OSN October 22, 2021

Fortify Security Team
Oct 22, 2021

Title: Cybersecurity Careers: What To Know and How To Get Started
Date Published: October 21, 2021

https://www.welivesecurity.com/2021/10/21/cybersecurity-careers-what-know-how-get-started/

Excerpt: “Indeed, demand for security professionals continues to outpace supply. The talent gap remains (de)pressing, not least because, you guessed it, security threats aren’t going anywhere. Nary an organization is immune from the myriad risks associated with cyberattacks, as threats escalate in size and frequency and hit ever closer to home, causing untold damage in the process (and in its aftermath). It’s little wonder, then, that many companies will pay top dollar to bring in and retain security talent, and it seems that the stars are aligned for those willing to seize the opportunities.”

Title: Ex-carrier employee sentenced for role in SIM-swapping scheme
Date Published: October 22, 2021

https://www.zdnet.com/article/ex-carrier-employee-charged-for-role-in-sim-swapping-scheme/

Excerpt: “These attacks require either internal help or the use of social engineering to convince a carrier to reroute calls and text messages from one handset to another. SIM-swapping is often performed to circumvent security controls including two-factor authentication (2FA) and to compromise accounts for services including banking and cryptocurrency wallets.  The victims may only have a small window of time to rectify the situation once they realize that phone calls and messages are not being received — but by the time they reach their service provider, attackers may have already secured the second-level security codes required to hijack other accounts.”

Title: Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild
Date Published: October 22, 2021

https://thehackernews.com/2021/10/researchers-discover-microsoft-signed.html

Excerpt: “To make potential takedown attempts more difficult, the rootkit comes with a built-in list of 300 domains on the ‘.xyz’ [top-level domain],” the researchers noted. “They seem to be generated randomly and stored in an encrypted form inside the binary.” The development marks the second time where malicious drivers with valid digital signatures issued by Microsoft through the Windows Hardware Quality Labs (WHQL) signing process have slipped through the cracks. In late June 2021, German cybersecurity company G Data disclosed details of another rootkit dubbed “Netfilter” (and tracked by Microsoft as “Retliften”), which, like FiveSys, also aimed at gamers in China.”

Title: Evil Corp Demands $40 Million in New Macaw Ransomware Attacks
Date Published: October 21, 2021

https://www.bleepingcomputer.com/news/security/evil-corp-demands-40-million-in-new-macaw-ransomware-attacks/

Excerpt: “This week, it was discovered that both attacks were conducted by a new ransomware known as Macaw Locker.In a conversation with Emsisoft CTO Fabian Wosar, BleepingComputer was told that, based on code analysis, MacawLocker is the latest rebrand of Evil Corp’s ransomware family. BleepingComputer has also learned from sources in the cybersecurity industry that the only two known Macaw Locker victims are Sinclair and Olympus. Sources also shared the private Macaw Locker victim pages for two attacks, where the threat actors demand a 450 bitcoin ransom, or $28 million, for one attack and $40 million for the other victim. It is unknown what company is associated with each ransom demand.”

Title: Nation-State Attacker of Telecommunications Networks
Date Published: October 22, 2021

https://www.schneier.com/blog/archives/2021/10/nation-state-attacker-of-telecommunications-networks.html

Excerpt: “LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures. Recent findings highlight this cluster’s extensive knowledge of telecommunications protocols, including the emulation of these protocols to facilitate command and control (C2) and utilizing scanning/packet-capture tools to retrieve highly specific information from mobile communication infrastructure, such as subscriber information and call metadata. The nature of the data targeted by the actor aligns with information likely to be of significant interest to signals intelligence organizations.”

Title: South African Police Arrest Eight Men Suspected of Targeting Widows in Romance Scams
Date Published: October 22, 2021

https://www.zdnet.com/article/south-african-police-arrest-eight-men-suspected-of-romance-scams/

Excerpt: “TimesLive reports that Black Axe has been operating romance scams since 2011. “It is alleged that these suspects, allegedly preyed on victims, many of whom are vulnerable widows or divorcees who were led to believe that they were in a genuine romantic relationship but were scammed out of their hard-earned money,” local police claim. “The suspects used social media websites, online dating websites to find and connect with their victims.” The sob stories employed by the suspects included a multitude of reasons as to why they needed cash, and quickly. The lines fed to their victims related to taxes that needed to be paid before inheritances were secured; travel overseas for emergencies, and pleas to help them get out of “crippling debt”.”

Title: Unhappy Customers and Their Own Tricks Used Against Them, Revil Ransomware Gang Reportedly Pulled Offline by ‘Multi-country’ Operations
Date Published: October 22, 2021

https://go.theregister.com/feed/www.theregister.com/2021/10/22/revil_offline_again/

Excerpt: “According to the report, law enforcement and intelligence specialists managed to gain access to REvil’s computer network infrastructure this week, thereby gaining partial control of servers. When servers were rebooted this last time around, some systems were already controlled by the government, thus using REvil’s own typical approach against them. It’s not the first time it has vanished – the group, which was responsible for the Colonial Pipeline ransomware attack last May, among many others, went offline in July and the main spokesman, “Unknown”, disappeared.”

Title: CISA: GPS Software Bug May Cause Unexpected Behavior This Sunday
Date Published: October 22, 2021

https://www.bleepingcomputer.com/news/technology/cisa-gps-software-bug-may-cause-unexpected-behavior-this-sunday/

Excerpt: “The Cybersecurity and Infrastructure Security Agency (CISA) warned that GPS devices might experience issues over the weekend because of a timing bug impacting Network Time Protocol  (NTP) servers running the GPS Daemon (GPSD) software. “The Network Time Protocol (NTP) has been critical in ensuring time is accurately kept for various systems businesses and organizations rely on. Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time. As such, should there be a severe mismatch in time, users would not be able to authenticate and gain access to systems.”

Title: Darkside Ransomware Gang Moves Some of Its Bitcoin After Revil Got Hit by Law Enforcement
Date Published: October 22, 2021

https://www.databreaches.net/darkside-ransomware-gang-moves-some-of-its-bitcoin-after-revil-got-hit-by-law-enforcement/

Excerpt: “The operators of the Darkside and BlackMatter ransomware strains have moved a large chunk of their Bitcoin reserves after news broke that fellow ransomware gang REvil had its servers taken over by a coalition of law enforcement agencies. Approximately 107 BTC ($6.8 million) were moved earlier today, according to Omri Segev Moyal, CEO and co-founder of security firm Profero. “Basically, since 2AM UTC whoever controlled the wallet started to break the BTC into small chunks,” Moyal told The Record.”

Title: Spectre V4.0: The Speed of Malware Threats After the Pandemics
Date Published: October 22, 2021

https://yoroi.company/research/spectre-v4-0-the-speed-of-malware-threats-after-the-pandemics/

Excerpt: “Cybercrime is today the first threat for businesses and actors are still evolving their malicious business models. In fact, the criminal ecosystem goes beyond the Malware-as-a-Service, many malware developers are increasing their dangerousness by providing infrastructure rental services included in the malicious software fee. This trend is slowly widening the audience of new hackers joining the criminal communities. As Malware ZLAB we constantly monitor this trend to ensure defense capabilities to constituency and partner organizations rely on Yoroi’s services to defend their business, and recently we noticed peaks of activity and fast evolution of a new emerging malware threat, the “Spectre” Remote Access Trojan (TH-309).”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...