronting the committee, which is currently undertaking a review of the four major banks and other financial institutions, Elliot highlighted that for the first eighteen months of 2021, ANZ had seen a 73% increase in scams being detected or reported by customers, compared to the same time last year.”

Title: Plugging the Holes: How to Prevent Corporate Data Leaks in the Cloud
Date Published: September 22, 2021

https://www.welivesecurity.com/2021/09/22/plugging-holes-how-prevent-corporate-data-leaks-cloud/

Excerpt: “Digital transformation saved many organizations during the pandemic. And now it’s seen as the key to driving success as they exit the global economic crisis. Cloud investments sit at the heart of these projects – supporting applications and business processes designed to power new customer experiences and operational efficiencies. According to Gartner, global spending on public cloud services is forecast to grow 18.4% in 2021 to total nearly $305 billion, and then increase by a further 19% next year. However, this opens the door to human error – as misconfigurations expose sensitive data to potentially malicious actors. Sometimes these records contain personally identifiable information (PII), such as the leak affecting millions at a Spanish developer of hotel reservation software last year. However, sometimes it’s arguably even more sensitive. Just last month it emerged that a classified US terrorist watchlist had been exposed to the public internet.”

Recent Posts

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...

November 16, 2022

Title: North Korean Hackers Target European Orgs With Updated Malware Date Published: November 15, 2022 https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-european-orgs-with-updated-malware/ Excerpt: “North Korean hackers are using a new...

November 16, 2022

Title: North Korean Hackers Target European Orgs With Updated Malware Date Published: November 15, 2022 https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-european-orgs-with-updated-malware/ Excerpt: “North Korean hackers are using a new...

November 15, 2022

Title: China-Based Campaign Uses 42,000 Phishing Domains Date Published: November 15, 2022 https://www.infosecurity-magazine.com/news/chinabased-campaign-42000-phishing/ Excerpt: “Security researchers have uncovered a sophisticated phishing campaign using tens of...

November 14, 2022

Title: Kmsdbot, a New Evasive Bot for Cryptomining Activity and Ddos Attacks Date Published: November 14, 2022 https://securityaffairs.co/wordpress/138514/malware/kmsdbot-golang-malware.html Excerpt: “Researchers spotted a new evasive malware, tracked as KmsdBot, that...