OSN October 4, 2021

Fortify Security Team
Oct 4, 2021

Title: Sandhills Shut Down by Ransomware Attack
Date Published: October 4, 2021

https://heimdalsecurity.com/blog/sandhills-shut-down-by-ransomware-attack/

Excerpt: “Sandhills Global is a privately held information processing firm based in the United States that creates a wide range of products and services, ranging from well-known trade magazines and websites to hosted technology services. The transportation, agricultural, aerospace, heavy machinery, and technology industries are the company’s primary customers. TractorHouse, Machinery Trader, Machinery Trader Auction Results, Truck Paper, RentalYard, and AuctionTime, as well as Controller, Executive Controller, and Charter Hub, are among its trade magazines. A website is available for each print newspaper. The publication giant suffered a ransomware attack that unfortunately caused hosted websites to become inaccessible, in this way disrupting their business operations.”

Title: Major Data Breach Hits Neiman Marcus
Date Published: October 1, 2021

infosecurity-magazine.com/news/major-data-breach-hits-neiman/  

Excerpt: “The owner of two chains of American luxury department stores has warned 4.6 million Neiman Marcus customers that their personal data may have been exposed in a security incident that happened 17 months ago. Neiman Marcus Group, which owns the Neiman Marcus and Bergdorf Goodman department stores, as well as the high-end home goods line Horchow, said the incident may have exposed information including names, contact details, and payment card information. In a statement released Thursday, the Group said it had “recently learned that an unauthorized party obtained personal information associated with certain Neiman Marcus customers’ online accounts”.”

Title: Pottawatomie County Paid the Ransom to Recover Its Systems
Date Published: October 4, 2021

https://securityaffairs.co/wordpress/122933/cyber-crime/pottawatomie-county-paid-ransom.html

Excerpt: “Kinsley did not reveal how much the Pottawatomie County paid, but WIBW-TV has filed an open record request to determine the ransom paid by the county. “We are a small county with small resources,” declared Kinsley. “With the extraordinary demands that the COVID-19 pandemic has placed on local governments like ours, we wanted to make sure that the hackers understood that there was no way we could even come close to meeting their demand,” he said. “We were focused on protecting taxpayers and doing everything we could to resolve the issue with as little as possible. We believe we succeeded at that”.”

Title: Open Source: Google Is Going to Pay Developers to Make Projects More Secure
Date Published: October 4, 2021

https://www.zdnet.com/article/open-source-google-is-going-to-pay-developers-to-make-projects-more-secure/

Excerpt: “The rewards range from “$10,000 or more” for hardening software in a way that prevents major bugs to $505 for “small improvements” that have merit, according to a Google blogspot. Rewards of between $5,000 to $10,000 are available for “moderately complex improvements that offer compelling security benefits” while rewards of $1,000 to $5,000 are for solutions that display “modest complexity and impact”. “We are starting with a $1 million investment and plan to expand the scope of the program based on community feedback,” say members of the Google Open Source Security Team. The program aims to support projects that proactively harden critical open-source projects and supporting infrastructure against application and supply chain attacks.”

Title: New Atom Silo Ransomware Targets Vulnerable Confluence Servers
Date Published: October 4, 2021

https://www.bleepingcomputer.com/news/security/new-atom-silo-ransomware-targets-vulnerable-confluence-servers/

Excerpt: “The discovery was made by SophosLabs researchers while investigating a recent incident. They also found that the ransomware used by this new group is almost identical to LockFile, which is itself very similar to the one used by the LockBit ransomware group. However, Atom Silo operators use “several novel techniques that made it extremely difficult to investigate, including the side-loading of malicious dynamic-link libraries tailored to disrupt endpoint protection software.” After compromising Confluence servers and installing a backdoor, the threat actors drop a second-stage stealthier backdoor using DLL side-loading to launch it on the breached system. Ransomware payloads deployed by Atom Silo also come with a malicious kernel driver used to disrupt endpoint protection solutions and evade detection.”

