OSN October 14, 2021

Fortify Security Team
Oct 14, 2021

Title: State-Sponsored Iranian Hackers Uploaded Fake Vpn App to Google’s Play Store, Posed as University Officials
Date Published: October 14, 2021

https://www.cyberscoop.com/iran-hacker-google-app-vpn-email/

Excerpt: “The espionage group APT35, also known as Charming Kitten, last year successfully uploaded to Google’s Play Store an app that masqueraded as a virtual private network service, claiming the tool would safeguard user data. In fact, the apparent VPN program functioned as spyware, collecting call logs, text messages, contacts and location data from affected devices. Google said in an Oct. 14 update that it detected the program “quickly” and removed it before any downloads occurred. The surveillance app marks an update to existing APT 35 tactics. The group is best known for reportedly targeting email accounts associated with former President Donald Trump’s election campaign in 2020 and espionage around major geopolitical events, such as negotiations related to the 2015 nuclear deal between the U.S. and Iran.”

Title: Australia to Try a New Strategy Regarding Ransomware Data Breaches
Date Published: October 14, 2021

https://heimdalsecurity.com/blog/australia-to-try-a-new-strategy-regarding-ransomware-data-breaches/

Excerpt: “Some of the highlights mentioned in the initiative are: The establishment of ‘Operation Orcus,’ a multi-agency group commanded by the AFP (Australian Federal Police). The implementation of a mandatory ransomware incident reporting provision for all affected organizations. The design of awareness-raising initiatives for various types of enterprises. Cyber extortionists and ransomware perpetrators based in the nation would face tougher penalties. Make a stronger case against countries that aid ransomware attacks or provide safe havens for hackers. Track and intercept bitcoin transactions that have been linked to ransomware or other criminal operations. The Government aims to establish additional authorities through the Surveillance Legislation Amendment Act 2021 to improve its capacity to conduct investigations and prevent ransomware assaults.”

Title: This New Ransomware Encrypts Your Data and Makes Some Nasty Threats, Too
Date Published: October 14, 2021

https://www.zdnet.com/article/this-new-ransomware-encrypts-your-data-and-makes-some-nasty-threats-too/

Excerpt: “Cyber criminals are distributing a new form of ransomware in attacks against victims in which they not only encrypt the network, but also make threats to launch distributed denial of service (DDoS) attacks and to harass employees and business partners if a ransom isn’t paid. Dubbed Yanluo Wang, the ransomware was uncovered by cybersecurity researchers in Broadcom Software’s Symantec Threat Hunter team while they were investigating an attempted cyberattack against an undisclosed large organisation. While the attempted attack wasn’t successful, the investigation revealed a new form of ransomware. It also provided insight into how some cyber criminals are attempting to make attacks more effective – in this case, with the threat of additional attacks.”

Title: Acer Suffered the Second Security Breach in a Few Months
Date Published: October 13, 2021

https://thehackernews.com/2021/10/critical-flaw-in-opensea-could-have-let.html

Excerpt: “Left unpatched, the vulnerabilities could allow hackers to hijack user accounts and steal entire cryptocurrency wallets by crafting malicious NFTs,” Check Point researchers said. As the name indicates, NFTs are unique digital assets such as photos, videos, audio, and other items that can be sold and traded on the blockchain, using the technology as a certificate of authenticity to establish a verified and public proof of ownership. The modus operandi of the attack relies on sending victims a malicious NFT that, when clicked, results in a scenario whereby rogue transactions can be facilitated through a third-party wallet provider simply by providing a wallet signature to connect their wallets and perform actions on the targets’ behalf. “Users should be hyper-aware of what they sign on OpenSea, as well as other NFT platforms, and whether it correlates with expected actions,” the researchers said.”

Title: Analyzing Email Services Abused for Business Email Compromise
Date Published: October 14, 2021

https://www.trendmicro.com/en_us/research/21/j/analyzing-email-services-abused-for-business-email-compromise.html

Excerpt: “The gradual increase throughout the year prompted us to pay attention to the campaigns being deployed, but the sudden increase in August caught our interest. Compared to campaigns from previous years in which BEC actors mostly impersonated executives or ranking management personnel, we observed a specific BEC campaign type spoofing general employees’ display names. We noticed a sudden upshot of dangerous emails impersonating and targeting ordinary employees for money transfers, bank payroll account changes, or various company-related information. We launched the “BEC Display Name Spoofing” detection solution for Trend Micro™ Cloud App Security in Q1 to address this issue. Following this, we also observed the highest volume of BEC detections in the Americas.”

