OSN October 8, 2021

Fortify Security Team
Oct 8, 2021

Title: Brewdog Exposed Data of 200,000 Shareholders for Over a Year
Date Published: October 8, 2021


Excerpt: “According to PenTestPartners, BrewDog “declined to inform their shareholders and asked not to be named” in the research revealing the security flaw. On October 8, the cybersecurity firm said that the Scottish brewery implemented a hard-coded Bearer authentication token associated with API endpoints designed for BrewDog’s mobile applications. The tokens were returned, but rather than being triggered once a user has submitted their credentials — therefore, allowing access to an endpoint — as they were hardcoded, this verification step was missed.”

Title: Illegal Activities Endure on China’s Dark Web Despite Strict Internet Control
Date Published: October 5, 2021


Excerpt: “Chinese-language dark web sources are predominantly driven by financially motivated cybercriminals operating on marketplaces. Due to the government’s low tolerance of cybercrime and frequent crackdowns, maintaining good operational security and anonymity is essential for these cybercriminals. Although there is a wide variety of offerings in the Chinese-language dark web marketplaces, they are generally dominated by leaked data and virtual goods, which are easy to buy and sell while remaining anonymous.”

Title: A Rising Tide Lifts All Boats in Maritime Cybersecurity
Date Published: October 8, 2021


Excerpt: “The disruption held up an estimated $9 billion of trade per day. Today, the Port of Los Angeles and the Port of Long Beach are experiencing disruptions leading to a record number of ships waiting off the coast of California. These disruptions have permeated throughout the supply chains for goods that Americans rely on from computers and chips to cars and clothing. The lesson is clear: The maritime industry is full of chokepoints which, if manipulated, can cause cascading economic impacts that affect Americans.”

Title: Russia Poses the Biggest Nation-State Cyber Threat, Says Microsoft
Date Published: October 8, 2021


Excerpt: “Beijing-backed hackers caused a crisis after hacking Exchange email servers this year with flaws Microsoft didn’t know about, but Microsoft says Russian hackers are far more prolific than those from China, or any other nation. “During the past year, 58% of all cyberattacks observed by Microsoft from nation-states have come from Russia,” Tom Burt, Microsoft corporate vice president said in a blogpost detailing government-backed hacking over the past year. The US and UK blamed the Russian Foreign Intelligence Service (SVR) for the huge software supply chain attack on US enterprise software vendor, SolarWinds, which affected 18,000 customers including top tech firms and US government agencies. Microsoft, which was also compromised by the hack, calls this group of hackers Nobelium; others call it APT28.”

Title: Engineering Giant Weir Group Hit by Ransomware Attack
Date Published: October 8, 2021


Excerpt: “Our forensic investigation of the incident is continuing and so far, there is no evidence that any personal or other sensitive data has been exfiltrated or encrypted,” the group stated. “We are continuing to liaise with regulators and relevant intelligence services. Weir confirms that neither it, nor anyone associated with Weir, have been in contact with the persons responsible for the cyber-attack.” The group employs more than 11,500 people in over 50 countries and provides services for the mining, infrastructure, and oil and gas markets.”

Title: Apache Issues Another Emergency Patch for Exploited Flaws
Date Published: October 8, 2021


Excerpt: “The news comes ahead of what would have been a long, holiday weekend for many, with parts of the U.S. on Monday celebrating Columbus Day, recognized in some states and cities instead as Indigenous Peoples’ Day or Native American Day. But the Cybersecurity and Infrastructure Security Agency says patching cannot wait until after Monday. “CISA urges organizations to patch immediately if they haven’t already – this cannot wait until after the holiday weekend,” it says in a Thursday security alert. “These vulnerabilities have been exploited in the wild.” The essential update comes via the Apache Software Foundation in the form of Apache HTTP Server version 2.4.51, which addresses path traversal and remote code execution vulnerabilities – respectively designated CVE-2021-41773 and CVE-2021-42013 – that exist in Apache HTTP Server versions 2.4.49 and 2.4.50.”

Title: The Netherlands Declares War on Ransomware Operations
Date Published: October 8, 2021


Excerpt: “In addition to the diplomatic measures described above, the cabinet is in a general sense to increase the digital resilience of the Netherlands. To increase the cybersecurity of the Netherlands and to combat cybercrime, the cabinet is taking various measures in the context of the National Cyber Security Security Agenda (NCSA) and the integrated approach to cybercrime.” continues the letter. “Examples of measures that are taken are to promote safe hard and software, awareness activities and enhancing capabilities for the detection. The Minister of Justice and Security recently informed you informed about the status of these measures in the progress report from the NCSA and the progress report from the integrated tackling cybercrime.”

Title: Google Announces New Efforts to Protect Journalists and High-Risk Users From Cyberattacks
Date Published: October 8, 2021


Excerpt: “In a blog post, Google said there was an increasing number of cyberattacks targeting high profile individuals and groups, forcing them to take extra measures and create a team “dedicated to detecting and stopping the world’s most sophisticated cyber criminals.” “We’re excited to be working with these leading organizations to protect high risk user groups and  learn more about the needs of at-risk users and organizations. These collaborations help us make the world’s most advanced security even stronger, more inclusive and easier to use – helping everyone stay safer with Google,” the company explained.”

Title: September 2021’s Most Wanted Malware: Trickbot Once Again Tops the List
Date Published: October 8, 2021


Excerpt: “The remote access trojan, njRAT, has entered the top ten for the first time, taking the place of Phorpiex which is no longer active. Trickbot is a banking trojan that can steal financial details, account credentials, and personally identifiable information, as well as spread within a network and drop ransomware. Since the Emotet takedown in January, the Trickbot trojan has gained popularity. It is constantly being updated with new capabilities, features and distribution vectors which enables it to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.”

Title: Excel 4.0 Macros Will Be Disabled in Order to Protect Users
Date Published: October 8, 2021


Excerpt: “xcel 4.0 macros, also known as XLM macros, were introduced in 1992 and allowed users to input instructions into cells, which were subsequently performed to complete a job. Threat actors continue to use XLM macros in malicious documents to download malware or do other undesirable activity twenty years after VBA macros were introduced in Excel 5.0. Malicious campaigns that use Excel 4.0 XLM macros include TrickBot, Qbot, Dridex, Zloader, and a variety of others. For years, Microsoft has recommended that users switch from and disable Excel 4.0 XLM macros in favor of VBA macros due to their continuing misuse.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...