October 27, 2021

Fortify Security Team
Oct 27, 2021

Title: Hackers Using Squirrel Waffle Loader to Deploy Qakbot and Cobalt Strike
Date Published: October 27, 2021

https://thehackernews.com/2021/10/hackers-using-squirrelwaffle-loader-to.html

Excerpt: “The malware loader, besides deploying Qakbot and the infamous penetration testing tool Cobalt Strike on the infected endpoints, also establishes communications with a remote attacker-controlled server to retrieve secondary payloads, making it a potent multi-purpose utility. “After the Emotet botnet takedown earlier this year, criminal threat actors are filling that void,” Zscaler noted in an analysis of the same malware last month. “SQUIRREL WAFFLE appears to be a new loader taking advantage of this gap. It is not yet clear if SQUIRREL WAFFLE is developed and distributed by a known threat actor or a new group. However, similar distribution techniques were previously used by Emotet”.”

Title: ThycoticCentrify Integrates Secret Server With Privileged Access Management Platform
Date Published: October 27, 2021

https://www.darkreading.com/endpoint/thycoticcentrify-integrates-secret-server-with-privileged-access-management-platform

Excerpt: “REDWOOD CITY, Calif. and WASHINGTON, Oct. 27, 2021 /PRNewswire/ — ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of privileged access management (PAM) leaders Thycotic and Centrify, today announced it has leveraged the power of the ThycoticCentrify platform to integrate with Secret Server, its industry-recognized privileged account and session management solution. The combination provides Secret Server customers with a range of SaaS services, establishing the foundation of modern PAM strategies and centralizing access and visibility to credentials for faster time to access, risk identification, and resolution.”

Title: Update now! Apple patches bugs in iOS and iPadOS
Date Published: October 27, 2021

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/update-now-apple-patches-bugs-in-ios-and-ipados/

Excerpt: “On two consecutive days Apple has released a few important patches. iOS 14.8.1 comes just a month after releasing iOS 14.8 for those who didn’t want to update their iPhones to iOS 15. This update also came as a sort of surprise as it was not beta-tested beforehand. Earlier this year Apple announced that users would have a choice between updating to iOS 15 as soon as it’s released, or staying on iOS 14 but still receiving important security updates. Now the differences are starting to show. As you can see in the table below, some patches are specific for 14.8.1 and some are specific for 15.1, while many are shared between them. In total 24 CVEs were covered.”

Title: Cyberattacks: Now Part of the Military Arsenal
Date Published: October 27, 2021

https://www.forcepoint.com/blog/x-labs/cyberattacks-become-military-arsenal

Excerpt: “While the U.S. has used cyber strategy for warfare in the past, it can be used against the U.S. too. Stuxnet was an outlier at the time. But we should expect cyberattacks to become a staple of military arsenals in 2022 and beyond. Nation states will look for vulnerabilities in government and critical infrastructure as an alternative to warfare, or as part of it. Kinetic efforts were preceded by cyberattacks similar to a naval bombardment prior to launching a beach assault in WWII. The tools, techniques, and procedures used in ransomware attacks are perfectly poised to become a central part of warfare, as it’s low cost and low risk. Additionally, ransomware-as-a-service is rapidly on the rise, causing additional obfuscation and uncertainty on the part of the attacked nation.”

Title: Microsoft Warns Over Uptick in Password Spraying Attacks
Date Published: October 27, 2021

https://www.zdnet.com/article/microsoft-warns-over-uptick-in-password-spraying-attacks/

Excerpt: “Microsoft estimates that more than a third of account compromises are password spraying attacks, even though such attacks have a 1% success rate for accounts, unless organisations use Microsoft’s ‘password protection’ to avoid bad passwords. “Instead of trying many passwords against one user, they try to defeat lockout and detection by trying many users against one password,” Microsoft explained last year. That approach helps avoid rate limiting, where too many failed password attempts result in a lockout. ”

Title: North Korean State Hackers Start Targeting the IT Supply Chain
Date Published: October 26, 2021

https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-start-targeting-the-it-supply-chain/

Excerpt: “North Korean-sponsored Lazarus hacking group has switched focus on new targets and was observed by Kaspersky security researchers expanding its supply chain attack capabilities. Lazarus used a new variant of the BLINDINGCAN backdoor to target a South Korean think tank in June after deploying it to breach a Latvian IT vendor in May. “In the first case discovered by Kaspersky researchers, Lazarus developed an infection chain that stemmed from legitimate South Korean security software deploying a malicious payload,” the researchers said.”

