November 4, 2021

Fortify Security Team
Nov 4, 2021

Title: Maritime Cybersecurity: A Rising Tide Lifts all Boats
Date Published: November 4, 2021

https://securityintelligence.com/articles/maritime-cybersecurity-rising-tide/

Excerpt: “A digital attack could control or shut down a ship or drive it off-course, causing a crash. Some ships have dangerous cargo, such as explosive fuel, in large quantities. Ports are also heavily dependent upon complex digital network logistics management systems. Some of these systems track every container on every ship. In the past, attackers have been able to delay, erase the knowledge of, redirect and steal actual cargo. They could abuse access to data on the location of cargo in a ransomware attack, or lock records.”

Title: Critical RCE Vulnerability Reported in Linux Kernel’s TIPC Module
Date Published: November 4, 2021

https://thehackernews.com/2021/11/critical-rce-vulnerability-reported-in.html

Excerpt: “The function tipc_crypto_key_rcv is used to parse MSG_CRYPTO messages to receive keys from other nodes in the cluster in order to decrypt any further messages from them,” Linux kernel maintainers sai\d in a fix pushed late last month. “This patch verifies that any supplied sizes in the message body are valid for the received message.” “While TIPC itself isn’t loaded automatically by the system but by end users, the ability to configure it from an unprivileged local perspective and the possibility of remote exploitation makes this a dangerous vulnerability for those that use it in their networks,” SentinelOne researcher Max Van Amerongen said.”

Title: CISA Shares a Catalog of 306 Actively Exploited Vulnerabilities
Date Published: November 4, 2021

https://securityaffairs.co/wordpress/124181/security/cisa-exploited-vulnerabilities-catalog.html

Excerpt: “Vulnerabilities that have previously been used to exploit public and private organizations are a frequent attack vector for malicious cyber actors of all types. These vulnerabilities pose significant risk to agencies and the federal enterprise. It is essential to aggressively remediate known exploited vulnerabilities to protect federal information systems and reduce cyber incidents.” reads the directive published by DHS. “The catalog will list exploited vulnerabilities that carry significant risk to the federal enterprise with the requirement to remediate within 6 months for vulnerabilities with a Common Vulnerabilities and Exposures (CVE) ID assigned prior to 2021 and within two weeks for all other vulnerabilities. These default timelines may be adjusted in the case of grave risk to the Federal Enterprise”.”

Title: Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign
Date Published: November 3, 2021

https://threatpost.com/mekotio-banking-trojan-campaign/175981/

Excerpt: “The attacks are multistage in all phases, and they begin with Spanish-language phishing emails containing a .ZIP archive link or .ZIP file attachment. The lure is a claim that the email contains a digital tax receipt pending submission. If a user is duped into clicking on either form of .ZIP file, the aforementioned stealthy batch file executes. In turn, it issues a PowerShell command to download and run a PowerShell script in memory. The attacks are multistage in all phases, and they begin with Spanish-language phishing emails containing a .ZIP archive link or .ZIP file attachment. The lure is a claim that the email contains a digital tax receipt pending submission. If a user is duped into clicking on either form of .ZIP file, the aforementioned stealthy batch file executes. In turn, it issues a PowerShell command to download and run a PowerShell script in memory.”

Title: Tomiris Backdoor Linked to Hackers Behind Solar Winds Hack
Date Published: November 4, 2021

https://rootissh.in/tomiris-backdoor-linked-to-hackers-behind-solar-winds-hack-a067d11d5534

Excerpt: “The new Tomiris backdoor, discovered by Kaspersky in June this year from samples dating back to February, is also written in Go and was distributed via a successful DNS hijacking attack in which targets trying to access the login page of a corporate email service were redirected to a fraudulent domain with a lookalike interface designed to trick visitors into downloading the malware under the guise of a security update. “The main purpose of the backdoor was to establish a foothold in the attacked system and to download other malicious components,” the researchers said, in addition to finding a number of similarities ranging from the encryption scheme to the same spelling mistakes that collectively hint at the “possibility of common authorship or shared development practices”.”

