November 29, 2021

Fortify Security Team
Nov 29, 2021

Title: Remote Access Tools Abused To Spread Malware and Steal Cryptocurrency
Date Published: November 29, 2021

Excerpt: “According to a report from Trend Micro, the campaign involves abusing a legitimate Russian RAT called Safib Assistant through a new variant of SpyAgent malware. The scammers exploit a DLL sideloading vulnerability that loads a malicious DLL, which hooks and patches different API functions that the RAT calls. This hides the RAT windows from the user.”

Title: Zoom Finally Adds Automatic Updates to Windows, MacOS Clients
Date Published: November 29, 2021

Excerpt: “Users can also change this preference at any time by checking or unchecking ‘Automatically keep my Zoom up to date’ under Zoom > Settings > General.” Zoom users will be able to switch between Slow and Fast update frequencies, with less frequent updates and a focus on maximizing stability when the Slow option is selected. The latest features and updates will be installed as soon as they’re available when choosing the Fast update channel. However, regardless of the chosen update channel, critical Zoom client security updates will automatically roll out to all users with automatic updates enabled.”

Title: Experts Warn of Attacks Exploiting CVE-2021-40438 Flaw in Apache HTTP Server
Date Published: November 29, 2021

Excerpt: “Cisco published a security advisory to inform its customers that it is investigating the impact of the issue on its products. The issue impacts Prime Collaboration Provisioning, Security Manager, Expressway series and TelePresence Video Communication Server (VCS) products. However, the IT giant states that it is still investigating its product line. “In November 2021, the Cisco PSIRT became aware of exploitation attempts of the vulnerability identified by CVE ID CVE-2021-40438.” reads the security advisory published by CISCO.”

Title: Months-long Interpol Crackdown Nets More Than 1,000 Online Fraud Arrests
Date Published: November 29, 2021

Excerpt: “Interpol said the crackdown demonstrated how cybercrime has risen to new levels since the outbreak of the coronavirus. It’s the latest international warning about how the pandemic has fueled a crime wave, even setting aside attacks targeting the health care sector or exploiting COVID-19 that have flourished over the past two years. “The results of Operation HAECHI-II show that the surge in online financial crime generated by the COVID-19 pandemic shows no signs of waning,” Interpol Secretary General Jürgen Stock said in a Nov. 26 announcement of the arrests.”

Title: CronRAT Targets Linux Servers With E-commerce Attacks
Date Published: November 29, 2021

Excerpt: “The file, named CronRAT, isn’t an e-commerce attack compromising payment terminals in physical stores. Rather, it looks to swipe payment details by going after vulnerable web stores and dropping payment skimmers on Linux servers. It’s your classic Magecart attack with a stealthy twist. This method means it bypasses the protection people using the websites arm themselves with, rigging the game from the start. By the time you get onto the website, everything may be fine at your end but the stream further up river has already been polluted. It achieves this thanks to the Linux Cron Job system, which we’ll come back to a little later.”

Title: Panasonic Discloses Data Breach After Network Hack
Date Published: November 29, 2021

Excerpt: “While the press release issued doesn’t include many details regarding the attack timeline, Japanese outlets, including Mainichi and NHK, said the attackers had access to Panasonic’s servers between June and November, as first reported by The Record. Furthermore, they gained access to customer and employee sensitive information until Panasonic spotted the malicious activity on November 11. The attack on Panasonic’s server is part of a long series of other incidents involving Japanese companies in recent years.”

Title: Wind Turbine Maker Vestas Confirms Recent Security Incident Was Ransomware
Date Published: November 29, 2021

Excerpt: “Alarm bells rang the weekend before last when the Danish organisation said it had identified a “cyber security incident” and closed off parts of its tech estate to “contain the issue.” Today the business – one of the largest worldwide to design, build, install and maintain wind turbines – said it has undertaken “extensive investigations, forensics, restoration activities and hardening of our IT systems and IT infrastructure”.”

Title: Why Darktrace Installs a Hooli Box
Date Published: November 29, 2021

Excerpt: “When you hear cybersecurity firm Darktrace’s customers talk about their experience with the company, they will tell you about ‘the box’ from Darktrace they installed. The idea behind the box is that it allows you to see malicious network traffic and coordinate with the cloud directly so you can react quickly. The main customer feedback is that the box was pretty and showed them lots of nice graphics — beautiful network maps, gorgeous matrixes, pipe diagrams. There’s no denying that the Darktrace interface is the Mona Lisa of the industry.”

Title: APT37 Targets Journalists With Chinotto Multi-platform Malware
Date Published: November 29, 2021

Excerpt: “As Kaspersky found, this backdoor was delivered onto victims’ devices months after the initial intrusions. In one case, the hackers waited as much as six months before installing Chinotto, which allowed them to exfiltrate sensitive data from the infected device. “We suspect this host was compromised on March 22, 2021. [..] The malware operator later delivered the Chinotto malware in August 2021 and probably started to exfiltrate sensitive data from the victim,” Kaspersky said. “Based on what we found from this victim, we can confirm that the malware operator collected screenshots and exfiltrated them between August 6, 2021 and September 8, 2021.”

Title: Biopharmaceutical Firm Supernus Pharmaceuticals Hit by Hive Ransomware During an Ongoing Acquisition
Date Published: November 29, 2021

Excerpt: “Biopharmaceutical company Supernus Pharmaceuticals confirmed it was the victim of a data breach after a ransomware attack that hit the firm last in Mid-November. The Company states that the security breach did not impact its operations, it notified government authorities and engaged cybersecurity experts and its outside law firm to respond to the incident. Supernus Pharmaceuticals also declared to have successfully recovered the encrypted files and has taken additional security measures to prevent future incidents.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 Excerpt: “The North Korean APT group 'Lazarus' (APT38)...