December 6, 2021

Fortify Security Team
Dec 6, 2021

Title: Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats
Date Published: December 4, 2021

https://thehackernews.com/2021/12/pegasus-spyware-reportedly-hacked.html

Excerpt: “Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post. At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues pertaining to the country are said to have singled out iPhones registered to their overseas phone numbers, although the identity of the threat actors behind the intrusions, or the nature of the information sought, remains unknown as yet.”

Title: Solarwinds Hackers Have a Whole Bag of New Tricks for Mass Compromise Attacks
Date Published: December 6, 2021

https://arstechnica.com/information-technology/2021/12/solarwinds-hackers-have-a-whole-bag-of-new-tricks-for-mass-compromise-attacks/

Excerpt: “Use of credentials stolen by financially motivated hackers using malware such as Cryptbot, an information stealer that harvests system and web browser credentials and cryptocurrency wallets. The assistance from these hackers allowed the UNC3004 and UNC2652 to compromise targets even when they didn’t use a hacked service provider. Once the hacker groups were inside a network, they compromised enterprise spam filters or other software with “application impersonation privileges,” which have the ability to access email or other types of data from any other account in the compromised network. Hacking this single account saved the hassle of having to break into each account individually.”

Title: DMEA Colorado Electric Utility Hit by a Disruptive Cyberattack
Date Published: December 6, 2021

https://securityaffairs.co/wordpress/125326/hacking/dmea-colorado-electric-utility-attack.html

Excerpt: “DMEA was the victim of a cyber-attack on November 7, 2021. DMEA discovered a targeted effort to access portions of our internal network system by an unauthorized third party. As a result, DMEA lost 90% of internal network functions, and a good portion of our data, such as saved documents, spreadsheets, and forms, was corrupted. It also impacted our phones and emails. Our power grid and fiber network remain unaffected by the incident.”reads the data breach notice published by the company.”

Title: Hackers Are Using This New Malware Which Hides between Blocks of Junk Code
Date Published: December 6, 2021

https://www.zdnet.com/article/hackers-are-using-this-new-malware-which-hides-between-blocks-of-junk-code/

Excerpt: “Mandiant associates these groups with UNC2452 – also known as Nobelium in reports by Microsoft – a hacking operation that works on behalf of the Russian Foreign Intelligence Service and behind the cyber attack against SolarWinds. However, while each of these hacking operations works out of Russia and appear to share similar goals, researchers can’t say for certain that they’re all part of one unit. “While it is plausible that they are the same group, currently, Mandiant does not have enough evidence to make this determination with high confidence,” said the report.”

Title: New COVID Variant Can Lead to New Phish Themes
Date Published: December 6, 2021

https://cofense.com/new-covid-variant-can-lead-to-new-phish-themes/

Excerpt: “Since the start of the COVID pandemic, Cofense has observed several phishing campaigns leveraging pandemic themes. Just as organizations were sending their workers to work remotely, most for the first time, attackers used those HR and policy communications. As vaccines were being rolled out, they used it. Back to the office protocols, they used it. Delta variant. Vaccine passport. We’ve seen it all. They also started just inserting the word “COVID” or “Coronavirus” into their templates to boost the likelihood of recipient interaction. And now as the new Coronavirus variant omicron moves into the headlines, it means a new variant for threat actors to update their phishing templates.”

Title: Russian Hacking Group Uses New Stealthy Ceeloader Malware
Date Published: December 6, 2021

https://www.bleepingcomputer.com/news/security/russian-hacking-group-uses-new-stealthy-ceeloader-malware/

Excerpt: “To hamper attempts at tracing the attacks, Nobelium uses residential IP addresses (proxies), TOR, VPS (Virtual Private Services), and VPN (Virtual Private Networks) to access the victim’s environment. In some cases, Mandiant identified compromised WordPress sites used to host second-stage payloads that were fetched and launched into memory by Ceeloader. Finally, the actors used legitimate Microsoft Azure-hosted systems with IP addresses that had proximity to the victim’s network.  This approach helps blend external activity and internal traffic, making detecting the malicious activity unlikely and the analysis harder.”

Title: Magecart Groups Abuse Google Tag Manager
Date Published: December 6, 2021

https://www.recordedfuture.com/magecarts-group-abuse-google-tag-manager/

Excerpt: “This technique capitalizes on the ability to place JavaScript within the GTM container. The abuse of this legitimate Google service is concerning because it provides threat actors free infrastructure upon which they can host their scripts, enhancing their capability to avoid detection. The Magecart actors behind these increasingly popular attacks have posted at least 88,000 payment card records from these attacks to the dark web markets. Smaller e-commerce shops are the most common target since they often lack the resources or interest to design robust security systems.”

Title: Miscreants Make off with $150m of Digital Assets in Bitmart Security Breach
Date Published: December 6, 2021

https://support.bmx.fund/hc/en-us/articles/4411998987419

Excerpt: “We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets today. At this moment we are still concluding the possible methods used. Hackers were able to withdraw assets of the value of approximately 150 million USD. The affected ETH hot wallet and BSC hot wallet carry a small percentage of assets on BitMart and all of our other wallets are secure and unharmed. We are now conducting a thorough security review and we will post updates as we progress. At this moment we are temporarily suspending withdrawals until further notice. We beg for your kind understanding and patience in this situation.”

Title: Technical Issues in Navigating the Transition from Sustainment to Engineering Software-Reliant Systems
Date Published: December 6, 2021

https://insights.sei.cmu.edu/blog/technical-issues-in-navigating-the-transition-from-sustainment-to-engineering-software-reliant-systems/

Excerpt: “In a November 2020 conversation with Defense Acquisition University, then Under Secretary of Defense for Acquisition and Sustainment Ellen Lord discussed how in today’s era of rapid technological advancements and the changing nature of the battlefield, warfighters need access to capabilities that enable quick decision making and give a competitive edge. “I want our [coders] to get downrange and talk to the Warfighter, or talk to them virtually,” Lord said. “I want them to understand what the problem is, and then hand a potential solution, a prototype, and let that get in the Warfighter’s hands to try.”

Title: Microsoft Offers 50% Subscription Discounts to Office Pirates
Date Published: December 6, 2021

https://www.bleepingcomputer.com/news/microsoft/microsoft-offers-50-percent-subscription-discounts-to-office-pirates/

Excerpt: “When clicked, the alert sends you to a Microsoft 365 landing page warning that pirated software can expose your computer to security threats. Among the risks behind counterfeit software, Redmond says you’ll be prone to higher exposure to virus and malware attacks, identity theft, corrupted files and data loss, and the inability to receive critical updates or edit files, all of these being legitimate points. The 50% discount is applied at checkout for the first year of an annual subscription on Microsoft 365 Family ($99.99/year) subscriptions for up to six users with 6TB of cloud storage and Microsoft 365 Personal ($69.99/year) subscriptions for one person with 1TB of storage.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...