OSN October 28, 2021

Fortify Security Team
Oct 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors
Date Published: October 28, 2021

https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/

Excerpt: “According to the findings of the Menlo Security team, SEO poisoning by malware distributors is on the rise, with two notable examples being the Gootloader and SolarMarket campaigns. The actors inject sites with keywords that cover over 2,000 unique search terms, including “sports mental toughness,” “industrial hygiene walk-through,” “five levels of professional development evaluation,” and more. The optimized sites appear in search results as PDFs that, when visited, prompt a user to download the document, as shown below.”

Title: Grief Ransomware Targets NRA
Date Published: October 28, 2021

https://threatpost.com/grief-ransomware-nra/175850/

Excerpt: “A ransomware group tied to Russia claims to have stolen data from the National Rifle Association (NRA) in a ransomware attack on the controversial gun-rights group, which has declined to comment on the situation. The Grief ransomware gang listed the NRA as a victim of its nefarious activity on its data-leak site. Brett Callow, a threat analyst with cybersecurity firm Emsisoft, posted a screenshot of Grief’s post on his Twitter account.”

Title: German Investigators Identify Revil Ransomware Gang Core Member
Date Published: October 28, 2021

https://www.bleepingcomputer.com/news/security/german-investigators-identify-revil-ransomware-gang-core-member/

Excerpt: “German investigators have reportedly identified a Russian man named Nikolay K. whom they believe to be one of REvil ransomware gang’s core members, one of the most notorious and successful ransomware groups in recent years. The man is presenting himself as a cryptocurrency investor and trader, but the German authorities who have been following him for months think otherwise after tracking some of the Bitcoin payments he made over the years. As reported by German media, the investigators were able to link Bitcoin payments with ransoms paid to the GandCrab ransomware group, following attacks against a software developer and the State Theater in Stuttgart.”

Title: Ransomware Soars 148% to Record-Breaking Levels in 2021
Date Published: October 28, 2021

https://www.infosecurity-magazine.com/news/ransomware-soars-record-breaking/

Excerpt: “The volume of ransomware attacks over the first three quarters of 2021 reached 470 million, a 148% increase on the same period last year, making 2021 already the worst year on record, according to SonicWall. The security vendor scrutinized attempts to compromise its global customers over the period and found that each company recorded 1,748 ransomware attacks in the year-to-date (YTD). That’s reportedly nearly 10 per business day. Q3 2021 saw the most significant volume of ransomware attacks recorded by the vendor – at 190.4 million. It nearly tops the 195.7 million attempts logged in the first three quarters of 2020.”

Title: Sensitive Data of 400,000 German Students Exposed by API Flaw
Date Published: October 28, 2021

https://www.bleepingcomputer.com/news/security/sensitive-data-of-400-000-german-students-exposed-by-api-flaw/

Excerpt: “Zerforchung states that they disclosed the flaw to Scoolio on September 21, 2021, but it took the software developer until October 25, 2021 to deploy a patch. However, due to the simplicity of the fix and the sensitive nature of the exposed data, Wittmann believes the fix should have been released more quickly. “I would like to thank Ms. Wittmann for the information and the SDS for the exchange and thank you for your feedback on our security measures,” Danny Roller, CEO and Founder of the Scoolio app, shared in a statement.”

Title: New Wslink Malware Loader Runs as a Server and Executes Modules in Memory
Date Published: October 28, 2021

https://thehackernews.com/2021/10/new-wslink-malware-loader-runs-as.html

Excerpt: “Cybersecurity researchers on Wednesday took the wraps off a “simple yet remarkable” malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East. Codenamed “Wslink” by ESET, this previously undocumented malware stands apart from the rest in that it runs as a server and executes received modules in memory. There are no specifics available on the initial compromise vector and there are no code or operational overlaps that tie this tool to a known threat actor group.”

Title: Apple Ships Monterey With Security Updates, Fixes 0-Day in Watch and TV Products, Updates iDSevices
Date Published: October 28, 2021

https://nakedsecurity.sophos.com/2021/10/27/apple-ships-monterey-with-security-updates-fixes-0-day-in-watch-and-tv-products-updates-idevices/

Excerpt: “The latest macOS 12 Monterey emerges as 12.0.1. We’re assuming that the security patches in the otherwise brand-new Monterey release are listed for the benefit of anyone who’s been using the Beta version, because there are 37 listed fixes covering everything from AppKit to zsh. 15 of these were of the “malicious application may be able to execute arbitrary code” sort, with 9 of those bugs dealing with code execution bugs in the kernel itself.”

Title: Avast Releases Free Decrypters for Atomsilo and Lockfile Ransomware Families
Date Published: October 27, 2021

https://securityaffairs.co/wordpress/123854/malware/atomsilo-lockfile-ransomware-decryptor.html

Excerpt: “Avast highlights a limitation of the decryption process because its Avast AtomSilo decryptor relies on a known file format in order to verify that the file was successfully decrypted. This implies that some files, such as files with proprietary or unknown format, may not be decrypted. Avast has released today a decryption tool for Babuk ransomware that allows victims to recover their files for free. The decryptor was created using the leaked source code and decryption keys. Avast released a free decryptor for the Babuk ransomware here.”

Title: Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam
Date Published: October 28, 2021

https://threatpost.com/teen-rakes-in-2-74m-worth-of-bitcoin-in-phishing-scam/175834/

Excerpt: “During the early days of the pandemic, while the rest of the world was stress streaming and working on sourdough starter, an ambitious teen stuck in his bedroom decided to set up a fake “Love2Shop” gift card site to harvest people’s payment information, invest the stolen money in cryptocurrency and become a millionaire. The intrepid 17-year-old in the U.K. collected just under $9,000 before the real Love2Shop caught on when customers started to complain, according to a local report from Lincolnshire Live. The boy’s name is being withheld because he’s a juvenile.”

Title: [Security Nation] Jack Cable on Ransomwhere
Date Published: October 27, 2021

https://heimdalsecurity.com/blog/70-of-wifi-networks-cracked-by-researcher-in-a-wifi-network-cracking-experiment/

Excerpt: “Jack Cable is a security researcher and student at Stanford University, currently working as a security architect at Krebs Stamos Group. Jack formerly served as an Election Security Technical Advisor at CISA, where he led the development and deployment of Crossfeed, a pilot to scan election assets nationwide. Jack is a top-ranked bug bounty hacker, having identified over 350 vulnerabilities in companies including Google, Facebook, Uber, Yahoo, and the US Department of Defense.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...