November 16, 2021

Fortify Security Team
Nov 16, 2021

Title: Emotet Malware Is Back and Rebuilding Its Botnet via Trickbot

 Date Published: November 15, 2021

https://www.bleepingcomputer.com/news/security/emotet-malware-is-back-and-rebuilding-its-botnet-via-trickbot/

Excerpt: “Emotet expert and Cryptolaemus researcher Joseph Roosen told BleepingComputer that they had not seen any signs of the Emotet botnet performing spamming activity or found any malicious documents dropping the malware. This lack of spamming activity is likely due to the rebuilding of the Emotet infrastructure from scratch and new reply-chain emails being stolen from victims in future spam campaigns. The Emotet research group Cryptolaemus has begun analyzing the new Emotet loader and told BleepingComputer that it includes new changes compared to the previous variants.”

Title: NPM Fixes Private Package Names Leak, Serious Authorization Bug

Date Published: November 16, 2021

https://www.bleepingcomputer.com/news/security/npm-fixes-private-package-names-leak-serious-authorization-bug/

Excerpt: “The data leak was identified by GitHub on October 26th and by the 29th, all records containing private package names were deleted from the npm’s replication database. However, GitHub does warn that despite this, the replicate.npmjs.com service is consumed by third parties who may, therefore, continue to retain a copy or “may have replicated the data elsewhere.” To prevent such an issue from recurring, GitHub has made changes to its process of generating the public replication database which is expected to eliminate the possibility of leaking private package names in the future.”

Title: Tiktok Scammers Tried Hacking 125 Targets That Followed Famous Accounts, Researchers Find

Date Published: November 16, 2021

https://www.cyberscoop.com/tiktok-scam-verification-fyp/

Excerpt: “In addition to individual account holders, the latest campaign targeted talent agencies, brand-consultant firms, social media production studios, influencer management firms, according to Rachelle Chouinard, a threat intelligence analyst at email security firm Abnormal Security, which shared its findings with CyberScoop. Crane Hassold, the director of threat intelligence at Abnormal, declined to share the specific names of the people and accounts targeted, but said the accounts in question had “millions to tens of millions of followers.”

Title: Attackers Use Domain Fronting Technique to Target Myanmar With Cobalt Strike

Date Published: November 16, 2021

https://blog.talosintelligence.com/2021/11/attackers-use-domain-fronting-technique.html

Excerpt: “Domain fronting is a technique used by attackers to circumvent protection based on DNS filtering. In this campaign, a malicious Cobalt Strike beacon is configured to take advantage of a mechanism used by Cloudflare and other content distribution networks to instruct the proxy about the host to be used for serving the content. When the beacon is launched, it will submit a DNS request for a legitimate high-reputation domain hosted behind Cloudflare infrastructure and modify the subsequent HTTPs requests header to instruct the CDN to direct the traffic to an attacker-controlled host.”

Title: New Banking Trojan Sharkbot Makes Waves Across Europe, US

Date Published: November 11, 2021

https://www.cleafy.com/cleafy-labs/sharkbot-a-new-generation-of-android-trojan-is-targeting-banks-in-europe

Excerpt: “Now dubbed SharkBot, the Android malware has been traced in attacks focused on stealing funds from vulnerable handsets running on the Google Android operating system.  So far, infections have been found in the UK, Italy, and the United States.  It is believed that SharkBot is likely a private botnet and is still in the early stages of development. SharkBot is modular malware that the researchers say belongs to the next generation of mobile malware able to perform attacks based on the Automatic Transfer System (ATS) system.”

Title: New ‘Moses Staff’ Hacker Group Targets Israeli Companies With Destructive Attacks

Date Published: November 15, 2021

https://thehackernews.com/2021/11/new-moses-staff-hacker-group-targets.html
https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/

Excerpt: “A new politically-motivated hacker group named “Moses Staff” has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or negotiate a ransom. “The group openly states that their motivation in attacking Israeli companies is to cause damage by leaking the stolen sensitive data and encrypting the victim’s networks, with no ransom demand,” Check Point Research said in a report published Monday. “In the language of the attackers, their purpose is to ‘Fight against the resistance and expose the crimes of the Zionists in the occupied territories”.”

Title: Chinese Communist Party Official Expelled for Mining Cryptocurrency

Date Published: November 16, 2021

https://www.theregister.com/2021/11/16/china_cryptomining_expulsion/

Excerpt: “Internet companies will also be required to retain records of how personal data was used, for five years. User consent will be required before personal information such as biometrics, health records, or religious affiliation is put to work. Parental approval will be required to use data of children aged 14 or younger. The requirements offer plenty of restrictions on how data can be used outside China. Government approval will be required before info can be shipped offshore, and individuals will need to be notified when their personal information goes overseas.”

Title: The Troubling Rise of Internet Access Brokers

Date Published: November 15, 2021

https://www.darkreading.com/vulnerabilities-threats/the-troubling-rise-of-internet-access-brokers

Excerpt: “Digital Shadows found that IABs most frequently offered compromised Remote Desktop Protocol (RDP) systems and VPNs as initial access points for their customers. In the third quarter of 2021, the average price that IABs charged for access to a compromised VPN was $1,869 — up from $1,446 previously. For RDP systems, the average price was $1,902. IABs most frequently provided access to networks belonging to organizations in the retail, technology, and industrial goods and services sectors.”

Title: Trend Micro: 90% of IT Decision Makers Believe Organizations Compromise on Cybersecurity in Favor of Other Goals

Date Published: November 15, 2021

https://www.darkreading.com/operations/trend-micro-90-of-it-decision-makers-believe-organizations-compromise-on-cybersecurity-in-favor-of-other-goals

Excerpt: “The research reveals that just 50% of IT leaders and 38% of business decision makers believe the C-suite completely understands cyber risks. Although some think this is because the topic is complex and constantly changing, many believe the C-suite either doesn’t try hard enough (26%) or doesn’t want (20%) to understand. There’s also disagreement between IT and business leaders over who’s ultimately responsible for managing and mitigating risk. IT leaders are nearly twice as likely as business leaders to point to IT teams and the CISO. 49% of respondents claim that cyber risks are still being treated as an IT problem rather than a business risk.”

Title: MacOS Zero-Day Used in Watering-Hole Attacks

Date Published: November 15, 2021

https://www.darkreading.com/attacks-breaches/mac-os-0-day-used-in-watering-hole-attacks

Excerpt: “Watering-hole attacks are a favored technique of China’s cyber-espionage operations. In 2015, an attack with links to China compromised the website of a well-known aerospace firm in an attempt to infect visitors with a common Trojan horse program. In 2018, an attack linked to the Chinese group Emissary Panda infected one Asian country’s data center in an attempt to “gain access to a wide range of government resources.” In 2020, another malware distribution campaign, which security firm Kaspersky dubbed Holy Water, co-opted legitimate websites to infect members of certain Asian religious and ethnic groups.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...