OSN October 13, 2021

Fortify Security Team
Oct 13, 2021

Title: Banco Pichincha Impacted by a Cyberattack
Date Published: October 13, 2021

https://heimdalsecurity.com/blog/banco-pichincha-impacted-by-a-cyberattack/

Excerpt: “The incident took place over the weekend, prompting the financial institution to halt parts of its network in order to prevent the attack from spreading to other systems. Banco Pichincha was seriously affected by the system outage, with ATMs no longer functioning and online banking portals displaying maintenance notifications. According to BleepingComputer, all the Banco Pichincha employees have been informed via an internal notice that due to a technological problem bank apps, email, digital channels, and self-services will be unavailable.”

Title: Mandating a Zero-Trust Approach for Software Supply Chains
Date Published: October 13, 2021

https://threatpost.com/mandate-zero-trust-software-supply-chains/175333/

Excerpt: “In the wake of the SolarWinds attack last year, President Biden issued an executive order in May advocating for mandatory software bills of materials, or SBOMs, to increase software transparency and counter supply-chain attacks. For reference, SBOMs are machine-readable documents that provide a definitive record of the components used to build a software product, including open-source software. As a security professional, I am encouraged by the SBOM mandate because it is a step towards providing greater transparency for the software that all organizations must buy and use.”

Title: Verizon-Owned Visible Network Suffers Suspected Data Breach
Date Published: October 12, 2021

https://www.xda-developers.com/verizon-owned-visible-network-suffers-suspected-data-breach/

Excerpt: “Social media sites, especially the Visible subreddit, are currently flooded with reports of Visible accounts being hijacked. In most cases, the email address associated with the account is reset by an unknown attacker, then the payment method on the account is used to order a phone. “My account got hacked and they shipped out a [sic] iPhone 13 worth 1k that was taken from my PayPal,” one Reddit user wrote. Another said, “I literally signed up for Visible yesterday, and bought a [sic] $812 iPhone through their website. I woke up to an email this morning telling me that the email address associated with my account has been changed. […] 7 hours later I got an email saying the shipping address on my account has been changed, and no, I still wasn’t able to log in”.”

Title: Critical Flaw in OpenSea Could Have Let Hackers Steal Cryptocurrency From Wallets
Date Published: October 13, 2021

https://thehackernews.com/2021/10/critical-flaw-in-opensea-could-have-let.html

Excerpt: “”Left unpatched, the vulnerabilities could allow hackers to hijack user accounts and steal entire cryptocurrency wallets by crafting malicious NFTs,” Check Point researchers said. As the name indicates, NFTs are unique digital assets such as photos, videos, audio, and other items that can be sold and traded on the blockchain, using the technology as a certificate of authenticity to establish a verified and public proof of ownership. The modus operandi of the attack relies on sending victims a malicious NFT that, when clicked, results in a scenario whereby rogue transactions can be facilitated through a third-party wallet provider simply by providing a wallet signature to connect their wallets and perform actions on the targets’ behalf. “Users should be hyper-aware of what they sign on OpenSea, as well as other NFT platforms, and whether it correlates with expected actions,” the researchers said.”

Title: How Ransomware as a Service Is Growing in Popularity
Date Published: October 13, 2021

https://medium.com/@AMATAS/how-ransomware-as-a-service-is-growing-in-popularity-493ba336e239

Excerpt: “Moreover, the amount of ransom has also been growing, with attackers becoming emboldened by repeated successes and “big hits” in recent years. According to Forbes, the cost of cleaning up after a ransomware attack has doubled over the last year, and the overall cost of a ransom situation is equal to 10 times the ransom itself. The average ransomware payment in 2021 has been estimated at $570,000.
One of the reasons for this significant increase in ransomware attacks is the entry of many new actors on the scene through the use of ransomware-as-as-Service (RaaS). In a short amount of time, RaaS has become an industry in itself. This has significantly lowered the entry bar allowing people with little knowledge of how to construct an attack alone to benefit from large ransomware groups’ know-how in return for a share of the profit.”

