December 9, 2021

Fortify Security Team
Dec 9, 2021

Title: Detecting Patient Zero Web Threats in Real Time With Advanced URL Filtering
Date Published: December 9, 2021

Excerpt: “URL filtering solutions based on blocklists and databases are generally unable to catch patient zero web threats – in other words, malicious URLs that are being seen for the first time. The reason is not only due to the reactive nature of such classification (a malicious URL, domain or IP must be seen and allowed at least once before it gets analyzed and blocked), but also because of cloaking techniques used by sophisticated malicious actors. One-time URLs, short-lived domains, bot detection and other measures are widely used by malware and phishing campaigns in order to bypass security crawlers and scanners.”

Title: Tor Is under Threat from Russian Censorship and Sybil Attacks
Date Published: December 8, 2021

Excerpt: “Russia’s Federal Service for Supervision of Communications, Information Technology, and Mass Media, known as Roskomnadzor, began blocking Tor in the country on Tuesday. The move left Tor users in Russia—said by Tor Project leaders to number about 300,000, or about or 15 percent of Tor users—scrambling to find ways to view sites already blocked and to shield their browsing habits from government investigators. Tor Project managers on early Tuesday said some ISPs in Russia began blocking Tor nodes on December 1 and that Roskomnadzor had threatened to block the main Tor site. A few hours later, the Russian government body made good on those threats.”

Title: Malicious NPM Code Packages Built for Hijacking Discord Servers
Date Published: December 8, 2021

Excerpt: “A series of malicious packages in the Node.js package manager (npm) code repository are looking to harvest Discord tokens, which can be used to take over unsuspecting users’ accounts and servers. The npm repository is an open-source home for JavaScript developers to share and reuse code blocks. The packages can represent a supply-chain threat given that they can be used as building blocks in various web applications. Any applications corrupted by malicious code can attack its users.”

Title: Cox Discloses Data Breach after Hacker Impersonates Support Agent
Date Published: December 9, 2021

Excerpt: “Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information. Cox Communications, aka Cox Cable, is a digital cable provider and telecommunication company that provides internet, television, and phone services in the USA. This week, customers began receiving letters in the mail disclosing that Cox Communications learned on October 11th, 2021, that “unknown person(s)” impersonated a Cox support agent to access customer information.”

Title: Sandisk Secureaccess Bug Allows Brute Forcing Vault Passwords
Date Published: December 9, 2021

Excerpt: “Western Digital has fixed a security vulnerability that enabled attackers to brute force SanDisk SecureAccess passwords and access the users’ protected files. SanDisk SecureAccess (now rebranded to SanDisk PrivateAccess) allows storing and protecting sensitive files on SanDisk USB flash drives. “SanDisk SecureAccess 3.02 was using a one-way cryptographic hash with a predictable salt making it vulnerable to dictionary attacks by a malicious user,” Western Digital explained in a security advisory issued Wednesday.”

Title: Fujitsu Pins Japanese Govt Data Breach on Stolen Projectweb Accounts
Date Published: December 9, 2021

Excerpt: “Fujitsu says the attackers behind the May data breach used a vulnerability in the company’s ProjectWEB information-sharing tool to steal accounts from legitimate users and access proprietary data belonging to multiple Japanese government agencies. The National Cyber Security Center (NISC) of Japan and the country’s Ministry of Land, Infrastructure, Transport, and Tourism revealed at the time that the threat actors gained access to at least 76,000 email accounts during the ProjectWEB breach.”

Title: Hundreds of Thousands of Mikrotik Devices Still Vulnerable to Botnets
Date Published: December 9, 2021

Excerpt: “Approximately 300,000 MikroTik routers are vulnerable to critical vulnerabilities that malware botnets can exploit for cryptomining and DDoS attacks. MikroTik is a Latvian manufacturer of routers and wireless ISPs who has sold over 2,000,000 devices globally. In August, the Meris botnet exploited vulnerabilities in MikroTik routers to create an army of devices that performed a record-breaking DDoS attack on Yandex. MikroTik explained that the threat actors behind the attack exploited vulnerabilities fixed in 2018 and 2019, but users hadn’t applied.”

Title: Google Pixel Bug Preventing Users from Making 911 Calls Caused by Microsoft Teams
Date Published: December 8, 2021

Excerpt: “We believe the issue is only present on a small number of devices with the Microsoft Teams app installed when the user is not logged in, and we are currently only aware of one user report related to the occurrence of this bug. We determined that the issue was being caused by unintended interaction between the Microsoft Teams app and the underlying Android operating system,” a Google spokesperson wrote in the thread. The Google spokesperson said both Google and Microsoft have prioritised resolving the issue and that a Microsoft Teams app update would be rolled out soon.”

Title: SonicWall Urges Customers to Immediately Patch Critical SMA 100 Flaws
Date Published: December 8, 2021

Excerpt: “Network security vendor SonicWall is urging customers to update their SMA 100 series appliances to the latest version following the discovery of multiple security vulnerabilities that could be abused by a remote attacker to take complete control of an affected system. The flaws impact SMA 200, 210, 400, 410, and 500v products running versions and earlier,,, and earlier. The San Jose-based company credited security researchers Jake Baines (Rapid7) and Richard Warren (NCC Group) for discovering and reporting the shortcomings.”

Title: Oz Feds Reveal Distribution Model behind Backdoored ‘an0m’ Chat App Spread by Crims
Date Published: December 9, 2021

Excerpt: “The resulting law enforcement efforts – Special Operation Ironside in Australia, Operation Trojan Shield in the USA and elsewhere – proved very productive. In Australia alone, over 700 warrants were executed, 311 people were charged, and 6.3 tonnes of illicit drugs plus AU$52 million ($37M) of filthy lucre were seized. Around the world another 993 suspects were arrested, over 42 tonnes of illicit drugs were seized, and more than $58 million of cash and cryptocurrency is now in the hands of authorities.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 Excerpt: “The Keralty multinational healthcare...