November 10, 2021

Fortify Security Team
Nov 10, 2021

Title: Are Cybercriminals Turning Away From the US and Targeting Europe Instead?
Date Published: November 10, 2021

https://blog.malwarebytes.com/malwarebytes-news/2021/11/are-cybercriminals-turning-away-from-the-us-and-targeting-europe-instead/

Excerpt: “For now it is hard to tell whether the increased amount of attacks in Europe is some sort of waterbed effect due to the US government’s harder stance against cybercriminals and ransomware in particular. It could be that it is simply ransomware groups expanding to new markets due to more competition among themselves and greener pastures on the other side of the pond. We have already seen a ransomware affiliate group called Lockean that concentrates on French targets.”

Title: Researchers Say New Group of Russian Cyber Mercenaries Targets ‘A Mixed Bag’ — Including on Its Home Soil
Date Published: November 10, 2021

https://www.cyberscoop.com/void-balaur-russian-cyber-espionage/

Excerpt: “Researchers discovered the group after a long-time target of the Russian intelligence-connected hacking group Pawn Storm, also known as Fancy Bear and APT28, reached out in March of 2020 saying his wife had been targeted with phishing emails. Trend Micro found that the indicators didn’t match Pawn Storm and attributed the attacks to another Russian-language group named Void Balaur. Unlike APT28, Void Balaur appears to be an independent group willing to hack into the emails of targets as diverse as aviation companies in Russia to human rights activists in Uzbekistan.”

Title: Stor-a-File Hit by Ransomware After Crooks Target Solarwinds Serv-u FTP Software
Date Published: November 10, 2021

https://www.theregister.com/2021/11/10/stor_a_file_ransomware_attack_solarwinds_serv_u/

Excerpt: “Stor-a-File, a British data capture and storage company, suffered a ransomware attack in August that exploited an unpatched instance of SolarWinds’ Serv-U FTP software. The company informed its clients about the September attack, and told The Register that it refused to pay. We understand some data has been leaked by ransomware criminals on a Tor blog. At least one of Stor-a-File’s clients is a medical company, one of whose customers got in touch with El Reg last week.”

Title: Experts Found 14 New Flaws in Busybox, Millions of Devices at Risk
Date Published: November 10, 2021

https://securityaffairs.co/wordpress/124429/hacking/busybox-vulnerabilities.html

Excerpt: “The flaws, tracked with CVE IDs from CVE-2021-42373 through CVE-2021-42386, affect multiple versions of BusyBox ranging from 1.16-1.33.1, depending on the specific vulnerability. The vulnerabilities affect a variety of applets such as “man,” “lzma/unizma”, “ash”, “hush”, “awk.”
The vulnerabilities have been rated as medium severity because their exploitation is very complex. The researchers discovered the vulnerabilities by manually reviewing the BusyBox source code, they also used a fuzzer for their analysis. The researchers also open-sourced the custom AFL fuzzer used to trigger many of the mentioned vulnerabilities.”

Title: 13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment
Date Published: November 10, 2021

https://thehackernews.com/2021/11/13-new-flaws-in-siemens-nucleus-tcpip.html

Excerpt: “Collectively called “NUCLEUS:13,” successful attacks abusing the flaws can “result in devices going offline and having their logic hijacked,” and “spread[ing] malware to wherever they communicate on the network,” researchers from Forescout and Medigate said in a technical report published Tuesday, with one proof-of-concept (PoC) successfully demonstrating a scenario that could potentially disrupt medical care and critical processes. Siemens has since released security updates to remediate the weaknesses in Nucleus ReadyStart versions 3 (v2017.02.4 or later) and 4 (v4.1.1 or later).”

Title: New Android Malware Targets Netflix, Instagram, and Twitter Users
Date Published: November 10, 2021

https://www.bleepingcomputer.com/news/security/new-android-malware-targets-netflix-instagram-and-twitter-users/

Excerpt: “After analyzing the new malware, Avast Threat Labs researchers discovered APIs provided by the built-in Android Accessibility service to display the malicious overlays. “By utilizing the Application Accessibility toolkit installed on Android by default, the attacker is able to use the application to implement the Overlay attack to trick the user into entering credit card information for fake account breaches on both Netflix and Twitter,” Avast said.”

Title: These Invisible Characters Could Be Hidden Backdoors in Your JS Code
Date Published: November 10, 2021

https://www.bleepingcomputer.com/news/security/these-invisible-characters-could-be-hidden-backdoors-in-your-js-code/

Excerpt: “Trojan Source attack, however, leverages the ambiguity introduced by homoglyphs, and the Unicode bidirectional mechanism (Bidi)—a feature used for accommodating both left-to-right and right-to-left character sets. This week, a researcher has disclosed how certain characters could be injected into JavaScript code to introduce invisible backdoors and security vulnerabilities. Security researcher Wolfgang Ettlinger, who is also the Director of Certitude Consulting, surmised “what if a backdoor literally cannot be seen and thus evades detection even from thorough code reviews”?”

Title: BlackBerry Uncovers Initial Access Broker Linked to 3 Distinct Hacker Groups
Date Published: November 8, 2021

https://thehackernews.com/2021/11/blackberry-uncover-initial-access.html

Excerpt: “”IABs typically first gain entry into a victim’s network, then sell that access to the highest bidder on underground forums located in the dark web,” BlackBerry researchers noted in a technical report published last week. “Later, the winning bidder will often deploy ransomware and/or other financially motivated malware within the victim’s organization, depending on the objectives of their campaign.” An August 2021 analysis of more than 1,000 access listings advertised for sale by IABs in underground forums on the dark web found that the average cost of network access was $5,400 for the period July 2020 to June 2021, with the most valuable offers including domain admin privileges to enterprise systems.”

Title: Cybersecurity: This Prolific Hacker-for-Hire Operation Has Targeted Thousands of Victims Around the World
Date Published: November 10, 2021

https://www.zdnet.com/article/this-cyber-mercenary-hacking-group-has-targeted-thousands-of-victims-around-the-world/

Excerpt: “”There will just be a dozen targets a day, usually less. But those targets are high-profile targets — we found government ministers, members of parliaments, a lot of people from the media and a lot of medical doctors,” Feike Hacquebord, senior threat researcher for Trend Micro told ZDNet, speaking ahead of the research being presented at Black Hat Europe. Some of those targeted include the former head of intelligence and five active members of the government in an unspecified European country. The individuals and organisations being targeted are spread around the world, spanning North America, Europe, Russia, India and more. Many of the attacks appear to be politically motivated, carried out against people in countries where, if exposed, the victim could have their human rights violated by governments.”

Title: #BHEU: Zero Trust Protects Against Ransomware, Claims Engineer
Date Published: November 10, 2021

https://www.infosecurity-magazine.com/news/bheu-future-cybersecurity-zero/

Excerpt: “The session began with a thorough exposition of software – the tagline being that its possibilities are “endless.” Additionally, “there is good software and bad software,” stressed Jenkins, and “yes, malware is just software.” Yet, malware is having a “devastating” impact on all sectors. “560,000 malware infections are found each day, attackers hit 1-4 businesses each day and there are over one billion pieces of malware in existence,” warned Jenkins. “The malicious possibilities are endless.” Continuing his exposition, Jenkins highlighted early types of malicious software. “AIDS Trojan is one of the first documented versions of malware,” remarked Jenkins, which dates back to 1989. Floppy-disc-based, victims were forced to pay $189 to release their encrypted data.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...