November 18, 2021

Fortify Security Team
Nov 18, 2021

Title: Revealed: The 200 Most used and Worst Passwords of 2021
Date Published: November 19, 2021

Excerpt: “According to a report from NordPass, people haven’t yet stopped relying on done-to-death passwords such as ”123456,” ”12345,” ”password,” and ”qwerty,” while research reveals that these three are the weakest passwords nowadays and can easily make you vulnerable to hacking. The password 123456 appeared over 103 million times in NordPass’s research. The study involved around fifty countries, and researchers conducted gender comparisons to reach a fair conclusion. As many as 222,287 females used ”iloveyou” as their password in the US, while 96,785 men used the same.”

Title: Uncovering Brandjacking with VirusTotal
Date Published: November 18, 2021

Excerpt: “Malicious activity comes in all kinds of colors and flavors, sometimes abusing users’ trust by impersonating well known brands to get their private data, install malware or any other form of scam. At VirusTotal we analyze more than 3 million distinct URLs daily obtaining not only AV verdicts from more than 70 different vendors but also extracting as much data as possible including headers, cookies and HTML meta tags. This data is indexed and related to other observables we keep in our database, which is an excellent way to track malware infrastructure but also to find other forms of fraudulent activity. Indeed, many of our customers use VirusTotal daily to monitor brand abuse and fraudulent impersonation.”

Title: FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months
Date Published: November 18, 2021

Excerpt: “As of November 2021, FBI forensic analysis indicated exploitation of a 0-day vulnerability in the FatPipe MPVPN device software going back to at least May 2021,” the bureau said in a flash alert (PDF) on Tuesday. The bug — patched this week — is found in the device software for FatPipe’s WARP WAN redundancy product, its MPVPN router clustering device, and its IPVPN load-balancing and reliability device for VPNs. The products are all types of  servers that are installed at network perimeters and used to give employees remote access to internal apps via the internet, serving as part network gateways, part firewalls..”

Title: Russian Ransomware Gangs Start Collaborating With Chinese Hackers
Date Published: November 17, 2021

Excerpt: “According to a new report by Flashpoint, high-ranking users and RAMP administrators are now actively attempting to communicate with new forum members in machine-translated Chinese. The forum has reportedly had at least thirty new user registrations that appear to come from China, so this could be the beginning of something notable. The researchers suggest that the most probable cause is that Russian ransomware gangs seek to build alliances with Chinese actors to launch cyber-attacks against U.S. targets, trade vulnerabilities, or even recruit new talent for their Ransomware-as-a-Service (RaaS) operations.”

Title: Conti Ransomware Group In-Depth Analysis
Date Published: November 18, 2021

Excerpt: “Ransomware attacks work by encrypting the victim’s business-critical data, rendering it
inaccessible. After triggering the attack, cybercriminals will offer to sell a decryption key to
the victim. If the victim doesn’t comply, they simply have to accept the catastrophic loss of
their most valuable data. Some ransomware attacks use a two-pronged strategy. Attackers will demand a ransom payment for decrypting data, and threaten to publicly publish sensitive data if the ransom
is not paid by a certain deadline. (”Double Extortion”).”

Title: New Ransomware Actor Uses Password-protected Archives To Bypass Encryption Protection
Date Published: November 18, 2021

Excerpt: “A new ransomware group called Memento takes the unusual approach of locking files inside password-protected archives after their encryption method kept being detected by security software. Last month, the group became active when they began exploiting a VMware vCenter Server web client flaw for the initial access to victims’ networks. The vCenter vulnerability is tracked as ‘CVE-2021-21971’ and is an unauthenticated, remote code execution bug with a 9.8 (critical) severity rating.”

Title: Corporate Espionage Hackers Redcurl Return After Hiatus With Improved Tools
Date Published: November 18, 2021

Excerpt: “Red Curl’s tactical improvements after a seven-month absence include upgrades to most of its tools, such as more effective data encryption for its malware. “Corporate cyber espionage is still a relatively rare and, in many ways, unique occurrence,” Group-IB’s report reads. “However, it is possible that the group’s success could lead to a new trend in cybercrime. Despite the rarity of corporate cyber espionage, Group-IB’s report on the RedCurl revival is the second tranche of research to be published this month alone about such groups. Trend Micro recently revealed an espionage outfit it named Void Balaur, which advertises its services under the name “Rockethack”.”

Title: CISA Publishes Cybersecurity Playbooks for FCEB Agencies
Date Published: November 18, 2021

Excerpt: “On November 16, 2021, The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published the Cybersecurity Incident & Vulnerability Response Playbooks: Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability Response Activities in FCEB Information Systems. The new guidance is created to help Federal Civilian Executive Branch (FCEB) Information Systems agencies in adopting a standard set of incident and vulnerability response procedures. The playbooks are intended to minimize threats across the federal government, private, and public areas.”

Title: This USPS Spoof Shows Us That Phishmas is Upon Us
Date Published: November 18, 2021

Excerpt: “The holidays are approaching, and there appears to be a shipping crunch. Due to supply chain concerns, many are worried that they won’t get their holiday gifts in time. In response to people anxiously checking tracking numbers and refreshing their emails to see the status of their goods, hackers are spoofing shipping and missed goods notification emails. Starting in November 2021, Avanan observed a credential harvesting attack in which attackers spoof the United States Postal Service to notify users of an undelivered package. In this attack brief, Avanan will analyze the company’s most recent discovery of this new spoof.”

Title: Update Now! Netgear Vulnerability Patched
Date Published: November 18, 2021

Excerpt: “The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the universally unique identifier (uuid) request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. The vulnerability received a CVSS score of 8.8 out of 10 because of some limiting factors. One consolation in the above is that the attacker already has to be inside the LAN to perform this attack. But once they are, the attacker can send a specially crafted header to the UPnP daemon and can remotely run code with root privileges on the affected device.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 Excerpt: “Florida man Nicholas Truglia...