Title: Iranian Gas Stations Unable to Operate After Massive Cyberattack
Date Published: October 27, 2021

https://heimdalsecurity.com/blog/iranian-gas-stations-unable-to-operate-after-massive-cyberattack/

Excerpt: “A cyberattack damaged the whole distribution network making all the gas stations operated by the National Iranian Oil Products Distribution Company (NIOPDC) cease operations. As a result of the event, a number of electronic road billboards have been hacked to display messages demanding an explanation or requesting gasoline. The reason for the disturbance is still being investigated, and while there is no public evidence regarding who caused it at this time, Iran is accusing a foreign country.The message that was shown on the devices saying “cyberattack 64411” could be a hint.”

Title: HM Treasury Hit by Five Million Malicious Emails in Past Three Years
Date Published: October 27, 2021

https://www.infosecurity-magazine.com/news/treasury-five-million-malicious/

Excerpt: “Her Majesty’s Treasury, the UK government department responsible for the nation’s economic policy, has been hit by nearly five million malicious email attacks in the past three years, according to official figures. The data obtained by the think tank Parliament Street following a Freedom of Information (FoI) request showed that 4,870,389 phishing, malware and spam emails targeting HM Treasury were successfully blocked in this period. This consisted of 1,271,207 malicious email attacks from October 2018 to September 2019, 1,918,944 between October 2019 to September 2020, and 1,680 from October 2020 to September 2021.”

Title: Top 5 Cloud Native Security Challenges
Date Published: October 27, 2021

https://blog.checkpoint.com/2021/10/27/top-5-cloud-native-security-challenges/

Excerpt: “As companies migrate and expand their applications and services to multi-cloud environments, security teams face growing challenges, ranging from corporate policies and budget constraints, to compliance fines and new threats of attack. Threats to cloud data security can come from many areas, both internal and external, ranging from valid users misusing data to bad actors attempting to use stolen credentials. While the threats and theft remain ubiquitous, the tactics used by attackers are constantly adapting. In this blog, we’ll look at the top 5 cloud native security challenges and briefly cover ways to mitigate risk.”

Title: 70% of WiFi Networks Cracked by Researcher to Show Their Lack of Security
Date Published: October 27, 2021

https://heimdalsecurity.com/blog/70-of-wifi-networks-cracked-by-researcher-in-a-wifi-network-cracking-experiment/

Excerpt: “The whole process unfolded as described below, according to the report this researcher published. The researcher under discussion, by his name Ido Hoorvitch, took a walk in the center of the city and brought with him WiFi sniffing equipment. The intention was the collection of 5,000 network hashes that would help him carry out his research. The next step he followed was to exploit a vulnerability with the role to permit PMKID hash retrieval. This kind of hash is normally useful for roaming purposes.”

Recent Posts

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...

November 16, 2022

Title: North Korean Hackers Target European Orgs With Updated Malware Date Published: November 15, 2022 https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-european-orgs-with-updated-malware/ Excerpt: “North Korean hackers are using a new...

November 16, 2022

Title: North Korean Hackers Target European Orgs With Updated Malware Date Published: November 15, 2022 https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-european-orgs-with-updated-malware/ Excerpt: “North Korean hackers are using a new...

November 15, 2022

Title: China-Based Campaign Uses 42,000 Phishing Domains Date Published: November 15, 2022 https://www.infosecurity-magazine.com/news/chinabased-campaign-42000-phishing/ Excerpt: “Security researchers have uncovered a sophisticated phishing campaign using tens of...

November 14, 2022

Title: Kmsdbot, a New Evasive Bot for Cryptomining Activity and Ddos Attacks Date Published: November 14, 2022 https://securityaffairs.co/wordpress/138514/malware/kmsdbot-golang-malware.html Excerpt: “Researchers spotted a new evasive malware, tracked as KmsdBot, that...