December 10, 2021

Fortify Security Team
Dec 10, 2021

Title: ‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware

Date Published: December 10, 2021

https://threatpost.com/extortion-karakurt-threat-ransomware/176911/

Excerpt: “Researchers outside of Accenture Security first identified Karakurt in June as it began setting up its infrastructure and data-leak sites, Accenture CIFR researchers told Threatpost. That month, the group registered the sites karakurt.group and karakurt.tech; and created the Twitter handle @karakurtlair in August. Not long after, the group’s first successful attack followed. Accenture Security’s collection sources and intrusion analysis identified the first victim of the group in September; two months later, the group revealed its victim on the karakurt.group website, researchers said.”

Title: 1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs

Date Published: December 9, 2021

https://www.wordfence.com/blog/2021/12/massive-wordpress-attack-campaign/

Excerpt: “Attackers are targeting 4 individual plugins with Unauthenticated Arbitrary Options Update Vulnerabilities. The four plugins consist of Kiwi Social Share, which has been patched since November 12, 2018, WordPress Automatic and Pinterest Automatic which have been patched since August 23, 2021, and PublishPress Capabilities which was recently patched on December 6, 2021. In addition, they are targeting a Function Injection vulnerability in various Epsilon Framework themes in an attempt to update arbitrary options.”

Title: New Firefox Sandbox Isolates Third-Party Libraries

Date Published: December 10, 2021

https://www.darkreading.com/emerging-tech/new-firefox-sandbox-isolates-third-party-libraries

Excerpt: “RLBox extends the sandbox concept and isolates the browser’s subcomponents – third party-libraries used by Firefox – inside a fine-grained software sandbox, Mozilla says. This way, potentially untrusted code is kept where it can’t cause much damage to the browser. Intended to complement existing protections, the feature is being rolled out with support for isolating the modules for Graphite font rendering engine, Hunsell spell checker, Ogg multimedia container format, Expat XML parser, and Woff2 web font compression format.”

Title: Security Warning: New Zero-Day in the log4j Java Library Is Already Being Exploited

Date Published: December 10, 2021

https://www.zdnet.com/article/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited/

Excerpt: “A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers. Tracked as CVE-2021-44228, the vulnerability is classed as severe and allows unauthenticated remote code execution as the user running the application utilises the Java logging library. CERT New Zealand warns that it’s already being exploited in the wild. Systems and services that use the Java logging library, Apache Log4j between versions 2.0 and 2.14.1 are all affected, including many services and applications written in Java.”

Title: Cybersecurity Graduates Rise but Firms Still Facing a Talent Shortage

Date Published: December 10, 2021

https://techgigdotcom.medium.com/cybersecurity-graduates-rise-but-firms-still-facing-a-talent-shortage-54f1482e11b2

Excerpt: “The shortage of skilled cyber security professionals in India is 9% higher than the global average. Data Security Council of India estimates the country will need about one million cyber security professionals. According to a survey report from ISACA-HCL Technologies, 49% of the organisations say that they have unfilled positions in their cyber security divisions.
There were unfilled positions in their organisation, and it took anywhere between three to six months to fill an open position in the field.”

Title: Data Breach Impacts 80,000 South Australian Govt Employees

Date Published: December 10, 2021

https://www.bleepingcomputer.com/news/security/data-breach-impacts-80-000-south-australian-govt-employees/

Excerpt: “The South Australian government has disclosed that the sensitive personal information belonging to tens of thousands of its employees was compromised following a ransomware attack that hit the system of an external payroll software provider last month. The number of records accessed by hackers corresponds to at least 38,000 SA government employees, but it could be as high as 80,000 according to South Australia’s Treasurer Rob Lucas. The breached company behind this data breach is Frontier Software, which suffered from a ransomware attack on November 13, 2021.”

Title: How to Hide from the State’s Big Brother? Snowden’s Method to Use

Date Published: December 10, 2021

https://medium.com/@prcooltechzone/how-to-hide-from-the-states-big-brother-snowden-s-method-to-use-96797c8e5ee9

Excerpt: “There is a common opinion that one cannot trust anonymous people because they do not risk their reputation, which means they can be provocateurs and aggressors. That could be indeed the case. However, the world has sunk into the era of totalitarian states, and freedom of speech is now increasingly punishable. Political activists, public figures, and any not indifferent people cannot fully talk about their rights; therefore, they have to hide behind the mask of an anonymous person. For getting their freedom back, people are forced to act not according to the rules. Security prevention is an opportunity to preserve your dignity and the right to self-expression.”

Title: CISA Releases Advisory on Five Apache HTTP Server Vulnerabilities Affecting Cisco Products

Date Published: December 9, 2021

https://www.zdnet.com/article/cisa-releases-advisory-on-five-apache-http-server-vulnerabilities/

Excerpt: “Cisco said the products that are affected by the vulnerabilities include Cisco Cloud Services Platform 2100, Cisco Wide Area Application Services (WAAS), Cisco Wireless Gateway for LoRaWAN, Cisco TelePresence Video Communication Server (VCS), Cisco Expressway Series, Cisco UCS Manager, Cisco Network Assurance Engine, Cisco UCS Director BareMetal Agent, Cisco UCS Central Software, Cisco Security Manager, Cisco Prime Optical for Service Providers, Cisco Prime Infrastructure, Cisco Prime Collaboration Provisioning, Cisco FXOS Software for Firepower 4100/9300 Series Appliances, Cisco Policy Suite and the Cisco Firepower Management Center.”

Title: Kali Linux 2021.4 Released with 9 New Tools, Further Apple m1 Support

Date Published: December 9, 2021

https://www.bleepingcomputer.com/news/security/kali-linux-20214-released-with-9-new-tools-further-apple-m1-support/

Excerpt: “Kali Linux 2021.4 was released today by Offensive Security and includes further Apple M1 support, increased Samba compatibility, nine new tools, and an update for all three main desktops. Kali Linux is a Linux distribution allowing cybersecurity professionals and ethical hackers to perform penetration testing and security audits against internal and remote networks.”

Title: Researchers Explore Microsoft Outlook Phishing Techniques

Date Published: December 9, 2021

https://www.darkreading.com/threat-intelligence/researchers-explore-outlook-phishing-techniques

Excerpt: “Some of the tools built into Outlook to boost productivity and collaboration could also make it easier to launch effective social engineering campaigns, researchers say. In early December, researchers with Avanan discovered a way in which Outlook’s features could be used to make an attacker appear more credible in a phishing or business email compromise (BEC) attack. Their attack started with a spoofed email. If an attacker had a private server, they could launch a domain impersonation attack with an email pretending to come from another sender.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...