Title: Facebook To Delete 1 Billion Faceprints in Face Recognition Shutdown
Date Published: November 2, 2021

https://www.bleepingcomputer.com/news/technology/facebook-to-delete-1-billion-faceprints-in-face-recognition-shutdown/

Excerpt: “Facebook announced today that they will no longer use the Face Recognition system on their platform and will be deleting over 1 billion people’s facial recognition profiles. Facebook’s Face Recognition system analyzes photos taken of tagged users and associated users’ profile photos to build a unique identifier or template. This template is then used to identify users in uploaded photos or automatically tag people in Memories. Now, a week after their rebranding as Meta, Facebook has announced that they are doing away with the Face Recognition feature and deleting all profile templates created by the system.”

Title: New Attack Spoofs Amazon to Obtain Payment From End-User
Date Published: November 4, 2021

https://www.avanan.com/blog/new-attack-spoofs-amazon-to-obtain-payment-from-end-user

Excerpt: “This email is designed to get the end-user to place a phone call and give up credit card information. It starts as what looks like a traditional Amazon order confirmation. Given the high price, a user is likely to check their account. When they click on the links, it goes directly to the actual Amazon site. The number listed on the email is not an Amazon number. Though it has an area code from South Carolina, the attackers call back from India. When you call the number, at first no one will answer. After a few hours, a call back will occur. The person on the other line will say that, in order to cancel the invoice, they will need a credit card number and CVV number.”

Title: Crypto Investors Lose $500,000 to Google Ads Pushing Fake Wallets
Date Published: November 4, 2021

https://www.bleepingcomputer.com/news/security/crypto-investors-lose-500-000-to-google-ads-pushing-fake-wallets/

Excerpt: “Threat actors are using advertisements in Google Search to promote fake cryptocurrency wallets and DEX platforms to steal user’s cryptocurrency. These advertisements promote sites that install fake Phantom and MetaMask wallets used for Solana and Ethereum, and fake decentralized exchange (DEX) platforms, such as PancakeSwap and Uniswap. The deceptive operation is supported by cloned websites that look just like the real ones, so the visitors are convinced they are installing the legitimate wallet or using the correct platform.”

Title: Our journey to API security at Raiffeisen Bank International
Date Published: November 4, 2021

https://thehackernews.com/2021/11/our-journey-to-api-security-at.html

Excerpt: “Headquartered in Vienna, Raiffeisen Bank International (RBI) operates across 14 countries in Central and Eastern Europe with around 45,000 employees. Our focus is on providing universal banking solutions to customers, as well as developing digital banking products for the retail and corporate markets. Accordingly, RBI has a substantial R&D division, making for a very large community of IT and engineering professionals all over Europe. Back in 2019, we began shifting to a product-led agile setup for RBI, introducing various security roles contributing and collaborating to achieve our strategic goals. As part of this journey, we established the security champion role within the DevSecOps team for each of our products. Besides our central “Security Design and Architecture “function, security specialists began working together to support products in implementing secure solutions.”

Title: Why Retailers Must Adopt a Zero Trust Approach During This Holiday Season
Date Published: November 4, 2021

https://cybersecurity.att.com/blogs/security-essentials/why-retailers-must-adopt-a-zero-trust-approach-during-this-holiday-season

Excerpt: “With high value transactions occurring online more often than ever, protecting customer financial data is paramount. Studies show that more than half of Generation Z have already invested before the age of 25, often using fintech apps like Robinhood that facilitate financial transactions. Cryptocurrency payments are also becoming increasingly common. This means retailers who do not make it easy for consumers to spend safely online will have trouble competing in the future. What’s more, companies around the world have been migrating to the cloud instead of using dedicated hosting. The unlimited storage offered by the cloud makes scalability easier. Cloud-based storage has been more practical to connect remote workers during the pandemic and beyond.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...