December 9, 2021

Fortify Security Team
Dec 9, 2021

Title: Detecting Patient Zero Web Threats in Real Time With Advanced URL Filtering
Date Published: December 9, 2021

https://unit42.paloaltonetworks.com/patient-zero-web-threats/

Excerpt: “URL filtering solutions based on blocklists and databases are generally unable to catch patient zero web threats – in other words, malicious URLs that are being seen for the first time. The reason is not only due to the reactive nature of such classification (a malicious URL, domain or IP must be seen and allowed at least once before it gets analyzed and blocked), but also because of cloaking techniques used by sophisticated malicious actors. One-time URLs, short-lived domains, bot detection and other measures are widely used by malware and phishing campaigns in order to bypass security crawlers and scanners.”

Title: Tor Is under Threat from Russian Censorship and Sybil Attacks
Date Published: December 8, 2021

https://arstechnica.com/information-technology/2021/12/tor-is-under-threat-from-russian-censorship-and-sybil-attacks/

Excerpt: “Russia’s Federal Service for Supervision of Communications, Information Technology, and Mass Media, known as Roskomnadzor, began blocking Tor in the country on Tuesday. The move left Tor users in Russia—said by Tor Project leaders to number about 300,000, or about or 15 percent of Tor users—scrambling to find ways to view sites already blocked and to shield their browsing habits from government investigators. Tor Project managers on early Tuesday said some ISPs in Russia began blocking Tor nodes on December 1 and that Roskomnadzor had threatened to block the main Tor site. A few hours later, the Russian government body made good on those threats.”

Title: Malicious NPM Code Packages Built for Hijacking Discord Servers
Date Published: December 8, 2021

https://threatpost.com/malicious-npm-code-packages-discord/176886/

Excerpt: “A series of malicious packages in the Node.js package manager (npm) code repository are looking to harvest Discord tokens, which can be used to take over unsuspecting users’ accounts and servers. The npm repository is an open-source home for JavaScript developers to share and reuse code blocks. The packages can represent a supply-chain threat given that they can be used as building blocks in various web applications. Any applications corrupted by malicious code can attack its users.”

Title: Cox Discloses Data Breach after Hacker Impersonates Support Agent
Date Published: December 9, 2021

https://www.bleepingcomputer.com/news/security/cox-discloses-data-breach-after-hacker-impersonates-support-agent/

Excerpt: “Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information. Cox Communications, aka Cox Cable, is a digital cable provider and telecommunication company that provides internet, television, and phone services in the USA. This week, customers began receiving letters in the mail disclosing that Cox Communications learned on October 11th, 2021, that “unknown person(s)” impersonated a Cox support agent to access customer information.”

Title: Sandisk Secureaccess Bug Allows Brute Forcing Vault Passwords
Date Published: December 9, 2021

https://www.bleepingcomputer.com/news/security/sandisk-secureaccess-bug-allows-brute-forcing-vault-passwords/

Excerpt: “Western Digital has fixed a security vulnerability that enabled attackers to brute force SanDisk SecureAccess passwords and access the users’ protected files. SanDisk SecureAccess (now rebranded to SanDisk PrivateAccess) allows storing and protecting sensitive files on SanDisk USB flash drives. “SanDisk SecureAccess 3.02 was using a one-way cryptographic hash with a predictable salt making it vulnerable to dictionary attacks by a malicious user,” Western Digital explained in a security advisory issued Wednesday.”

Title: Fujitsu Pins Japanese Govt Data Breach on Stolen Projectweb Accounts
Date Published: December 9, 2021

https://www.bleepingcomputer.com/news/security/fujitsu-pins-japanese-govt-data-breach-on-stolen-projectweb-accounts/

Excerpt: “Fujitsu says the attackers behind the May data breach used a vulnerability in the company’s ProjectWEB information-sharing tool to steal accounts from legitimate users and access proprietary data belonging to multiple Japanese government agencies. The National Cyber Security Center (NISC) of Japan and the country’s Ministry of Land, Infrastructure, Transport, and Tourism revealed at the time that the threat actors gained access to at least 76,000 email accounts during the ProjectWEB breach.”

Title: Hundreds of Thousands of Mikrotik Devices Still Vulnerable to Botnets
Date Published: December 9, 2021

https://www.bleepingcomputer.com/news/security/hundreds-of-thousands-of-mikrotik-devices-still-vulnerable-to-botnets/

Excerpt: “Approximately 300,000 MikroTik routers are vulnerable to critical vulnerabilities that malware botnets can exploit for cryptomining and DDoS attacks. MikroTik is a Latvian manufacturer of routers and wireless ISPs who has sold over 2,000,000 devices globally. In August, the Meris botnet exploited vulnerabilities in MikroTik routers to create an army of devices that performed a record-breaking DDoS attack on Yandex. MikroTik explained that the threat actors behind the attack exploited vulnerabilities fixed in 2018 and 2019, but users hadn’t applied.”

Title: Google Pixel Bug Preventing Users from Making 911 Calls Caused by Microsoft Teams
Date Published: December 8, 2021

https://www.zdnet.com/article/google-pixel-bug-preventing-users-from-making-911-calls-caused-by-microsoft-teams/

Excerpt: “We believe the issue is only present on a small number of devices with the Microsoft Teams app installed when the user is not logged in, and we are currently only aware of one user report related to the occurrence of this bug. We determined that the issue was being caused by unintended interaction between the Microsoft Teams app and the underlying Android operating system,” a Google spokesperson wrote in the thread. The Google spokesperson said both Google and Microsoft have prioritised resolving the issue and that a Microsoft Teams app update would be rolled out soon.”

Title: SonicWall Urges Customers to Immediately Patch Critical SMA 100 Flaws
Date Published: December 8, 2021

https://thehackernews.com/2021/12/sonicwall-urges-customers-to.html

Excerpt: “Network security vendor SonicWall is urging customers to update their SMA 100 series appliances to the latest version following the discovery of multiple security vulnerabilities that could be abused by a remote attacker to take complete control of an affected system. The flaws impact SMA 200, 210, 400, 410, and 500v products running versions 9.0.0.11-31sv and earlier, 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier. The San Jose-based company credited security researchers Jake Baines (Rapid7) and Richard Warren (NCC Group) for discovering and reporting the shortcomings.”

Title: Oz Feds Reveal Distribution Model behind Backdoored ‘an0m’ Chat App Spread by Crims
Date Published: December 9, 2021

https://www.theregister.com/2021/12/09/feds_reveal_distribution_model_behind/

Excerpt: “The resulting law enforcement efforts – Special Operation Ironside in Australia, Operation Trojan Shield in the USA and elsewhere – proved very productive. In Australia alone, over 700 warrants were executed, 311 people were charged, and 6.3 tonnes of illicit drugs plus AU$52 million ($37M) of filthy lucre were seized. Around the world another 993 suspects were arrested, over 42 tonnes of illicit drugs were seized, and more than $58 million of cash and cryptocurrency is now in the hands of authorities.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...