December 21, 2021

Fortify Security Team
Dec 21, 2021

Title: FBI: Hackers Are Actively Exploiting This Flaw on Manageengine Desktop Central Servers
Date Published: December 21, 2021

https://www.zdnet.com/article/fbi-hackers-are-actively-exploiting-this-flaw-on-manageengine-desktop-central-servers/

Excerpt: “It has seen attackers upload two variants of web shells with the filenames emsaler.zip (variant 1, late October 2021), eco-inflect.jar (variant 1, mid November 2021) and aaa.zip (variant 2, late November 2021). The webshell overrides the legitimate Desktop Central application protocol interface servlet endpoint. The webshell is also used for reconnaissance and domain enumeration. Eventually, the attackers install a remote access tool (RAT) for further intrusion, lateral movement, and credential dumping using the penetration testing tool Mimikatz, and LSASS process memory dumping.”

Title: Conti Ransomware Gang Has Full Log4Shell Attack Chain
Date Published: December 20, 2021

https://threatpost.com/conti-ransomware-gang-has-full-log4shell-attack-chain/177173/

Excerpt: “The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain. The sophisticated Russia-based Conti group – which Palo Alto Networks has called “one of the most ruthless” of dozens of ransomware groups currently known to be active – was in the right place at the right time with the right tools when Log4Shell hit the scene 10 days ago, security firm Advanced Intelligence (AdvIntel) said in a report shared with Threatpost on Thursday.”

Title: Meta Sues People behind Facebook and Instagram Phishing
Date Published: December 20, 2021

https://www.bleepingcomputer.com/news/security/meta-sues-people-behind-facebook-and-instagram-phishing/

Excerpt: “This is part of a long series of lawsuits filed by Facebook against threat actors attacking its users and those abusing the platform for malicious purposes. For instance, in March 2020, Facebook sued domain name registrar Namecheap and its Whoisguard proxy service “for registering domain names that aim to deceive people by pretending to be affiliated with Facebook apps,” frequently being used “for phishing, fraud and scams.” In October 2019, Facebook filed a lawsuit against domain name registrar OnlineNIC and its ID Shield privacy service for allowing the registration of lookalike domains used in malicious campaigns.”

Title: Log4j Vulnerability Now Used to Install Dridex Banking Malware
Date Published: December 20, 2021

https://www.bleepingcomputer.com/news/security/log4j-vulnerability-now-used-to-install-dridex-banking-malware/

Excerpt: “Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. The Dridex malware is a banking trojan originally developed to steal online banking credentials from victims. However, over time, the malware has evolved to be a loader that downloads various modules that can be used to perform different malicious behavior, such as installing additional payloads, spreading to other devices, taking screenshots, and more.”

Title: Police Found 225 Million Stolen Passwords Hidden on a Hacked Cloud Server. Is Yours One of Them?
Date Published: December 21, 2021

https://www.zdnet.com/article/police-found-225-million-stolen-passwords-hidden-on-a-hacked-cloud-server-is-yours-one-of-them/

Excerpt: “The UK National Crime Agency (NCA) and National Cyber Crime Unit (NCCU) have discovered a 225 million cache of stolen emails and passwords and handed them to HaveIBeenPwned (HIBP), the free service for tracking credentials stolen and/or leaked through past data breaches. The 225 million new passwords become a part of HIPB’s existing body of 613 million passwords in the Pwned Passwords set, which offers website operators a hash of the passwords to ensure users don’t use them when creating a new account. Individuals can use HIPB’s Pwned Password page to see whether their passwords have been leaked in previous breaches.”

Title: Secret Backdoors Found in German-made Auerswald VoIP System
Date Published: December 21, 2021

https://thehackernews.com/2021/12/secret-backdoors-found-in-german-made.html

Excerpt: “The vulnerability has been assigned the identifier CVE-2021-40859 and carries a critical severity rating of 9.8. Following responsible disclosure on September 10, Auerswald addressed the problem in a firmware update (version 8.2B) released in November 2021. “Firmware Update 8.2B contains important security updates that you should definitely apply, even if you don’t need the advanced features,” the company said in a post without directly referencing the issue.”

Title: More than 35,000 Java Packages Impacted by log4j Flaw, Google Warns
Date Published: December 21, 2021

https://securityaffairs.co/wordpress/125845/security/log4j-java-packages-flaws.html

Excerpt: “The deeper the vulnerability is in a dependency chain, the more steps are required for it to be fixed. The following diagram shows a histogram of how deeply an affected log4j package (core or api) first appears in consumers dependency graphs.” reads the post published by the researchers. “For greater than 80% of the packages, the vulnerability is more than one level deep, with a majority affected five levels down (and some as many as nine levels down). These packages will require fixes throughout all parts of the tree, starting from the deepest dependencies first.”

Title: Scam Phishing Network Costs Victims $80m Per Month
Date Published: December 21, 2021

https://www.infosecurity-magazine.com/news/scam-phishing-network-victims-80m/

Excerpt: “To build trust with their victims, scammers register look-alike domain names to the official ones. Less frequently, they were also seen adding links to the calendar and posts on social networks. After clicking the targeted link, a user gets in the so-called traffic cloaking, which enables cyber-criminals to display different content to different users, based on certain user parameters. While the victim is being redirected to this ’branded survey,’ information about their session is recorded and used to customize a final malicious link that can only be opened once – complicating efforts to detect and take down the scam.”

Title: Nurse Arrested in Hacking Investigation
Date Published: December 20, 2021

https://www.infosecurity-magazine.com/news/nurse-arrested-in-hacking/

Excerpt: “The administrative rights associated with eight additional Polk State College employee accounts were also impacted in the incident. Polk College said that the data breach did not involve any student information. Law enforcement linked the cyber-attack to 38-year-old Winter Haven resident Brandon James Diaz. A former paramedic, fireman, and nurse, Diaz had worked as a clinical coordinator for the Polk State College EMS program but was fired in May 2021 for his “inability to complete his job duties.”

Title: Russian National Extradited for Illegal Hacking & Trading
Date Published: December 20, 2021

https://www.darkreading.com/threat-intelligence/russian-national-extradited-for-illegal-hacking-trading

Excerpt: “Vladislav Klyushin was arrested in Sion, Switzerland, on March 21, 2021, and extradited to the US on Dec. 18. He is charged with conspiring to obtain unauthorized access to computers and to commit wire fraud and securities fraud, as well as obtaining unauthorized access to computers, wire fraud, and securities fraud. Four other Russian nationals were also charged as part of this operation, the DoJ reports. Ivan Ermakov, Nikolai Rumiantcev, Mikhail Vladimirovich Irzak, and Igor Sergeevich Sladkov all remain at large.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...