Title: Russia and China Left Out of Global Anti-ransomware Meetings
Date Published: October 13, 2021

https://www.bleepingcomputer.com/news/security/russia-and-china-left-out-of-global-anti-ransomware-meetings/

Excerpt: “The Counter-Ransomware Initiative meetings come in response to ongoing attacks, including ransomware attacks on Colonial Pipeline, JBS Foods, and Kaseya in the U.S., which have revealed significant vulnerabilities across critical worldwide infrastructure. “We’re hosting — we’re facilitating a virtual meeting. It’ll be joined by ministers and senior officials from over 30 countries and the European Union to accelerate cooperation to counter ransomware,” a senior administration official told reporters in a background press call today. “The Counter-Ransomware Initiative will meet over two days, and participants will cover everything from efforts to improve national resilience, to experiences addressing the misuse of virtual currency to launder ransom payments, our respective efforts to disrupt and prosecute ransomware criminals, and diplomacy as a tool to counter ransomware”.”

Title: Android Privacy Issues Were Discovered in a New Study
Date Published: October 13, 2021

https://heimdalsecurity.com/blog/android-privacy-issues-new-study/

Excerpt: “The same study explains that there is no “Opt-out” option available for Android users to choose as a mitigation measure against this type of data collection. Some smartphones vendor include third-party apps sometimes. This means that these third-party apps perform data collection in a silent way, so it does not matter if the owner of the device does not make use of them. What’s more, is that they cannot be removed. In regards to apps like miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei) which are basically build-in applications, the information can serve as a goal of man-in-the-middle (MitM) cyberattacks and this is because the information encrypted on these apps is possible to be decrypted. The experts under discussion have also shared a diagram of the data volume in KB/h that each vendor transmits:”

Title: Data Masking Is the Answer to a Data Breach
Date Published: October 13, 2021

https://bluebricks.medium.com/data-masking-is-the-answer-to-a-data-breach-85380556b57c

Excerpt: “According to stats, the rate of data breaches is growing rapidly every year compared to midyear of 2018, where the number of reported breaches was up by 54% in 2019. As IT industry leaders understand, data is the answer to building data-driven applications and software and unlocking ambitious advantages. It has become increasingly critical to grant reliable access to data that ripples across an organization to innovate faster and at scale without endangering its privacy and safety. Hence, it has now become a necessity for various organizations to update their data security systems.”

Title: Bugs Allowing Malicious NFT Uploads Uncovered in Opensea Marketplace
Date Published: October 13, 2021

https://www.zdnet.com/article/bugs-allowing-malicious-nft-uploads-uncovered-in-opensea-marketplace/

Excerpt: “NFTs, also known as non-fungible tokens, are digital assets that can be sold and traded on the blockchain. While some NFTs — from a pixel cartoon to a popular meme — can reach a sale price of millions of dollars, the popularity of this phenomenon has also created a new attack vector for exploitation.  On Wednesday, the Check Point Research (CPR) team said that flaws in the OpenSea NFT marketplace could have allowed “hackers to hijack user accounts and steal entire crypto wallets of users, by sending malicious NFTs.”

Title: University of Sunderland Hit by Suspected Cyber-Attack
Date Published: October 13, 2021

https://www.infosecurity-magazine.com/news/uni-sunderland-suspected-attack/

Excerpt: “A UK university has suffered a suspected cyber-attack, causing “extensive IT issues.” The University of Sunderland revealed the incident on its official Twitter account this morning, which stated: “our telephone lines, website and IT systems are still down.” The institution first reported it was experiencing IT problems yesterday (12 October) and has now said it “has all the hallmarks of a cyber-attack.” A local newspaper, the Sunderland Echo, reported that all online classes had been canceled, and staff members faced difficulties accessing their emails. In addition, the University of Sunderland’s official website remains down.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...