December 1, 2021

Fortify Security Team
Dec 1, 2021

Title: Bad Actors in News Reporting: Tracking News Manipulation by State Actors
Date Published: December 1, 2021

https://www.rand.org/pubs/research_reports/RRA112-21.html

Excerpt: “COVID-19 offered authoritarian regimes, such as China and Russia, an opportunity to manipulate news media to serve state ends. Researchers conducted a scalable proof-of-concept study for detecting state-level news manipulation. Using a scalable infrastructure for harvesting global news media, and using machine-learning and data analysis workflows, the research team found that both Russia and China appear to have employed information manipulation during the COVID-19 pandemic in service to their respective global agendas.”

Title: Amazon Web Services, Crowdstrike and Presidio Partner for Ransomware Mitigation Kit
Date Published: December 1, 2021

https://www.zdnet.com/article/amazon-web-services-crowdstrike-and-presidio-partner-for-ransomware-mitigation-kit/

Excerpt: “The companies said the kit will provide “end-to-end white glove service to identify and protect against cyber threats, detect, and respond to risks as they occur and recover all critical data and applications prior to the breach.” Leveraging technology from CrowdStrike and CloudEndure, the kit offers enterprises visibility and breach protection across a range of digital assets, a beefed-up cloud security foundation, detection and attack prevention capabilities as well as response and attack mitigation tools.”

Title: NFT Support Scam, NFTishing
Date Published: December 1, 2021

https://guardyourdomain.com/nft-support-scam-nftishing/

Excerpt: “Scammers are impersonating NFT Marketplaces on Twitter and posing as the legitimate support Twitter account for these marketplaces, notably OpenSea. The scammers reply to individuals who need help and tell them to message the fake support account for assistance directly. In the DMs, this is where the nefarious activity goes down. The scammers instruct users to navigate to a fraudulent site which is a replica of the legitimate site. Users are told that in order to resolve their support inquiry, they need to “connect” or “sync” their wallet and are sent a link to the fraudulent site. Unbeknownst to the user, the process of “syncing” their wallet requires entering sensitive information on the fraudulent site.”

Title: Texas School District to Scan Children’s Devices
Date Published: December 1, 2021

https://www.infosecurity-magazine.com/news/texas-school-district-scan-devices/

Excerpt: “A school district in East Texas will start scanning digital devices used by its students to find out what they have been saying to and about one another.  Longview Independent School District (Longview ISD) has partnered with technology and web-hosting company Gaggle to scour district-issued devices and student emails for a particular set of keywords. With Gaggle’s software, the keywords can be detected and reported to school administrators.”

Title: Rushed Digital Transformation Is Creating Security Risks
Date Published: December 1, 2021

https://medium.com/enterprise-nxt/rushed-digital-transformation-is-creating-security-risks-bc2e54216df7

Excerpt: “There have been contributing factors to the haste. “Naivete combined with being overwhelmed is not a good mix,” says Stevan Bernard, former senior security adviser for International SOS and now CEO of cybersecurity firm Bernard Global. “The pandemic put us in a survival mode. For those who previously had little to no dependence on digital, whether in their business or their personal lives, being connected suddenly became essential, even urgent”.”

Title: Exploiting Windows 2008 Server by Eternal Blue Vulnerability to perform Data breach attack using Metasploit Framework (MS17–010)
Date Published: December 1, 2021

https://medium.com/@pravisharodrigo7/exploiting-windows-2008-server-by-eternal-blue-vulnerability-to-perform-data-breach-attack-using-913e609914f

Excerpt: “MS17–010 or commonly known as “Eternal Blue vulnerability” was discovered by the National Security Agency (signal intelligence unit) of the United States of America. It was released because there were few testimonies from NSA employees, and it was leaked by the “shadow brokers” hacker group on April 14, 2017. A vulnerability that has been around for 4 years. It was then utilized for the famous “WannaCry” ransomware attack (the ransomware attack that cripple the whole UK hospital computer systems and later spread to the whole world).”

Title: State-Backed Hackers Increasingly Use RTF Injection for Phishing
Date Published: December 1, 2021

https://www.bleepingcomputer.com/news/security/state-backed-hackers-increasingly-use-rtf-injection-for-phishing/

Excerpt: “Rich Text Format (RTF) files are a document format created by Microsoft that can be opened using Microsoft Word, WordPad, and other applications found on almost all operating systems. When creating RTF files, you can include an RTF Template that specifies how the text in the document should be formatted. These templates are local files imported into an RTF viewer before displaying the contents of the file to format it correctly. While RTF Templates are meant to be hosted locally, threat actors are now abusing this legitimate functionality to retrieve a URL resource instead of a local file resource.”

Title: Deepfake Technology and Its Implications for the Future of Cyber-Attacks
Date Published: December 1, 2021

https://cybersecurity.att.com/blogs/security-essentials/deepfake-technology-and-its-implications-for-the-future-of-cyber-attacks

Excerpt: “Imagine receiving a call from your CEO, someone you have never personally met but have heard speak at a variety of town halls and e-mailed video correspondences. This call says they really appreciate your work, and wondered if you would do them a small favor. After a slight pause, they ask you to purchase some gift cards for an upcoming raffle from whatever local retailer is close to you. They assure you the company will reimburse you, and apologizes for the inconvenience.”

Title: Mission “Patching Impossible” — Why ATM’s Every Vulnerability Is in Billions Worth
Date Published: December 1, 2021

https://medium.com/@prcooltechzone/mission-patching-impossible-why-atms-every-vulnerability-is-in-billions-worth-794f1dd85a48

Excerpt: “The first-ever logic attack was conducted in 2015 when payment terminals were attacked. The depositing money was emulated by malware, and then transactions were carried out from bank accounts to electronic money wallets. Such mechanisms are termed “Virtual cash acceptors,” where attackers learn about payment’s internal mechanisms and features. Recently, Kaspersky Lab revealed that a piece of malware that allows an attacker to control compromised ATMs remotely had been discovered after a Russian bank was targeted.”

Title: Behind the Man-in-the-Middle Attacks For Connected Cars: Real-Life Interception of Network Traffic Between Connected Car and Back-End Platforms
Date Published: December 1, 2021

https://navinfo-europe.medium.com/behind-the-man-in-the-middle-attacks-for-connected-cars-real-life-interception-of-network-traffic-824a6b16694c

Excerpt: “The danger that cyber-attacks, and MITM attacks in particular pose to the automotive industry can’t be underestimated. As technology in connected vehicles advances and becomes more sophisticated, so do the methods used by cyber criminals to attack or threaten victims worldwide. To tackle this, OEMs can rely on Penetration Testing (or pen-testing) which is performed by authorized professionals in order to exploit vulnerabilities in connected devices to determine whether malicious activity is possible. It allows organizations to gain deep insights on their system or vehicle’s possible vulnerabilities, comply with security standards, and verify staff awareness.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...