OSN October 22, 2021

Fortify Security Team
Oct 22, 2021

Title: Cybersecurity Careers: What To Know and How To Get Started
Date Published: October 21, 2021


Excerpt: “Indeed, demand for security professionals continues to outpace supply. The talent gap remains (de)pressing, not least because, you guessed it, security threats aren’t going anywhere. Nary an organization is immune from the myriad risks associated with cyberattacks, as threats escalate in size and frequency and hit ever closer to home, causing untold damage in the process (and in its aftermath). It’s little wonder, then, that many companies will pay top dollar to bring in and retain security talent, and it seems that the stars are aligned for those willing to seize the opportunities.”

Title: Ex-carrier employee sentenced for role in SIM-swapping scheme
Date Published: October 22, 2021


Excerpt: “These attacks require either internal help or the use of social engineering to convince a carrier to reroute calls and text messages from one handset to another. SIM-swapping is often performed to circumvent security controls including two-factor authentication (2FA) and to compromise accounts for services including banking and cryptocurrency wallets.  The victims may only have a small window of time to rectify the situation once they realize that phone calls and messages are not being received — but by the time they reach their service provider, attackers may have already secured the second-level security codes required to hijack other accounts.”

Title: Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild
Date Published: October 22, 2021


Excerpt: “To make potential takedown attempts more difficult, the rootkit comes with a built-in list of 300 domains on the ‘.xyz’ [top-level domain],” the researchers noted. “They seem to be generated randomly and stored in an encrypted form inside the binary.” The development marks the second time where malicious drivers with valid digital signatures issued by Microsoft through the Windows Hardware Quality Labs (WHQL) signing process have slipped through the cracks. In late June 2021, German cybersecurity company G Data disclosed details of another rootkit dubbed “Netfilter” (and tracked by Microsoft as “Retliften”), which, like FiveSys, also aimed at gamers in China.”

Title: Evil Corp Demands $40 Million in New Macaw Ransomware Attacks
Date Published: October 21, 2021


Excerpt: “This week, it was discovered that both attacks were conducted by a new ransomware known as Macaw Locker.In a conversation with Emsisoft CTO Fabian Wosar, BleepingComputer was told that, based on code analysis, MacawLocker is the latest rebrand of Evil Corp’s ransomware family. BleepingComputer has also learned from sources in the cybersecurity industry that the only two known Macaw Locker victims are Sinclair and Olympus. Sources also shared the private Macaw Locker victim pages for two attacks, where the threat actors demand a 450 bitcoin ransom, or $28 million, for one attack and $40 million for the other victim. It is unknown what company is associated with each ransom demand.”

Title: Nation-State Attacker of Telecommunications Networks
Date Published: October 22, 2021


Excerpt: “LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures. Recent findings highlight this cluster’s extensive knowledge of telecommunications protocols, including the emulation of these protocols to facilitate command and control (C2) and utilizing scanning/packet-capture tools to retrieve highly specific information from mobile communication infrastructure, such as subscriber information and call metadata. The nature of the data targeted by the actor aligns with information likely to be of significant interest to signals intelligence organizations.”

Title: South African Police Arrest Eight Men Suspected of Targeting Widows in Romance Scams
Date Published: October 22, 2021


Excerpt: “TimesLive reports that Black Axe has been operating romance scams since 2011. “It is alleged that these suspects, allegedly preyed on victims, many of whom are vulnerable widows or divorcees who were led to believe that they were in a genuine romantic relationship but were scammed out of their hard-earned money,” local police claim. “The suspects used social media websites, online dating websites to find and connect with their victims.” The sob stories employed by the suspects included a multitude of reasons as to why they needed cash, and quickly. The lines fed to their victims related to taxes that needed to be paid before inheritances were secured; travel overseas for emergencies, and pleas to help them get out of “crippling debt”.”

Title: Unhappy Customers and Their Own Tricks Used Against Them, Revil Ransomware Gang Reportedly Pulled Offline by ‘Multi-country’ Operations
Date Published: October 22, 2021


Excerpt: “According to the report, law enforcement and intelligence specialists managed to gain access to REvil’s computer network infrastructure this week, thereby gaining partial control of servers. When servers were rebooted this last time around, some systems were already controlled by the government, thus using REvil’s own typical approach against them. It’s not the first time it has vanished – the group, which was responsible for the Colonial Pipeline ransomware attack last May, among many others, went offline in July and the main spokesman, “Unknown”, disappeared.”

Title: CISA: GPS Software Bug May Cause Unexpected Behavior This Sunday
Date Published: October 22, 2021


Excerpt: “The Cybersecurity and Infrastructure Security Agency (CISA) warned that GPS devices might experience issues over the weekend because of a timing bug impacting Network Time Protocol  (NTP) servers running the GPS Daemon (GPSD) software. “The Network Time Protocol (NTP) has been critical in ensuring time is accurately kept for various systems businesses and organizations rely on. Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time. As such, should there be a severe mismatch in time, users would not be able to authenticate and gain access to systems.”

Title: Darkside Ransomware Gang Moves Some of Its Bitcoin After Revil Got Hit by Law Enforcement
Date Published: October 22, 2021


Excerpt: “The operators of the Darkside and BlackMatter ransomware strains have moved a large chunk of their Bitcoin reserves after news broke that fellow ransomware gang REvil had its servers taken over by a coalition of law enforcement agencies. Approximately 107 BTC ($6.8 million) were moved earlier today, according to Omri Segev Moyal, CEO and co-founder of security firm Profero. “Basically, since 2AM UTC whoever controlled the wallet started to break the BTC into small chunks,” Moyal told The Record.”

Title: Spectre V4.0: The Speed of Malware Threats After the Pandemics
Date Published: October 22, 2021


Excerpt: “Cybercrime is today the first threat for businesses and actors are still evolving their malicious business models. In fact, the criminal ecosystem goes beyond the Malware-as-a-Service, many malware developers are increasing their dangerousness by providing infrastructure rental services included in the malicious software fee. This trend is slowly widening the audience of new hackers joining the criminal communities. As Malware ZLAB we constantly monitor this trend to ensure defense capabilities to constituency and partner organizations rely on Yoroi’s services to defend their business, and recently we noticed peaks of activity and fast evolution of a new emerging malware threat, the “Spectre” Remote Access Trojan (TH-309).”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...