November 1, 2021

Fortify Security Team
Nov 1, 2021

Title: New ‘Trojan Source’ Technique Lets Hackers Hide Vulnerabilities in Source Code
Date Published: November 1, 2021

https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html

Excerpt: “A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that’s semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks. Dubbed “Trojan Source attacks,” the technique “exploits subtleties in text-encoding standards such as Unicode to produce source code whose tokens are logically encoded in a different order from the one in which they are displayed, leading to vulnerabilities that cannot be perceived directly by human code reviewers,” Cambridge University researchers Nicholas Boucher and Ross Anderson said in a newly published paper.”

Title: Hive Ransomware Now Encrypts Linux and Freebsd Systems
Date Published: November 1, 2021

https://www.bleepingcomputer.com/news/security/hive-ransomware-now-encrypts-linux-and-freebsd-systems/

Excerpt: “It also comes with support for a single command line parameter (-no-wipe). In contrast, Hive’s Windows ransomware comes with up to 5 execution options, including killing processes and skipping disk cleaning, uninteresting files, and older files. The ransomware’s Linux version also fails to trigger the encryption if executed without root privileges because it attempts to drop the ransom note on compromised devices’ root file systems. “Just like the Windows version, these variants are written in Golang, but the strings, package names and function names have been obfuscated, likely with gobfuscate,” ESET Research Labs said.”

Title: BlackMatter: New Data Exfiltration Tool Used in Attacks
Date Published: November 1, 2021

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackmatter-data-exfiltration

Excerpt: “At least one affiliate of the BlackMatter ransomware operation has begun using a custom data exfiltration tool in its attacks. Exmatter, which was discovered by Symantec’s Threat Hunter Team, is designed to steal specific file types from a number of selected directories and upload them to an attacker-controlled server prior to deployment of the ransomware itself on the victim’s network. This is the third time a custom data exfiltration tool appears to have been developed by ransomware operators, following the earlier discovery of the Ryuk Stealer tool and StealBit, which is linked to the LockBit ransomware operation.”

Title: Conti Group Leak Celebs’ Data After Ransom Attack on Jeweler
Date Published: November 1, 2021

https://www.infosecurity-magazine.com/news/conti-leak-celebs-data-ransom/

Excerpt: “The group reportedly released tens of thousands of documents, including customer invoices and receipts, on its dark web leak site. Although there’s said to be plenty more in reserve, used as leverage to force a ransom payment, the data currently exposed is not thought to be a serious privacy risk to the victims. What’s more, researchers at Digital Shadows confirmed to Infosecurity that, when they checked, there was no mention of the breach on the Conti site. “Although unconfirmed it is possible either that Graff has paid the ransom, or is currently in negotiations with the ransomware group,” the firm noted.”

Title: Researchers Uncover ‘Pink’ Botnet Malware That Infected Over 1.6 Million Devices
Date Published: November 1, 2021

https://thehackernews.com/2021/11/researchers-uncover-pink-botnet-malware.html

Excerpt: “Pink is the largest botnet we have first hand observed in the last six years, during peak time, it had a total infection of over 1.6 million devices (96% are located in China) Pink targets mainly mips based fiber router, and has very strong and robust architecture, it uses a combination of third-party services, P2P and central C2s for its’ bots to controller communications, and has complete verification of the C2 communications, doing this ensures that the bot nodes will not be easily cut off or taken over Pink raced with the vendor to retain control over the infected devices, while vendor made repeated attempts to fix the problem, the bot master noticed the vendor’s action also in real time, and made multiple firmware updates on the fiber routers correspondly.”

Title: Iranian Black Shadow Hacking Group Breached Israeli Internet Hosting Firm
Date Published: October 31, 2021

https://securityaffairs.co/wordpress/124000/hacking/black-shadow-hacked-cyberserve.html

Excerpt: “Some of the websites hosted on Cyberserve’s servers were unavailable on Saturday morning. The company hosts the sites of the Dan and Kavim public transportation companies, the Children’s Museum in Holon, the Pegasus travel company and the blog site of the Kan public broadcaster. Later the group decided to publish some of the stolen data because the company did not contact them. “They did not contact us… so (the) first data is here,” reads the message published by Black Shadow before publishing some of the stolen info.”

Title: Minecraft Japanese Gamers Hit by Chaos Ransomware Using Alt Lists as Lure
Date Published: October 31, 2021

https://securityaffairs.co/wordpress/123978/breaking-news/minecraft-gamers-chaos-ransomware.html

Excerpt: “FortiGuard Labs recently discovered a variant of the Chaos ransomware that appears to target Minecraft gamers in Japan. This variant not only encrypts certain files but also destroys others, rendering them unrecoverable. If gamers fall prey to the attack, choosing to pay the ransom may still lead to a loss of data. In this report we will take a look at how this new ransomware variant works.” reads the analysis published by the experts. Alternative accounts, so-called ‘Alts,’ are created by Minecraft gamers for various purposes such as antagonizing/trolling other players, providing cover for an alternative in-game identity/personality, or to avoid getting their main account banned for using cheats.8”

Title: ‘Black Shadow’ Hackers Leak Data From Israeli LGBT App
Date Published: October 31, 2021

https://www.jpost.com/israel-news/iranian-hackers-breach-israeli-company-cyberserve-683529

Excerpt: “The hacker group “Black Shadow” has leaked data from various Israeli companies, such as LGBTQ dating app “Atraf”, Dan bus company and tour booking company Pegasus on Saturday night.
Earlier in the day, they leaked data from the Kavim bus app after previous threats. “They did not contact us …So first data is here,” the group said on Telegram, affixing a photo of what appeared to be a database of Israeli citizens’ personal information. “If you do not contact us, (sic) there will be more,” added the group.”

Title: FTC Warns On ISPs Storing Data From U.S. Consumers
Date Published: October 30, 2021

http://cybersecurityventures.com/ftc-warns-on-isps-storing-data-from-u-s-consumers/

Excerpt: “Major internet service providers (ISPs) have come under fire in a new report published by the U.S. Federal Trade Commission (FTC). Concerns surrounding the collection and use of data belonging to U.S. consumers prompted the regulator to launch an investigation and to publish a staff report on ISP practices, as well as their ramifications for customer privacy and choice. In 2019, the FTC ordered AT&T Mobility, Cellco Partnership (Verizon Wireless), Charter Communications Operating LLC, Comcast Cable Communications (Xfinity), T-Mobile U.S., and Google Fiber to hand over information concerning data collection.”

Title: MITRE and CISAPublish the 2021 List of Most Common Hardware Weaknesses
Date Published: October 30, 2021

https://securityaffairs.co/wordpress/123948/security/2021-list-of-most-common-hardware-weaknesses.html

Excerpt: ““The 2021 CWE™ Most Important Hardware Weaknesses is the first of its kind and the result of collaboration within the Hardware CWE Special Interest Group (SIG), a community forum for individuals representing organizations within hardware design, manufacturing, research, and security domains, as well as academia and government.” reads the announcement. “Security analysts and test engineers can use the list in preparing plans for security testing and evaluation. Hardware consumers could use the list to help them to ask for more secure hardware products from their suppliers.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...