OSN October 21, 2021

Fortify Security Team
Oct 21, 2021

Title: Nine Arrested for Impersonating Bank Clerks To Steal From the Elderly

Date Published: October 21, 2021


Excerpt: “The Dutch Police have arrested nine people for targeting and stealing money from the elderly by impersonating bank employees. The group of bank help desk fraudsters, five men and four women between the ages of 20 and 27, were arrested between September 14 and October 19, 2021. The scammers now face criminal charges for defrauding multiple targets while posing as bank employees in phone calls where they used caller ID spoofing to make it appear as if they called from real financial institutions in the Netherlands.”

Title: Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer

Date Published: October 21, 2021


Excerpt: “A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could be?ome a gateway for a roster of attacks. Tracked as CVE-2021-35052, the bug impacts the trial version of the software running version 5.70. “This vulnerability allows an attacker to intercept and modify requests sent to the user of the application,” Positive Technologies’ Igor Sak-Sakovskiy said in a technical write-up. “This can be used to achieve remote code execution (RCE) on a victim’s computer”.”

Title: Palo Alto warns of BEC-as-a-service

Date Published: October 21, 2021


Excerpt: “The security team pored through hundreds of BEC cases, finding the average wire fraud attempted was $567,000, and the highest was $6 million. Among the hundreds of BEC cases Unit 42 tackled since the beginning of last year, researchers found that 89% of victims failed to turn on multi-factor authentication or follow best practices for its implementation. The FBI often cites BEC as one of the most lucrative cybercrimes, and the law enforcement agency reported last year that it led to $1.87 billion in losses. According to Palo Alto researchers, victims typically want to avoid reputational harm and often don’t go public, which has made BEC a relatively silent threat.”

Title: TeamTNT Deploys Malicious Docker Image on Docker Hub

Date Published: October 21, 2021


Excerpt: “Docker containers have become an integral part of the organisations. A lot of services nowadays run in isolated Docker containers. The threat actors on the other side are also trying to deploy malicious components to escape Docker containers and target host machines and the other nodes connected in a subnet and its swarm. Hence, to maintain a robust security stance, it is crucial to be able to detect malicious images early in the CI/CD pipeline as well as monitor all the container activities in runtime. ”

Title: Proposed HTTPA Protocol Uses TEEs to Secure the Web

Date Published: October 20, 2021


Excerpt: “A TEE refers to enclaves in memory where sensitive computations can be run on sensitive details. Both Intel and ARM offer hardware-based TEEs: the Intel Software Guard Extension (Intel SGX) and TrustZone. Wang and King note in the paper that SGX provides in-memory encryption to help protect the runtime computation and reduce risks of illegal leaking or modifying private information. “SGX also provides security assurances via remote attestation to the web client, including TCB identity, vendor identity and verification identity,” the paper says.”

Title: Malicious Campaign Uses a Barrage of Commodity Rats to Target Afghanistan and India

Date Published: October 19, 2021


Excerpt: “This threat actor, A.R., uses a front company to procure infrastructure for operationalizing their crimeware campaign. This campaign uses a variety of political and government-related themes in their icons and decoys. The infection chains utilized by the actor are simple and consist of delivering commodity RATs such as dcRAT, Quasar and AndroRAT to their victims. Their use of custom downloaders for delivery, file enumerators for reconnaissance, and infectors to weaponize benign documents indicates attempts at aggressive proliferation. These tools also indicate that the threat actor is actively pursuing creating bespoke tools to shift away from commodity malware.”

Title: Using Discord Infrastructure for Malicious Intent

Date Published: October 21, 2021


Excerpt: “After uploading the file, the user can copy the file’s CDN URL, allowing anyone that reaches this URL to download that file. In this way, Discord essentially works as a file hosting server, but one that is much easier to establish with no setup at all. An attacker can upload a file to a newly created designated server in seconds, or send the file to another party. In addition, the attacker’s privacy is ensured. There is no link between the uploader of the file to the URL. Combined with other methods, for example sending the file each interval to change the CDN URL, makes the process of tracing back to the attacker or blocking the payload more difficult.”

Title: Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices

Date Published: October 21, 2021


Excerpt: “Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems. The malicious packages in question — named okhsa, klow, and klown — were published by the same developer and falsely claimed to be JavaScript-based user-agent string parsers designed to extract hardware specifics from the “User-Agent” HTTP header. But unbeknownst to the victims who imported them, the author hid cryptocurrency mining malware inside the libraries.”

Title: Discord CDN Abuse Found to Deliver 27 Unique Malware Types

Date Published: October 21, 2021


Excerpt: “Files on the Discord CDN use a Discord domain with the link in the following format: hxxps://cdn.discordapp[.]com/attachments/{ChannelID}/{AttachmentID}/{filename} With RiskIQ’s deep and comprehensive view of the infrastructure across the web, our platform can detect these links and query Discord channel IDs used in these links. This process enables us to identify domains containing web pages that link out to a Discord CDN link with a specific channel ID.”

Title: As Vaccine Mandates Spread, So Too Do Vaccine Scams

Date Published: October 21, 2021


Excerpt: “This scam thrives on urgency. Notice how it says, “If you ignore or reject this invitation you might have to wait up to 12 months until you receive another one.” For travel-hungry Brits, this may be enough of a lure to cause them to jump into action. It’s important to know that in England, the only way to get a hard-copy of vaccination status is by registering your home address with a general practitioner. The NHS gets your address from those records. Beyond that, there are no links to the site in the email, which allowed it to bypass many traditional phishing filters. The email itself is well-written, with no easily discoverable spelling or grammar errors.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...