November 29, 2021

Fortify Security Team
Nov 29, 2021

Title: Remote Access Tools Abused To Spread Malware and Steal Cryptocurrency
Date Published: November 29, 2021

https://www.hackread.com/remote-access-tools-malware-steal-cryptocurrency/

Excerpt: “According to a report from Trend Micro, the campaign involves abusing a legitimate Russian RAT called Safib Assistant through a new variant of SpyAgent malware. The scammers exploit a DLL sideloading vulnerability that loads a malicious DLL, which hooks and patches different API functions that the RAT calls. This hides the RAT windows from the user.”

Title: Zoom Finally Adds Automatic Updates to Windows, MacOS Clients
Date Published: November 29, 2021

https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html

Excerpt: “Users can also change this preference at any time by checking or unchecking ‘Automatically keep my Zoom up to date’ under Zoom > Settings > General.” Zoom users will be able to switch between Slow and Fast update frequencies, with less frequent updates and a focus on maximizing stability when the Slow option is selected. The latest features and updates will be installed as soon as they’re available when choosing the Fast update channel. However, regardless of the chosen update channel, critical Zoom client security updates will automatically roll out to all users with automatic updates enabled.”

Title: Experts Warn of Attacks Exploiting CVE-2021-40438 Flaw in Apache HTTP Server
Date Published: November 29, 2021

https://www.infosecurity-magazine.com/news/cisa-issues-holiday-ransomware/

Excerpt: “Cisco published a security advisory to inform its customers that it is investigating the impact of the issue on its products. The issue impacts Prime Collaboration Provisioning, Security Manager, Expressway series and TelePresence Video Communication Server (VCS) products. However, the IT giant states that it is still investigating its product line. “In November 2021, the Cisco PSIRT became aware of exploitation attempts of the vulnerability identified by CVE ID CVE-2021-40438.” reads the security advisory published by CISCO.”

Title: Months-long Interpol Crackdown Nets More Than 1,000 Online Fraud Arrests
Date Published: November 29, 2021

https://www.cyberscoop.com/interpol-1000-arrests-netflix-squid-game/

Excerpt: “Interpol said the crackdown demonstrated how cybercrime has risen to new levels since the outbreak of the coronavirus. It’s the latest international warning about how the pandemic has fueled a crime wave, even setting aside attacks targeting the health care sector or exploiting COVID-19 that have flourished over the past two years. “The results of Operation HAECHI-II show that the surge in online financial crime generated by the COVID-19 pandemic shows no signs of waning,” Interpol Secretary General Jürgen Stock said in a Nov. 26 announcement of the arrests.”

Title: CronRAT Targets Linux Servers With E-commerce Attacks
Date Published: November 29, 2021

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/11/cronrat-targets-linux-servers-with-e-commerce-attack/

Excerpt: “The file, named CronRAT, isn’t an e-commerce attack compromising payment terminals in physical stores. Rather, it looks to swipe payment details by going after vulnerable web stores and dropping payment skimmers on Linux servers. It’s your classic Magecart attack with a stealthy twist. This method means it bypasses the protection people using the websites arm themselves with, rigging the game from the start. By the time you get onto the website, everything may be fine at your end but the stream further up river has already been polluted. It achieves this thanks to the Linux Cron Job system, which we’ll come back to a little later.”

Title: Panasonic Discloses Data Breach After Network Hack
Date Published: November 29, 2021

https://www.bleepingcomputer.com/news/security/panasonic-discloses-data-breach-after-network-hack/

Excerpt: “While the press release issued doesn’t include many details regarding the attack timeline, Japanese outlets, including Mainichi and NHK, said the attackers had access to Panasonic’s servers between June and November, as first reported by The Record. Furthermore, they gained access to customer and employee sensitive information until Panasonic spotted the malicious activity on November 11. The attack on Panasonic’s server is part of a long series of other incidents involving Japanese companies in recent years.”

Title: Wind Turbine Maker Vestas Confirms Recent Security Incident Was Ransomware
Date Published: November 29, 2021

https://www.theregister.com/2021/11/29/wind_turbine_maker_vestas_confirms/

Excerpt: “Alarm bells rang the weekend before last when the Danish organisation said it had identified a “cyber security incident” and closed off parts of its tech estate to “contain the issue.” Today the business – one of the largest worldwide to design, build, install and maintain wind turbines – said it has undertaken “extensive investigations, forensics, restoration activities and hardening of our IT systems and IT infrastructure”.”

Title: Why Darktrace Installs a Hooli Box
Date Published: November 29, 2021

https://medium.com/actzero-ai/why-darktrace-installs-a-hooli-box-bfdf1150ff1c

Excerpt: “When you hear cybersecurity firm Darktrace’s customers talk about their experience with the company, they will tell you about ‘the box’ from Darktrace they installed. The idea behind the box is that it allows you to see malicious network traffic and coordinate with the cloud directly so you can react quickly. The main customer feedback is that the box was pretty and showed them lots of nice graphics — beautiful network maps, gorgeous matrixes, pipe diagrams. There’s no denying that the Darktrace interface is the Mona Lisa of the industry.”

Title: APT37 Targets Journalists With Chinotto Multi-platform Malware
Date Published: November 29, 2021

https://www.bleepingcomputer.com/news/security/apt37-targets-journalists-with-chinotto-multi-platform-malware/

Excerpt: “As Kaspersky found, this backdoor was delivered onto victims’ devices months after the initial intrusions. In one case, the hackers waited as much as six months before installing Chinotto, which allowed them to exfiltrate sensitive data from the infected device. “We suspect this host was compromised on March 22, 2021. [..] The malware operator later delivered the Chinotto malware in August 2021 and probably started to exfiltrate sensitive data from the victim,” Kaspersky said. “Based on what we found from this victim, we can confirm that the malware operator collected screenshots and exfiltrated them between August 6, 2021 and September 8, 2021.”

Title: Biopharmaceutical Firm Supernus Pharmaceuticals Hit by Hive Ransomware During an Ongoing Acquisition
Date Published: November 29, 2021

https://securityaffairs.co/wordpress/125099/cyber-crime/supernus-pharmaceuticals-hive-ransomware.html

Excerpt: “Biopharmaceutical company Supernus Pharmaceuticals confirmed it was the victim of a data breach after a ransomware attack that hit the firm last in Mid-November. The Company states that the security breach did not impact its operations, it notified government authorities and engaged cybersecurity experts and its outside law firm to respond to the incident. Supernus Pharmaceuticals also declared to have successfully recovered the encrypted files and has taken additional security measures to prevent future incidents.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...