Title: The Anonymous Domain Registration Might Be Prohibited Shortly
Date Published: October 14, 2021

https://heimdalsecurity.com/blog/the-anonymous-domain-registration-might-be-prohibited-shortly/

Excerpt: “In order to get a domain name, you have to register the name you want with ICANN (Internet Corporation for Assigned Names and Numbers). ICANN is a non-profit organization in charge of coordinating the upkeep and operations of several databases related to the Internet’s namespaces and numerical spaces, making sure the network is functioning securely and stably. As soon as a domain name is registered on the internet, the users’ personal information such as name, physical & email addresses, and mobile number will be collected by a registrar. Nevertheless, the accuracy of the registered information is not being confirmed, and it may contain erroneous data.”

Title: FBI Warns of Ransomware Gang – What You Need to Know About the Onepercent Group
Date Published: October 14 2021

https://cybersecurity.att.com/blogs/security-essentials/fbi-warns-of-ransomware-gang-what-you-need-to-know-about-the-onepercent-group

Excerpt: “Social engineering is a term that describes a variety of tactics that cybercriminals use to trick individuals into divulging critical information or downloading malware onto their devices.  Although phishing scams have been around about as long as the internet, hackers like OnePercent Group still rely on social engineering to fool high level members of corporate organizations. In fact, a recent survey indicated that over 60% of executives cited phishing and ransomware as their top concerns. Most hackers cause cyberattacks with the intention of making money off of a company, an individual, or off of the information that they are able to get out of their victims. Social engineering helps hackers acquire confidential data faster so they can have a better chance of carrying out and completing their attacks.”

Title: 7-Eleven Breached Customer Privacy by Collecting Facial Imagery Without Consent
Date Published: October 13, 2021

https://www.zdnet.com/article/7-eleven-collected-customer-facial-imagery-during-in-store-surveys-without-consent/

Excerpt: “After becoming aware of this activity in July last year, the Office of the Australian Information Commissioner (OAIC) commended an investigation into 7-Eleven’s survey. During the investigation [PDF], the OAIC found 7-Eleven stored the facial images on tablets for around 20 seconds before uploading them to a secure server hosted in Australia within the Microsoft Azure infrastructure. The facial images were then retained on the server, as an algorithmic representation, for seven days to allow 7-Eleven to identify and correct any issues, and reprocess survey responses, the convenience store giant claimed. The facial images were uploaded to the server as algorithmic representations, or “faceprints”, that were then compared with other faceprints to exclude responses that 7-Eleven believed may not be genuine.”

Title: New Bill to Require Cyber Attack Reporting in the US
Date Published: October 13, 2021

https://www.trendmicro.com/en_us/research/21/j/new-cisa-bill-to-require-cyber-attack-reporting-in-the-us.html

Excerpt: “If enacted, the Cyber Incident Notification Act of 2021 would require critical infrastructure owners and operators to notify the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours if they are experiencing cyberattacks. Moreover, non-profits, businesses with over 50 employees, and state and local governments would have to notify the federal government within 24 hours if ransomware payments have been made. The new legislation comes after various major cyber attacks and ransomware incidents earlier, including the Colonial Pipeline attack. It would also give CISA the authority to subpoena entities that fail to report incidents or ransomware payments.”

Title: FreakOut Botnet Turns DVRs Into Monero Cryptominers
Date Published: October 13, 2021

https://threatpost.com/freakout-botnet-dvrs-monero-cryptominers/175467/

Excerpt: Threat group FreakOut’s Necro botnet has developed a new trick: infecting Visual Tools DVRs with a Monero miner. Juniper Threat Labs researchers have issued a report detailing new activities from FreakOut, also known as Necro Python and Python.IRCBot. In late September, the team noticed that the botnets started to target Visual Tools DVR VX16 4.2.28.0 models with crypto mining attacks. The devices are typically deployed as part of a professional-quality surveillance system. A command injection vulnerability was found in the same devices last July. Visual Tools has not yet responded to Threatpost’s request for comment.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...