Cybersecurity Weekly: Phishing attacks using redirects, intermittent file encryption, Ragnarok shuts doors

September 1, 2021 by Sam Fay

Widespread phishing attacks are using open redirects. LockFile ransomware bypasses protection using intermittent file encryption. Ragnarok ransomware gang shuts shop and releases decryption key for free. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Widespread phishing attacks using open redirects

Microsoft warned of a widespread phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking.
Read more »


2. LockFile ransomware bypasses protection using intermittent file encryption

A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called intermittent encryption. Called LockFile, the ransomware has been exploiting recently disclosed flaws to deploy file-encrypting malware that scrambles only every alternate 16 bytes of a file.
Read more »


3. Ragnarok ransomware gang shuts shop, releases decryption key for free

The Ragnarok ransomware gang has reportedly shut shop and has published a decryption key to let all victims recover their data. Ragnarok now joins the likes of infamous ransomware gangs such as REvil, DarkSide, and Ziggy who were forced to shut shop earlier this year following a spate of disruptive ransomware attacks and law enforcement crackdowns.
Read more »


4. Hacker brute-forced his way through T-Mobile network

Last week, T-Mobile’s CEO Mike Sievert said that the hacker behind the carrier’s latest massive data breach brute forced his way through T-Mobile’s network after gaining access to testing environments. The attacker could not exfiltrate customer financial information, credit card information, debit or other payment information during the incident.
Read more »


5. Security engineer job requirements, certifications and salary

As companies large and small finally realize that cybersecurity is everybody’s problem, security engineers are increasingly in demand, and command salaries to match. While this isn’t a job for beginners, if you have the right background and experience, it could make for an exciting job and a solid step up in your career as a security pro.
Read more »


6. Boston Public Library discloses cyberattack, system-wide technical outage

The Boston Public Library disclosed last week that its network was hit by a cyberattack on Wednesday, leading to a system-wide technical outage. An ongoing investigation in collaboration with law enforcement and the Mayor’s IT experts has not yet found any evidence of employee or patron data stolen from the impacted systems.
Read more »


7. 1 GB of data belonging to Puma available on Marketo

The emerging underground marketplace of stolen data Marketo, available in TOR network, announced the publication of data presumably stolen from sportswear manufacturer Puma. The ad on Marketo claims to have about 1GB of data stolen from the company that are now auctioned to the highest bidder.
Read more »


8. Synology products impacted by recent OpenSSL flaws

Multiple vulnerabilities allow remote attackers to conduct denial-of-service attacks or possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager, Synology Router Manager, VPN Plus Server or VPN Server, according to the advisory published by the company.
Read more »


9. FIN8 targets U.S. bank with new Sardonic backdoor

The financially motivated FIN8 cybergang used a brand-new backdoor in attempted (but unsuccessful) breaches of networks belonging to two unidentified U.S. financial organizations. The Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components.
Read more »


10. Attackers can remotely disable Fortress Wi-Fi Home Security Alarms

New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim’s knowledge.
Read more »


Posted: September 1, 2021
Sam Fay
View Profile