OSN October 28, 2021

Fortify Security Team
Oct 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors
Date Published: October 28, 2021

https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/

Excerpt: “According to the findings of the Menlo Security team, SEO poisoning by malware distributors is on the rise, with two notable examples being the Gootloader and SolarMarket campaigns. The actors inject sites with keywords that cover over 2,000 unique search terms, including “sports mental toughness,” “industrial hygiene walk-through,” “five levels of professional development evaluation,” and more. The optimized sites appear in search results as PDFs that, when visited, prompt a user to download the document, as shown below.”

Title: Grief Ransomware Targets NRA
Date Published: October 28, 2021

https://threatpost.com/grief-ransomware-nra/175850/

Excerpt: “A ransomware group tied to Russia claims to have stolen data from the National Rifle Association (NRA) in a ransomware attack on the controversial gun-rights group, which has declined to comment on the situation. The Grief ransomware gang listed the NRA as a victim of its nefarious activity on its data-leak site. Brett Callow, a threat analyst with cybersecurity firm Emsisoft, posted a screenshot of Grief’s post on his Twitter account.”

Title: German Investigators Identify Revil Ransomware Gang Core Member
Date Published: October 28, 2021

https://www.bleepingcomputer.com/news/security/german-investigators-identify-revil-ransomware-gang-core-member/

Excerpt: “German investigators have reportedly identified a Russian man named Nikolay K. whom they believe to be one of REvil ransomware gang’s core members, one of the most notorious and successful ransomware groups in recent years. The man is presenting himself as a cryptocurrency investor and trader, but the German authorities who have been following him for months think otherwise after tracking some of the Bitcoin payments he made over the years. As reported by German media, the investigators were able to link Bitcoin payments with ransoms paid to the GandCrab ransomware group, following attacks against a software developer and the State Theater in Stuttgart.”

Title: Ransomware Soars 148% to Record-Breaking Levels in 2021
Date Published: October 28, 2021

https://www.infosecurity-magazine.com/news/ransomware-soars-record-breaking/

Excerpt: “The volume of ransomware attacks over the first three quarters of 2021 reached 470 million, a 148% increase on the same period last year, making 2021 already the worst year on record, according to SonicWall. The security vendor scrutinized attempts to compromise its global customers over the period and found that each company recorded 1,748 ransomware attacks in the year-to-date (YTD). That’s reportedly nearly 10 per business day. Q3 2021 saw the most significant volume of ransomware attacks recorded by the vendor – at 190.4 million. It nearly tops the 195.7 million attempts logged in the first three quarters of 2020.”

Title: Sensitive Data of 400,000 German Students Exposed by API Flaw
Date Published: October 28, 2021

https://www.bleepingcomputer.com/news/security/sensitive-data-of-400-000-german-students-exposed-by-api-flaw/

Excerpt: “Zerforchung states that they disclosed the flaw to Scoolio on September 21, 2021, but it took the software developer until October 25, 2021 to deploy a patch. However, due to the simplicity of the fix and the sensitive nature of the exposed data, Wittmann believes the fix should have been released more quickly. “I would like to thank Ms. Wittmann for the information and the SDS for the exchange and thank you for your feedback on our security measures,” Danny Roller, CEO and Founder of the Scoolio app, shared in a statement.”

Title: New Wslink Malware Loader Runs as a Server and Executes Modules in Memory
Date Published: October 28, 2021

https://thehackernews.com/2021/10/new-wslink-malware-loader-runs-as.html

Excerpt: “Cybersecurity researchers on Wednesday took the wraps off a “simple yet remarkable” malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East. Codenamed “Wslink” by ESET, this previously undocumented malware stands apart from the rest in that it runs as a server and executes received modules in memory. There are no specifics available on the initial compromise vector and there are no code or operational overlaps that tie this tool to a known threat actor group.”

Title: Apple Ships Monterey With Security Updates, Fixes 0-Day in Watch and TV Products, Updates iDSevices
Date Published: October 28, 2021

https://nakedsecurity.sophos.com/2021/10/27/apple-ships-monterey-with-security-updates-fixes-0-day-in-watch-and-tv-products-updates-idevices/

Excerpt: “The latest macOS 12 Monterey emerges as 12.0.1. We’re assuming that the security patches in the otherwise brand-new Monterey release are listed for the benefit of anyone who’s been using the Beta version, because there are 37 listed fixes covering everything from AppKit to zsh. 15 of these were of the “malicious application may be able to execute arbitrary code” sort, with 9 of those bugs dealing with code execution bugs in the kernel itself.”

Title: Avast Releases Free Decrypters for Atomsilo and Lockfile Ransomware Families
Date Published: October 27, 2021

https://securityaffairs.co/wordpress/123854/malware/atomsilo-lockfile-ransomware-decryptor.html

Excerpt: “Avast highlights a limitation of the decryption process because its Avast AtomSilo decryptor relies on a known file format in order to verify that the file was successfully decrypted. This implies that some files, such as files with proprietary or unknown format, may not be decrypted. Avast has released today a decryption tool for Babuk ransomware that allows victims to recover their files for free. The decryptor was created using the leaked source code and decryption keys. Avast released a free decryptor for the Babuk ransomware here.”

Title: Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam
Date Published: October 28, 2021

https://threatpost.com/teen-rakes-in-2-74m-worth-of-bitcoin-in-phishing-scam/175834/

Excerpt: “During the early days of the pandemic, while the rest of the world was stress streaming and working on sourdough starter, an ambitious teen stuck in his bedroom decided to set up a fake “Love2Shop” gift card site to harvest people’s payment information, invest the stolen money in cryptocurrency and become a millionaire. The intrepid 17-year-old in the U.K. collected just under $9,000 before the real Love2Shop caught on when customers started to complain, according to a local report from Lincolnshire Live. The boy’s name is being withheld because he’s a juvenile.”

Title: [Security Nation] Jack Cable on Ransomwhere
Date Published: October 27, 2021

https://heimdalsecurity.com/blog/70-of-wifi-networks-cracked-by-researcher-in-a-wifi-network-cracking-experiment/

Excerpt: “Jack Cable is a security researcher and student at Stanford University, currently working as a security architect at Krebs Stamos Group. Jack formerly served as an Election Security Technical Advisor at CISA, where he led the development and deployment of Crossfeed, a pilot to scan election assets nationwide. Jack is a top-ranked bug bounty hacker, having identified over 350 vulnerabilities in companies including Google, Facebook, Uber, Yahoo, and the US Department of Defense.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...

OSN August 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks Date Published: August 26, 2021 https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may...