OSN October 26, 2021

Fortify Security Team
Oct 26, 2021

Title: Cartesi Launches Bug Bounty Program With Immunefi To Harden Noether’s POS

Date Published: October 26, 2021


Excerpt: “Cartesi is the first OS on the blockchain, and our Layer-2 solution integrates Linux and standard programming environments to blockchain. This allows developers to code scalable smart contracts with rich software tools, libraries, and services they are used to.
Cartesi bridges the gap between mainstream software and blockchain, welcoming millions of new startups and their developers to blockchain by bringing Linux to blockchain applications. Cartesi combines a groundbreaking virtual machine, optimistic rollups, and side-chains to revolutionize the way developers create blockchain applications.”

Title: Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

Date Published: October 26, 2021


Excerpt: “Threat actors are using malicious Android apps to scam users into signing up for a bogus premium SMS subscription service, which results in big charges accruing on their phone bills. Jakub Vavra from the threat operations team of security firm Avast uncovered the campaign, which he dubbed UltimaSMS because one of the first apps he discovered being used to scam people was called Ultima Keyboard Pro, he said in a blog post published Monday. “The fake apps I found feature a wide range of categories such as custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, among others,” Vavra wrote in the post.”

Title: How an MSSP Discovered a Compromised RDP Sold in a Dark Web Access Market

Date Published: October 26, 2021


Excerpt: “The analyst discovered that the client had an exposed RDP server whose IP address began 52.172.*.*. From there, she searched these two octets in the Cyber Sixgill Investigative Portal. The analyst discovered that a machine with matching octets and other metadata (including geolocation) was sold on a dark web RDP market known as a popular source for ransomware groups to purchase initial network access With this intel in hand, the analyst concluded that there was a significant likelihood that the attacker had purchased access to the vulnerable server on this dark web market. Thus, empowered by Cybersixgill’s Portal, she was able to map out a coherent forensic hypothesis for the attack.”

Title: Nearly All Us Execs Have Experienced a Cybersecurity Threat, but Some Say There’s Still No Plan

Date Published: October 26, 2021


Excerpt: “On Tuesday, Deloitte published the results of a new survey, taking place between June 6 and August 24, 2021, which includes the responses of 577 C-suite executives worldwide (159 in the US) on today’s cybersecurity threats.  The research — including insight from those in CEO, CISO, and other leadership roles — suggests that nearly all US executives have come across at least one cybersecurity event over the past year, 98%, in comparison to 84% internationally. The COVID-19 pandemic has led to an increase in cybersecurity incidents and it appears that the event rate may disproportionately have impacted organizations in the United States.”

Title: DDoSers Take Weekend off Only To Resume Campaign Against UK’s Voipfone on Monday

Date Published: October 26, 2021


Excerpt: “It never rains but it pours. Internet telephone service provider Voipfone, currently battling a “major outage” across all voice services, has admitted to being hit by an “extortion-based DDoS attack from overseas criminals” that knocked it offline last week. A Distributed Denial of Service (DDoS) attack took down the company’s platform for nearly four hours on the evening of Friday 22 October. Issues were reported on Voipfone’s status page at 16:15 BST shortly followed by an apology and a suggestion to customers that “you might wish to set your phones to automatically failover to the PSTN or mobile networks”.”

Title: Vulnerabilities Missing from the OWASP Top 10

Date Published: October 26, 2021


Excerpt: “All of the files stored on web servers are generally listed in one directory. A user typically includes the filename in a request to find a specific file in a web application. This feature allows the user to choose another file if the indexed file is not available. Web servers, however, index files automatically.
A malicious actor can exploit vulnerabilities in the directory index to gain access to information that reveals more about the system if the application returns a list of all the files stored. Users can learn about naming conventions and personal accounts, for instance. Credential theft attacks can use both data points to locate sensitive information.”

Title: Iranian State Media Blames Hack for Apparent Fuel Shortage, the Latest Incident To Draw Attention

Date Published: October 26, 2021


Excerpt: “While specific details of the incident remain unclear, Iranian state broadcasters cited an unnamed government official who said malicious cyber activity was responsible for the outages. Oil Ministry officials conducted an “emergency meeting” to resolve the issue, while Associated Press journalists observed long lines of motorists dealing with gas shortages at fuel stations in Tehran. The “semi official” news agency ISNA reported that fuel pumps would state the message “cyberattack 64411” upon trying to purchase gas, the Associated Press reported. The same number, 64411, also appeared in a July cyber incident that affected Iranian rail systems, a matter that the security firm Check Point attributed to Indra, a hacking group that identifies itself as an Iranian government resistance group. The 64411 number reportedly belongs to an office of Iran’s Supreme Leader, Ayatollah Ali Khamenei.”

Title: Malicious Firefox Add-ons Block Browser From Downloading Security Updates

Date Published: October 26, 2021


Excerpt: “Because the Proxy API can be used to proxy web requests, an abuse of the API could enable a bad actor to control the manner Firefox browser connects to the internet effectively. In addition to blocking the extensions to prevent installation by other users, Mozilla said it’s pausing on approvals for new add-ons that use the proxy API until the fixes are broadly available. What’s more, the California-based non-profit said it’d deployed a system add-on named “Proxy Failover” that ships with further mitigations to address the issue.”

Title: Kansas Man Pleads Guilty To Hacking the Post Rock Rural Water District

Date Published: October 26, 2021


Excerpt: “In April, the United States Department of Justice charged Wyatt A. Travnichek, of Ellsworth County, Kansas, for accessing and tampering with the computer system of the Ellsworth County Rural Water District. Travnichek accessed the computer systems of the Public Water System on March 27, 2019, without authorization. Travnichek worked for the Ellsworth County Rural Water District for roughly one year, he was remote monitoring the plan by accessing the Post Rock computer system.”

Title: Home Affairs in Talks To Give Telcos More Blocking Powers Against Malicious Messages

Date Published: October 26, 2021


Excerpt: “The Department of Home Affairs is in talks with the telecommunications industry to provide more powers to telcos for blocking spam and malicious content. “We are in discussion with the telcos that provide your services … under the Telecommunications Act, section 313, there might be a possibility for the telcos to act as an authorised blocking agent — that is to say, it’s unwanted, I don’t want this to come to my computer, I don’t want this to come to my phone. It’s malicious,” Home Affairs secretary Mike Pezzullo told Senate Estimates on Monday evening.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...