November 4, 2021

Fortify Security Team
Nov 4, 2021

Title: Maritime Cybersecurity: A Rising Tide Lifts all Boats
Date Published: November 4, 2021

https://securityintelligence.com/articles/maritime-cybersecurity-rising-tide/

Excerpt: “A digital attack could control or shut down a ship or drive it off-course, causing a crash. Some ships have dangerous cargo, such as explosive fuel, in large quantities. Ports are also heavily dependent upon complex digital network logistics management systems. Some of these systems track every container on every ship. In the past, attackers have been able to delay, erase the knowledge of, redirect and steal actual cargo. They could abuse access to data on the location of cargo in a ransomware attack, or lock records.”

Title: Critical RCE Vulnerability Reported in Linux Kernel’s TIPC Module
Date Published: November 4, 2021

https://thehackernews.com/2021/11/critical-rce-vulnerability-reported-in.html

Excerpt: “The function tipc_crypto_key_rcv is used to parse MSG_CRYPTO messages to receive keys from other nodes in the cluster in order to decrypt any further messages from them,” Linux kernel maintainers sai\d in a fix pushed late last month. “This patch verifies that any supplied sizes in the message body are valid for the received message.” “While TIPC itself isn’t loaded automatically by the system but by end users, the ability to configure it from an unprivileged local perspective and the possibility of remote exploitation makes this a dangerous vulnerability for those that use it in their networks,” SentinelOne researcher Max Van Amerongen said.”

Title: CISA Shares a Catalog of 306 Actively Exploited Vulnerabilities
Date Published: November 4, 2021

https://securityaffairs.co/wordpress/124181/security/cisa-exploited-vulnerabilities-catalog.html

Excerpt: “Vulnerabilities that have previously been used to exploit public and private organizations are a frequent attack vector for malicious cyber actors of all types. These vulnerabilities pose significant risk to agencies and the federal enterprise. It is essential to aggressively remediate known exploited vulnerabilities to protect federal information systems and reduce cyber incidents.” reads the directive published by DHS. “The catalog will list exploited vulnerabilities that carry significant risk to the federal enterprise with the requirement to remediate within 6 months for vulnerabilities with a Common Vulnerabilities and Exposures (CVE) ID assigned prior to 2021 and within two weeks for all other vulnerabilities. These default timelines may be adjusted in the case of grave risk to the Federal Enterprise”.”

Title: Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign
Date Published: November 3, 2021

https://threatpost.com/mekotio-banking-trojan-campaign/175981/

Excerpt: “The attacks are multistage in all phases, and they begin with Spanish-language phishing emails containing a .ZIP archive link or .ZIP file attachment. The lure is a claim that the email contains a digital tax receipt pending submission. If a user is duped into clicking on either form of .ZIP file, the aforementioned stealthy batch file executes. In turn, it issues a PowerShell command to download and run a PowerShell script in memory. The attacks are multistage in all phases, and they begin with Spanish-language phishing emails containing a .ZIP archive link or .ZIP file attachment. The lure is a claim that the email contains a digital tax receipt pending submission. If a user is duped into clicking on either form of .ZIP file, the aforementioned stealthy batch file executes. In turn, it issues a PowerShell command to download and run a PowerShell script in memory.”

Title: Tomiris Backdoor Linked to Hackers Behind Solar Winds Hack
Date Published: November 4, 2021

https://rootissh.in/tomiris-backdoor-linked-to-hackers-behind-solar-winds-hack-a067d11d5534

Excerpt: “The new Tomiris backdoor, discovered by Kaspersky in June this year from samples dating back to February, is also written in Go and was distributed via a successful DNS hijacking attack in which targets trying to access the login page of a corporate email service were redirected to a fraudulent domain with a lookalike interface designed to trick visitors into downloading the malware under the guise of a security update. “The main purpose of the backdoor was to establish a foothold in the attacked system and to download other malicious components,” the researchers said, in addition to finding a number of similarities ranging from the encryption scheme to the same spelling mistakes that collectively hint at the “possibility of common authorship or shared development practices”.”

