December 21, 2021

Fortify Security Team
Dec 21, 2021

Title: FBI: Hackers Are Actively Exploiting This Flaw on Manageengine Desktop Central Servers
Date Published: December 21, 2021

Excerpt: “It has seen attackers upload two variants of web shells with the filenames (variant 1, late October 2021), eco-inflect.jar (variant 1, mid November 2021) and (variant 2, late November 2021). The webshell overrides the legitimate Desktop Central application protocol interface servlet endpoint. The webshell is also used for reconnaissance and domain enumeration. Eventually, the attackers install a remote access tool (RAT) for further intrusion, lateral movement, and credential dumping using the penetration testing tool Mimikatz, and LSASS process memory dumping.”

Title: Conti Ransomware Gang Has Full Log4Shell Attack Chain
Date Published: December 20, 2021

Excerpt: “The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain. The sophisticated Russia-based Conti group – which Palo Alto Networks has called “one of the most ruthless” of dozens of ransomware groups currently known to be active – was in the right place at the right time with the right tools when Log4Shell hit the scene 10 days ago, security firm Advanced Intelligence (AdvIntel) said in a report shared with Threatpost on Thursday.”

Title: Meta Sues People behind Facebook and Instagram Phishing
Date Published: December 20, 2021

Excerpt: “This is part of a long series of lawsuits filed by Facebook against threat actors attacking its users and those abusing the platform for malicious purposes. For instance, in March 2020, Facebook sued domain name registrar Namecheap and its Whoisguard proxy service “for registering domain names that aim to deceive people by pretending to be affiliated with Facebook apps,” frequently being used “for phishing, fraud and scams.” In October 2019, Facebook filed a lawsuit against domain name registrar OnlineNIC and its ID Shield privacy service for allowing the registration of lookalike domains used in malicious campaigns.”

Title: Log4j Vulnerability Now Used to Install Dridex Banking Malware
Date Published: December 20, 2021

Excerpt: “Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. The Dridex malware is a banking trojan originally developed to steal online banking credentials from victims. However, over time, the malware has evolved to be a loader that downloads various modules that can be used to perform different malicious behavior, such as installing additional payloads, spreading to other devices, taking screenshots, and more.”

Title: Police Found 225 Million Stolen Passwords Hidden on a Hacked Cloud Server. Is Yours One of Them?
Date Published: December 21, 2021

Excerpt: “The UK National Crime Agency (NCA) and National Cyber Crime Unit (NCCU) have discovered a 225 million cache of stolen emails and passwords and handed them to HaveIBeenPwned (HIBP), the free service for tracking credentials stolen and/or leaked through past data breaches. The 225 million new passwords become a part of HIPB’s existing body of 613 million passwords in the Pwned Passwords set, which offers website operators a hash of the passwords to ensure users don’t use them when creating a new account. Individuals can use HIPB’s Pwned Password page to see whether their passwords have been leaked in previous breaches.”

Title: Secret Backdoors Found in German-made Auerswald VoIP System
Date Published: December 21, 2021

Excerpt: “The vulnerability has been assigned the identifier CVE-2021-40859 and carries a critical severity rating of 9.8. Following responsible disclosure on September 10, Auerswald addressed the problem in a firmware update (version 8.2B) released in November 2021. “Firmware Update 8.2B contains important security updates that you should definitely apply, even if you don’t need the advanced features,” the company said in a post without directly referencing the issue.”

Title: More than 35,000 Java Packages Impacted by log4j Flaw, Google Warns
Date Published: December 21, 2021

Excerpt: “The deeper the vulnerability is in a dependency chain, the more steps are required for it to be fixed. The following diagram shows a histogram of how deeply an affected log4j package (core or api) first appears in consumers dependency graphs.” reads the post published by the researchers. “For greater than 80% of the packages, the vulnerability is more than one level deep, with a majority affected five levels down (and some as many as nine levels down). These packages will require fixes throughout all parts of the tree, starting from the deepest dependencies first.”

Title: Scam Phishing Network Costs Victims $80m Per Month
Date Published: December 21, 2021

Excerpt: “To build trust with their victims, scammers register look-alike domain names to the official ones. Less frequently, they were also seen adding links to the calendar and posts on social networks. After clicking the targeted link, a user gets in the so-called traffic cloaking, which enables cyber-criminals to display different content to different users, based on certain user parameters. While the victim is being redirected to this ’branded survey,’ information about their session is recorded and used to customize a final malicious link that can only be opened once – complicating efforts to detect and take down the scam.”

Title: Nurse Arrested in Hacking Investigation
Date Published: December 20, 2021

Excerpt: “The administrative rights associated with eight additional Polk State College employee accounts were also impacted in the incident. Polk College said that the data breach did not involve any student information. Law enforcement linked the cyber-attack to 38-year-old Winter Haven resident Brandon James Diaz. A former paramedic, fireman, and nurse, Diaz had worked as a clinical coordinator for the Polk State College EMS program but was fired in May 2021 for his “inability to complete his job duties.”

Title: Russian National Extradited for Illegal Hacking & Trading
Date Published: December 20, 2021

Excerpt: “Vladislav Klyushin was arrested in Sion, Switzerland, on March 21, 2021, and extradited to the US on Dec. 18. He is charged with conspiring to obtain unauthorized access to computers and to commit wire fraud and securities fraud, as well as obtaining unauthorized access to computers, wire fraud, and securities fraud. Four other Russian nationals were also charged as part of this operation, the DoJ reports. Ivan Ermakov, Nikolai Rumiantcev, Mikhail Vladimirovich Irzak, and Igor Sergeevich Sladkov all remain at large.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 Excerpt: “Florida man Nicholas Truglia...