December 6, 2021

Fortify Security Team
Dec 6, 2021

Title: Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats
Date Published: December 4, 2021

Excerpt: “Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post. At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues pertaining to the country are said to have singled out iPhones registered to their overseas phone numbers, although the identity of the threat actors behind the intrusions, or the nature of the information sought, remains unknown as yet.”

Title: Solarwinds Hackers Have a Whole Bag of New Tricks for Mass Compromise Attacks
Date Published: December 6, 2021

Excerpt: “Use of credentials stolen by financially motivated hackers using malware such as Cryptbot, an information stealer that harvests system and web browser credentials and cryptocurrency wallets. The assistance from these hackers allowed the UNC3004 and UNC2652 to compromise targets even when they didn’t use a hacked service provider. Once the hacker groups were inside a network, they compromised enterprise spam filters or other software with “application impersonation privileges,” which have the ability to access email or other types of data from any other account in the compromised network. Hacking this single account saved the hassle of having to break into each account individually.”

Title: DMEA Colorado Electric Utility Hit by a Disruptive Cyberattack
Date Published: December 6, 2021

Excerpt: “DMEA was the victim of a cyber-attack on November 7, 2021. DMEA discovered a targeted effort to access portions of our internal network system by an unauthorized third party. As a result, DMEA lost 90% of internal network functions, and a good portion of our data, such as saved documents, spreadsheets, and forms, was corrupted. It also impacted our phones and emails. Our power grid and fiber network remain unaffected by the incident.”reads the data breach notice published by the company.”

Title: Hackers Are Using This New Malware Which Hides between Blocks of Junk Code
Date Published: December 6, 2021

Excerpt: “Mandiant associates these groups with UNC2452 – also known as Nobelium in reports by Microsoft – a hacking operation that works on behalf of the Russian Foreign Intelligence Service and behind the cyber attack against SolarWinds. However, while each of these hacking operations works out of Russia and appear to share similar goals, researchers can’t say for certain that they’re all part of one unit. “While it is plausible that they are the same group, currently, Mandiant does not have enough evidence to make this determination with high confidence,” said the report.”

Title: New COVID Variant Can Lead to New Phish Themes
Date Published: December 6, 2021

Excerpt: “Since the start of the COVID pandemic, Cofense has observed several phishing campaigns leveraging pandemic themes. Just as organizations were sending their workers to work remotely, most for the first time, attackers used those HR and policy communications. As vaccines were being rolled out, they used it. Back to the office protocols, they used it. Delta variant. Vaccine passport. We’ve seen it all. They also started just inserting the word “COVID” or “Coronavirus” into their templates to boost the likelihood of recipient interaction. And now as the new Coronavirus variant omicron moves into the headlines, it means a new variant for threat actors to update their phishing templates.”

Title: Russian Hacking Group Uses New Stealthy Ceeloader Malware
Date Published: December 6, 2021

Excerpt: “To hamper attempts at tracing the attacks, Nobelium uses residential IP addresses (proxies), TOR, VPS (Virtual Private Services), and VPN (Virtual Private Networks) to access the victim’s environment. In some cases, Mandiant identified compromised WordPress sites used to host second-stage payloads that were fetched and launched into memory by Ceeloader. Finally, the actors used legitimate Microsoft Azure-hosted systems with IP addresses that had proximity to the victim’s network.  This approach helps blend external activity and internal traffic, making detecting the malicious activity unlikely and the analysis harder.”

Title: Magecart Groups Abuse Google Tag Manager
Date Published: December 6, 2021

Excerpt: “This technique capitalizes on the ability to place JavaScript within the GTM container. The abuse of this legitimate Google service is concerning because it provides threat actors free infrastructure upon which they can host their scripts, enhancing their capability to avoid detection. The Magecart actors behind these increasingly popular attacks have posted at least 88,000 payment card records from these attacks to the dark web markets. Smaller e-commerce shops are the most common target since they often lack the resources or interest to design robust security systems.”

Title: Miscreants Make off with $150m of Digital Assets in Bitmart Security Breach
Date Published: December 6, 2021

Excerpt: “We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets today. At this moment we are still concluding the possible methods used. Hackers were able to withdraw assets of the value of approximately 150 million USD. The affected ETH hot wallet and BSC hot wallet carry a small percentage of assets on BitMart and all of our other wallets are secure and unharmed. We are now conducting a thorough security review and we will post updates as we progress. At this moment we are temporarily suspending withdrawals until further notice. We beg for your kind understanding and patience in this situation.”

Title: Technical Issues in Navigating the Transition from Sustainment to Engineering Software-Reliant Systems
Date Published: December 6, 2021

Excerpt: “In a November 2020 conversation with Defense Acquisition University, then Under Secretary of Defense for Acquisition and Sustainment Ellen Lord discussed how in today’s era of rapid technological advancements and the changing nature of the battlefield, warfighters need access to capabilities that enable quick decision making and give a competitive edge. “I want our [coders] to get downrange and talk to the Warfighter, or talk to them virtually,” Lord said. “I want them to understand what the problem is, and then hand a potential solution, a prototype, and let that get in the Warfighter’s hands to try.”

Title: Microsoft Offers 50% Subscription Discounts to Office Pirates
Date Published: December 6, 2021

Excerpt: “When clicked, the alert sends you to a Microsoft 365 landing page warning that pirated software can expose your computer to security threats. Among the risks behind counterfeit software, Redmond says you’ll be prone to higher exposure to virus and malware attacks, identity theft, corrupted files and data loss, and the inability to receive critical updates or edit files, all of these being legitimate points. The 50% discount is applied at checkout for the first year of an annual subscription on Microsoft 365 Family ($99.99/year) subscriptions for up to six users with 6TB of cloud storage and Microsoft 365 Personal ($69.99/year) subscriptions for one person with 1TB of storage.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 Excerpt: “The Keralty multinational healthcare...