Title: Facebook To Delete 1 Billion Faceprints in Face Recognition Shutdown
Date Published: November 2, 2021

https://www.bleepingcomputer.com/news/technology/facebook-to-delete-1-billion-faceprints-in-face-recognition-shutdown/

Excerpt: “Facebook announced today that they will no longer use the Face Recognition system on their platform and will be deleting over 1 billion people’s facial recognition profiles. Facebook’s Face Recognition system analyzes photos taken of tagged users and associated users’ profile photos to build a unique identifier or template. This template is then used to identify users in uploaded photos or automatically tag people in Memories. Now, a week after their rebranding as Meta, Facebook has announced that they are doing away with the Face Recognition feature and deleting all profile templates created by the system.”

Title: New Attack Spoofs Amazon to Obtain Payment From End-User
Date Published: November 4, 2021

https://www.avanan.com/blog/new-attack-spoofs-amazon-to-obtain-payment-from-end-user

Excerpt: “This email is designed to get the end-user to place a phone call and give up credit card information. It starts as what looks like a traditional Amazon order confirmation. Given the high price, a user is likely to check their account. When they click on the links, it goes directly to the actual Amazon site. The number listed on the email is not an Amazon number. Though it has an area code from South Carolina, the attackers call back from India. When you call the number, at first no one will answer. After a few hours, a call back will occur. The person on the other line will say that, in order to cancel the invoice, they will need a credit card number and CVV number.”

Title: Crypto Investors Lose $500,000 to Google Ads Pushing Fake Wallets
Date Published: November 4, 2021

https://www.bleepingcomputer.com/news/security/crypto-investors-lose-500-000-to-google-ads-pushing-fake-wallets/

Excerpt: “Threat actors are using advertisements in Google Search to promote fake cryptocurrency wallets and DEX platforms to steal user’s cryptocurrency. These advertisements promote sites that install fake Phantom and MetaMask wallets used for Solana and Ethereum, and fake decentralized exchange (DEX) platforms, such as PancakeSwap and Uniswap. The deceptive operation is supported by cloned websites that look just like the real ones, so the visitors are convinced they are installing the legitimate wallet or using the correct platform.”

Title: Our journey to API security at Raiffeisen Bank International
Date Published: November 4, 2021

https://thehackernews.com/2021/11/our-journey-to-api-security-at.html

Excerpt: “Headquartered in Vienna, Raiffeisen Bank International (RBI) operates across 14 countries in Central and Eastern Europe with around 45,000 employees. Our focus is on providing universal banking solutions to customers, as well as developing digital banking products for the retail and corporate markets. Accordingly, RBI has a substantial R&D division, making for a very large community of IT and engineering professionals all over Europe. Back in 2019, we began shifting to a product-led agile setup for RBI, introducing various security roles contributing and collaborating to achieve our strategic goals. As part of this journey, we established the security champion role within the DevSecOps team for each of our products. Besides our central “Security Design and Architecture “function, security specialists began working together to support products in implementing secure solutions.”

Title: Why Retailers Must Adopt a Zero Trust Approach During This Holiday Season
Date Published: November 4, 2021

https://cybersecurity.att.com/blogs/security-essentials/why-retailers-must-adopt-a-zero-trust-approach-during-this-holiday-season

Excerpt: “With high value transactions occurring online more often than ever, protecting customer financial data is paramount. Studies show that more than half of Generation Z have already invested before the age of 25, often using fintech apps like Robinhood that facilitate financial transactions. Cryptocurrency payments are also becoming increasingly common. This means retailers who do not make it easy for consumers to spend safely online will have trouble competing in the future. What’s more, companies around the world have been migrating to the cloud instead of using dedicated hosting. The unlimited storage offered by the cloud makes scalability easier. Cloud-based storage has been more practical to connect remote workers during the pandemic and beyond.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...