December 10, 2021

Fortify Security Team
Dec 10, 2021

Title: ‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware

Date Published: December 10, 2021

https://threatpost.com/extortion-karakurt-threat-ransomware/176911/

Excerpt: “Researchers outside of Accenture Security first identified Karakurt in June as it began setting up its infrastructure and data-leak sites, Accenture CIFR researchers told Threatpost. That month, the group registered the sites karakurt.group and karakurt.tech; and created the Twitter handle @karakurtlair in August. Not long after, the group’s first successful attack followed. Accenture Security’s collection sources and intrusion analysis identified the first victim of the group in September; two months later, the group revealed its victim on the karakurt.group website, researchers said.”

Title: 1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs

Date Published: December 9, 2021

https://www.wordfence.com/blog/2021/12/massive-wordpress-attack-campaign/

Excerpt: “Attackers are targeting 4 individual plugins with Unauthenticated Arbitrary Options Update Vulnerabilities. The four plugins consist of Kiwi Social Share, which has been patched since November 12, 2018, WordPress Automatic and Pinterest Automatic which have been patched since August 23, 2021, and PublishPress Capabilities which was recently patched on December 6, 2021. In addition, they are targeting a Function Injection vulnerability in various Epsilon Framework themes in an attempt to update arbitrary options.”

Title: New Firefox Sandbox Isolates Third-Party Libraries

Date Published: December 10, 2021

https://www.darkreading.com/emerging-tech/new-firefox-sandbox-isolates-third-party-libraries

Excerpt: “RLBox extends the sandbox concept and isolates the browser’s subcomponents – third party-libraries used by Firefox – inside a fine-grained software sandbox, Mozilla says. This way, potentially untrusted code is kept where it can’t cause much damage to the browser. Intended to complement existing protections, the feature is being rolled out with support for isolating the modules for Graphite font rendering engine, Hunsell spell checker, Ogg multimedia container format, Expat XML parser, and Woff2 web font compression format.”

Title: Security Warning: New Zero-Day in the log4j Java Library Is Already Being Exploited

Date Published: December 10, 2021

https://www.zdnet.com/article/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited/

Excerpt: “A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers. Tracked as CVE-2021-44228, the vulnerability is classed as severe and allows unauthenticated remote code execution as the user running the application utilises the Java logging library. CERT New Zealand warns that it’s already being exploited in the wild. Systems and services that use the Java logging library, Apache Log4j between versions 2.0 and 2.14.1 are all affected, including many services and applications written in Java.”

Title: Cybersecurity Graduates Rise but Firms Still Facing a Talent Shortage

Date Published: December 10, 2021

https://techgigdotcom.medium.com/cybersecurity-graduates-rise-but-firms-still-facing-a-talent-shortage-54f1482e11b2

Excerpt: “The shortage of skilled cyber security professionals in India is 9% higher than the global average. Data Security Council of India estimates the country will need about one million cyber security professionals. According to a survey report from ISACA-HCL Technologies, 49% of the organisations say that they have unfilled positions in their cyber security divisions.
There were unfilled positions in their organisation, and it took anywhere between three to six months to fill an open position in the field.”

Title: Data Breach Impacts 80,000 South Australian Govt Employees

Date Published: December 10, 2021

https://www.bleepingcomputer.com/news/security/data-breach-impacts-80-000-south-australian-govt-employees/

Excerpt: “The South Australian government has disclosed that the sensitive personal information belonging to tens of thousands of its employees was compromised following a ransomware attack that hit the system of an external payroll software provider last month. The number of records accessed by hackers corresponds to at least 38,000 SA government employees, but it could be as high as 80,000 according to South Australia’s Treasurer Rob Lucas. The breached company behind this data breach is Frontier Software, which suffered from a ransomware attack on November 13, 2021.”

Title: How to Hide from the State’s Big Brother? Snowden’s Method to Use

Date Published: December 10, 2021

https://medium.com/@prcooltechzone/how-to-hide-from-the-states-big-brother-snowden-s-method-to-use-96797c8e5ee9

Excerpt: “There is a common opinion that one cannot trust anonymous people because they do not risk their reputation, which means they can be provocateurs and aggressors. That could be indeed the case. However, the world has sunk into the era of totalitarian states, and freedom of speech is now increasingly punishable. Political activists, public figures, and any not indifferent people cannot fully talk about their rights; therefore, they have to hide behind the mask of an anonymous person. For getting their freedom back, people are forced to act not according to the rules. Security prevention is an opportunity to preserve your dignity and the right to self-expression.”

Title: CISA Releases Advisory on Five Apache HTTP Server Vulnerabilities Affecting Cisco Products

Date Published: December 9, 2021

https://www.zdnet.com/article/cisa-releases-advisory-on-five-apache-http-server-vulnerabilities/

Excerpt: “Cisco said the products that are affected by the vulnerabilities include Cisco Cloud Services Platform 2100, Cisco Wide Area Application Services (WAAS), Cisco Wireless Gateway for LoRaWAN, Cisco TelePresence Video Communication Server (VCS), Cisco Expressway Series, Cisco UCS Manager, Cisco Network Assurance Engine, Cisco UCS Director BareMetal Agent, Cisco UCS Central Software, Cisco Security Manager, Cisco Prime Optical for Service Providers, Cisco Prime Infrastructure, Cisco Prime Collaboration Provisioning, Cisco FXOS Software for Firepower 4100/9300 Series Appliances, Cisco Policy Suite and the Cisco Firepower Management Center.”

Title: Kali Linux 2021.4 Released with 9 New Tools, Further Apple m1 Support

Date Published: December 9, 2021

https://www.bleepingcomputer.com/news/security/kali-linux-20214-released-with-9-new-tools-further-apple-m1-support/

Excerpt: “Kali Linux 2021.4 was released today by Offensive Security and includes further Apple M1 support, increased Samba compatibility, nine new tools, and an update for all three main desktops. Kali Linux is a Linux distribution allowing cybersecurity professionals and ethical hackers to perform penetration testing and security audits against internal and remote networks.”

Title: Researchers Explore Microsoft Outlook Phishing Techniques

Date Published: December 9, 2021

https://www.darkreading.com/threat-intelligence/researchers-explore-outlook-phishing-techniques

Excerpt: “Some of the tools built into Outlook to boost productivity and collaboration could also make it easier to launch effective social engineering campaigns, researchers say. In early December, researchers with Avanan discovered a way in which Outlook’s features could be used to make an attacker appear more credible in a phishing or business email compromise (BEC) attack. Their attack started with a spoofed email. If an attacker had a private server, they could launch a domain impersonation attack with an email pretending to come from another sender.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...