OSN October 28, 2021

Fortify Security Team
Oct 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors
Date Published: October 28, 2021


Excerpt: “According to the findings of the Menlo Security team, SEO poisoning by malware distributors is on the rise, with two notable examples being the Gootloader and SolarMarket campaigns. The actors inject sites with keywords that cover over 2,000 unique search terms, including “sports mental toughness,” “industrial hygiene walk-through,” “five levels of professional development evaluation,” and more. The optimized sites appear in search results as PDFs that, when visited, prompt a user to download the document, as shown below.”

Title: Grief Ransomware Targets NRA
Date Published: October 28, 2021


Excerpt: “A ransomware group tied to Russia claims to have stolen data from the National Rifle Association (NRA) in a ransomware attack on the controversial gun-rights group, which has declined to comment on the situation. The Grief ransomware gang listed the NRA as a victim of its nefarious activity on its data-leak site. Brett Callow, a threat analyst with cybersecurity firm Emsisoft, posted a screenshot of Grief’s post on his Twitter account.”

Title: German Investigators Identify Revil Ransomware Gang Core Member
Date Published: October 28, 2021


Excerpt: “German investigators have reportedly identified a Russian man named Nikolay K. whom they believe to be one of REvil ransomware gang’s core members, one of the most notorious and successful ransomware groups in recent years. The man is presenting himself as a cryptocurrency investor and trader, but the German authorities who have been following him for months think otherwise after tracking some of the Bitcoin payments he made over the years. As reported by German media, the investigators were able to link Bitcoin payments with ransoms paid to the GandCrab ransomware group, following attacks against a software developer and the State Theater in Stuttgart.”

Title: Ransomware Soars 148% to Record-Breaking Levels in 2021
Date Published: October 28, 2021


Excerpt: “The volume of ransomware attacks over the first three quarters of 2021 reached 470 million, a 148% increase on the same period last year, making 2021 already the worst year on record, according to SonicWall. The security vendor scrutinized attempts to compromise its global customers over the period and found that each company recorded 1,748 ransomware attacks in the year-to-date (YTD). That’s reportedly nearly 10 per business day. Q3 2021 saw the most significant volume of ransomware attacks recorded by the vendor – at 190.4 million. It nearly tops the 195.7 million attempts logged in the first three quarters of 2020.”

Title: Sensitive Data of 400,000 German Students Exposed by API Flaw
Date Published: October 28, 2021


Excerpt: “Zerforchung states that they disclosed the flaw to Scoolio on September 21, 2021, but it took the software developer until October 25, 2021 to deploy a patch. However, due to the simplicity of the fix and the sensitive nature of the exposed data, Wittmann believes the fix should have been released more quickly. “I would like to thank Ms. Wittmann for the information and the SDS for the exchange and thank you for your feedback on our security measures,” Danny Roller, CEO and Founder of the Scoolio app, shared in a statement.”

Title: New Wslink Malware Loader Runs as a Server and Executes Modules in Memory
Date Published: October 28, 2021


Excerpt: “Cybersecurity researchers on Wednesday took the wraps off a “simple yet remarkable” malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East. Codenamed “Wslink” by ESET, this previously undocumented malware stands apart from the rest in that it runs as a server and executes received modules in memory. There are no specifics available on the initial compromise vector and there are no code or operational overlaps that tie this tool to a known threat actor group.”

Title: Apple Ships Monterey With Security Updates, Fixes 0-Day in Watch and TV Products, Updates iDSevices
Date Published: October 28, 2021


Excerpt: “The latest macOS 12 Monterey emerges as 12.0.1. We’re assuming that the security patches in the otherwise brand-new Monterey release are listed for the benefit of anyone who’s been using the Beta version, because there are 37 listed fixes covering everything from AppKit to zsh. 15 of these were of the “malicious application may be able to execute arbitrary code” sort, with 9 of those bugs dealing with code execution bugs in the kernel itself.”

Title: Avast Releases Free Decrypters for Atomsilo and Lockfile Ransomware Families
Date Published: October 27, 2021


Excerpt: “Avast highlights a limitation of the decryption process because its Avast AtomSilo decryptor relies on a known file format in order to verify that the file was successfully decrypted. This implies that some files, such as files with proprietary or unknown format, may not be decrypted. Avast has released today a decryption tool for Babuk ransomware that allows victims to recover their files for free. The decryptor was created using the leaked source code and decryption keys. Avast released a free decryptor for the Babuk ransomware here.”

Title: Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam
Date Published: October 28, 2021


Excerpt: “During the early days of the pandemic, while the rest of the world was stress streaming and working on sourdough starter, an ambitious teen stuck in his bedroom decided to set up a fake “Love2Shop” gift card site to harvest people’s payment information, invest the stolen money in cryptocurrency and become a millionaire. The intrepid 17-year-old in the U.K. collected just under $9,000 before the real Love2Shop caught on when customers started to complain, according to a local report from Lincolnshire Live. The boy’s name is being withheld because he’s a juvenile.”

Title: [Security Nation] Jack Cable on Ransomwhere
Date Published: October 27, 2021


Excerpt: “Jack Cable is a security researcher and student at Stanford University, currently working as a security architect at Krebs Stamos Group. Jack formerly served as an Election Security Technical Advisor at CISA, where he led the development and deployment of Crossfeed, a pilot to scan election assets nationwide. Jack is a top-ranked bug bounty hacker, having identified over 350 vulnerabilities in companies including Google, Facebook, Uber, Yahoo, and the US Department of Defense.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...