OSN November 1, 2021

Fortify Security Team
Nov 1, 2021

Title: New ‘Trojan Source’ Technique Lets Hackers Hide Vulnerabilities in Source Code
Date Published: November 1, 2021

https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html

Excerpt: “A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that’s semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks. Dubbed “Trojan Source attacks,” the technique “exploits subtleties in text-encoding standards such as Unicode to produce source code whose tokens are logically encoded in a different order from the one in which they are displayed, leading to vulnerabilities that cannot be perceived directly by human code reviewers,” Cambridge University researchers Nicholas Boucher and Ross Anderson said in a newly published paper.”

Title: Hive Ransomware Now Encrypts Linux and Freebsd Systems
Date Published: November 1, 2021

https://www.bleepingcomputer.com/news/security/hive-ransomware-now-encrypts-linux-and-freebsd-systems/

Excerpt: “It also comes with support for a single command line parameter (-no-wipe). In contrast, Hive’s Windows ransomware comes with up to 5 execution options, including killing processes and skipping disk cleaning, uninteresting files, and older files. The ransomware’s Linux version also fails to trigger the encryption if executed without root privileges because it attempts to drop the ransom note on compromised devices’ root file systems. “Just like the Windows version, these variants are written in Golang, but the strings, package names and function names have been obfuscated, likely with gobfuscate,” ESET Research Labs said.”

Title: BlackMatter: New Data Exfiltration Tool Used in Attacks
Date Published: November 1, 2021

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackmatter-data-exfiltration

Excerpt: “At least one affiliate of the BlackMatter ransomware operation has begun using a custom data exfiltration tool in its attacks. Exmatter, which was discovered by Symantec’s Threat Hunter Team, is designed to steal specific file types from a number of selected directories and upload them to an attacker-controlled server prior to deployment of the ransomware itself on the victim’s network. This is the third time a custom data exfiltration tool appears to have been developed by ransomware operators, following the earlier discovery of the Ryuk Stealer tool and StealBit, which is linked to the LockBit ransomware operation.”

Title: Conti Group Leak Celebs’ Data After Ransom Attack on Jeweler
Date Published: November 1, 2021

https://www.infosecurity-magazine.com/news/conti-leak-celebs-data-ransom/

Excerpt: “The group reportedly released tens of thousands of documents, including customer invoices and receipts, on its dark web leak site. Although there’s said to be plenty more in reserve, used as leverage to force a ransom payment, the data currently exposed is not thought to be a serious privacy risk to the victims. What’s more, researchers at Digital Shadows confirmed to Infosecurity that, when they checked, there was no mention of the breach on the Conti site. “Although unconfirmed it is possible either that Graff has paid the ransom, or is currently in negotiations with the ransomware group,” the firm noted.”

Title: Researchers Uncover ‘Pink’ Botnet Malware That Infected Over 1.6 Million Devices
Date Published: November 1, 2021

https://thehackernews.com/2021/11/researchers-uncover-pink-botnet-malware.html

Excerpt: “Pink is the largest botnet we have first hand observed in the last six years, during peak time, it had a total infection of over 1.6 million devices (96% are located in China) Pink targets mainly mips based fiber router, and has very strong and robust architecture, it uses a combination of third-party services, P2P and central C2s for its’ bots to controller communications, and has complete verification of the C2 communications, doing this ensures that the bot nodes will not be easily cut off or taken over Pink raced with the vendor to retain control over the infected devices, while vendor made repeated attempts to fix the problem, the bot master noticed the vendor’s action also in real time, and made multiple firmware updates on the fiber routers correspondly.”

Title: Iranian Black Shadow Hacking Group Breached Israeli Internet Hosting Firm
Date Published: October 31, 2021

https://securityaffairs.co/wordpress/124000/hacking/black-shadow-hacked-cyberserve.html

Excerpt: “Some of the websites hosted on Cyberserve’s servers were unavailable on Saturday morning. The company hosts the sites of the Dan and Kavim public transportation companies, the Children’s Museum in Holon, the Pegasus travel company and the blog site of the Kan public broadcaster. Later the group decided to publish some of the stolen data because the company did not contact them. “They did not contact us… so (the) first data is here,” reads the message published by Black Shadow before publishing some of the stolen info.”

Title: Minecraft Japanese Gamers Hit by Chaos Ransomware Using Alt Lists as Lure
Date Published: October 31, 2021

https://securityaffairs.co/wordpress/123978/breaking-news/minecraft-gamers-chaos-ransomware.html

Excerpt: “FortiGuard Labs recently discovered a variant of the Chaos ransomware that appears to target Minecraft gamers in Japan. This variant not only encrypts certain files but also destroys others, rendering them unrecoverable. If gamers fall prey to the attack, choosing to pay the ransom may still lead to a loss of data. In this report we will take a look at how this new ransomware variant works.” reads the analysis published by the experts. Alternative accounts, so-called ‘Alts,’ are created by Minecraft gamers for various purposes such as antagonizing/trolling other players, providing cover for an alternative in-game identity/personality, or to avoid getting their main account banned for using cheats.8”

Title: ‘Black Shadow’ Hackers Leak Data From Israeli LGBT App
Date Published: October 31, 2021

https://www.jpost.com/israel-news/iranian-hackers-breach-israeli-company-cyberserve-683529

Excerpt: “The hacker group “Black Shadow” has leaked data from various Israeli companies, such as LGBTQ dating app “Atraf”, Dan bus company and tour booking company Pegasus on Saturday night.
Earlier in the day, they leaked data from the Kavim bus app after previous threats. “They did not contact us …So first data is here,” the group said on Telegram, affixing a photo of what appeared to be a database of Israeli citizens’ personal information. “If you do not contact us, (sic) there will be more,” added the group.”

Title: FTC Warns On ISPs Storing Data From U.S. Consumers
Date Published: October 30, 2021

http://cybersecurityventures.com/ftc-warns-on-isps-storing-data-from-u-s-consumers/

Excerpt: “Major internet service providers (ISPs) have come under fire in a new report published by the U.S. Federal Trade Commission (FTC). Concerns surrounding the collection and use of data belonging to U.S. consumers prompted the regulator to launch an investigation and to publish a staff report on ISP practices, as well as their ramifications for customer privacy and choice. In 2019, the FTC ordered AT&T Mobility, Cellco Partnership (Verizon Wireless), Charter Communications Operating LLC, Comcast Cable Communications (Xfinity), T-Mobile U.S., and Google Fiber to hand over information concerning data collection.”

Title: MITRE and CISAPublish the 2021 List of Most Common Hardware Weaknesses
Date Published: October 30, 2021

https://securityaffairs.co/wordpress/123948/security/2021-list-of-most-common-hardware-weaknesses.html

Excerpt: ““The 2021 CWE™ Most Important Hardware Weaknesses is the first of its kind and the result of collaboration within the Hardware CWE Special Interest Group (SIG), a community forum for individuals representing organizations within hardware design, manufacturing, research, and security domains, as well as academia and government.” reads the announcement. “Security analysts and test engineers can use the list in preparing plans for security testing and evaluation. Hardware consumers could use the list to help them to ask for more secure hardware products from their suppliers.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...

OSN August 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks Date Published: August 26, 2021 https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may...