Title: Two Ransomware Operators Were Arrested in Kyiv With Europol’s Support
Date Published: October 4, 2021

https://securityaffairs.co/wordpress/122922/cyber-crime/ransomware-operators-arrested.html

Excerpt: According to Ukraine officials, the two crooks were responsible for attacks on more than 100 companies across the world and have caused more than $150 million in damages. “According to police, the man had an accomplice who helped to withdraw money obtained by criminal means.” reads the press release published by the Ukrainian police. “With the involvement of a special unit of the TOR of the patrol police, searches were conducted at the place of residence of the defendant and in the homes of his relatives. As a result, computer equipment, mobile phones, vehicles and more than 360 thousand dollars in cash were seized. In addition, $ 1.3 million was blocked on the attacker’s cryptocurrencies.”

Title: Oxford Statement on International Law Protections in Cyberspace: The Regulation of Ransomware Operations
Date Published: October 4, 2021

https://www.justsecurity.org/78457/oxford-statement-on-international-law-protections-in-cyberspace-the-regulation-of-ransomware-operations/

Excerpt: “Recent months saw a significant surge in ransomware operations. For instance, in May 2021, Colonial Pipeline, a United States oil pipeline system carrying gasoline and jet fuel, was forced to halt its operations to ensure system safety following a ransomware attack. As a result, there was panic buying and shortage of gasoline which led to the highest average gasoline prices in the US for seven years. The attack on the meat provider JBS has been connected to a rise in the price of beef and pork. In the United Kingdom, ransomware attacks have targeted the education sector with increasing frequency, leading to the loss of student coursework, school financial records and data relating to COVID-19 testing.”

Title: Fraudster Jailed for Stealing Us Military Health Records, Millions in Benefits
Date Published: October 4, 2021

https://www.zdnet.com/article/fraudster-jailed-for-stealing-us-military-health-records-millions-in-benefits/

Excerpt: “The US Department of Justice (DoJ) named Fredrick Brown of Las Vegas, Nevada, as a former medical records technician who had access to the Armed Forces Health Longitudinal Technology Application, an electronic records system used to manage military-affiliated medical records. Between July 2014 and September 2015, the 40-year-old stole the personal identifying information (PII) of over 3,300 individuals, including “at least eight general officers, as well as numerous disabled veterans,” the DoJ says. Military dependents and civilian employees of the Department of Defense (DoD) were also involved in the security breach.”

Title: Barclays Hacked by Cyberthieves Using Monzo Account, PISP
Date Published: October 4, 2021

https://www.databreaches.net/barclays-hacked-by-cyberthieves-using-monzo-account-pisp/

Excerpt: “Millions of pounds were swiped from Barclays accounts in a series of coordinated cyberattacks by a fraudster using a Monzo account and a payments initiation service provider (PISP), The Telegraph reported. PISPs are a newer concept, introduced by the revised European Payment Services Directive (PSD2), and give retail customers the ability to pay companies directly from their bank account instead of using a debit or credit card. “There is nothing new or different about a fraudster’s approach to these cases that are specific to using a PISP,” a Barclays spokesperson said, per the report. “It is the same type of social engineering to convince victims to share passcodes/Pinsentry codes as is done to defraud customers through traditional channels.”

Title: Mobile Malware: TangleBot Untangled
Date Published: October 4, 2021

https://www.proofpoint.com/us/blog/threat-insight/mobile-malware-tanglebot-untangled

Excerpt: “On the heels of a busy summer tracking the rapid spread of FluBot mobile malware across Europe and Australia, Proofpoint researchers have observed yet another malware campaign, dubbed TangleBot, designed to steal mobile users’ sensitive information.  TangleBot started off using ever popular Covid-themed lures to trick Android users in Canada and the United States into installing malware on their devices. Proofpoint threat analysts recently  covered a high-level overview of TangleBot on the Cloudmark blog, warning mobile users of this threat. In this blog, researchers dive into the malware, detailing what makes it interesting and why it has been coined TangleBot.  Proofpoint took notice of this malware prior to widespread distribution and worked with our partners at Google to ensure Google Play Protect adequately detects the software (Figure 1) helping ensure protection for the greater global community.  ”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...