January 10, 2022

Fortify Security Team
Jan 10, 2022

Title: Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries

Date Published: January 10, 2022


Excerpt: “In a deep-dive analysis jointly conducted by cybersecurity firms Claroty and Synk, eight security vulnerabilities were identified in as many third-party libraries written in C, JavaScript, PHP, Python, and Ruby languages and used by several web applications. “The confusion in URL parsing can cause unexpected behavior in the software (e.g., web application), and could be exploited by threat actors to cause denial-of-service conditions, information leaks, or possibly conduct remote code execution attacks,” the researchers said in a report shared with The Hacker News.”

Title: Indian-Linked Patchwork Apt Infected Its Own System Revealing Its Ops

Date Published: January 10, 2022


Excerpt: “In a recent campaign, the Patchwork group carried out a spear-phishing campaign using weaponized RTF files to drop a variant of the BADNEWS (Ragnatela) Remote Administration Trojan (RAT). The malicious RTF files impersonating Pakistani authorities and exploit a vulnerability in Microsoft Equation Editor to deliver and execute the final payload (RAT). Malwarebytes researchers reported that that payload is stored within the RTF document as an OLE object.”

Title: Uncovering and Defending Systems Against Attacks With Layers of Remote Control

Date Published: January 10, 2022


Excerpt: “We first saw malware in an endpoint where the product was quarantined. While traditional endpoint protection platforms (EPPs) would stop at this stage, MDR took the context of the detection into consideration. The detection was a web shell malware identified as Possible_SMWEBSHELLYXBH5A, which was found on a Microsoft Exchange server. This signified a high likelihood that the server was compromised through a vulnerability. In this case, the exploit most likely involved three ProxyShell vulnerabilities: CVE-2021-31207, CVE-2021-34473, and CVE-2021-34523. This prompted the team to activate incident response mode and alert the customer involved.”

Title: FBI: Cyber Criminals Are Mailing Out Usb Drives That Install Ransomware

Date Published: January 10, 2022


Excerpt: “A cybercrime group has been mailing out USB thumb drives in the hope that recipients will plug them into their PCs and install ransomware on their networks, according to the FBI. The USB drives contain so-called ‘BadUSB’ attacks. They were sent in the mail through the United States Postal Service and United Parcel Service. One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.”

Title: Abcbot Botnet Is Linked To Xanthe Cryptojacking Group

Date Published: January 10, 2022


Excerpt: “A VirusTotal graph based on known Indicators of Compromise (IoCs), stylistic choices, and unique strings then revealed four hosts that overlapped in infrastructure and delivered both Abcbot botnet and Xanthe malware campaigns.  However, the samples also revealed recent changes in functionality, including commented-out mining components, that suggest mining may “no longer [be] an objective” of Abcbot.”

Title: SonicWall Email Security and Firewall Products Impacted by the Y2K22 Vulnerability

Date Published: January 10, 2022


Excerpt: “Although SonicWall didn’t give any details on what is causing the Y2K22 vulnerability in its security solutions, the tech company is not the only one dealing with this problem. According to BleepingComputer, starting January 1st, Honda and Acura automobile owners began complaining that their in-car navigation systems’ clocks were automatically set back 20 years, to January 1st, 2002.”

Title: FlexBooker Reveals Major Customer Data Breach

Date Published: January 10, 2022


Excerpt: “On December 23, 2021, starting at 4:05 PM EST our account on Amazon’s AWS servers was compromised, resulting in our temporary inability to service customer accounts, and preventing customers from accessing their data,” it said. “As part of the incident, our system data storage was also accessed and downloaded. In response to the outage, we worked closely with Amazon to restore a backup, and were able to restore operations within 12 hours.” It’s unclear how the attackers were able to compromise the FlexBooker account and whether human error such as cloud misconfiguration had anything to do with it.”

Title: Cyberattacks Increased 50% Over the Past Year

Date Published: January 10, 2022


Excerpt: “Africa experienced the highest volume of attacks in 2021, as can be seen in the visual below, with an average of 1,582 weekly attacks per organization. This represents a 13% increase from 2020. This was followed by APAC, which has an average of 1,353 weekly attacks per organization (25% increase); Latin America, with 1,118 attacks weekly (38% increase); Europe, with 670 attacks weekly (68% increase); and North America, with an average of 503 weekly attacks per organization (61% increase).”

Title: Finalsite: All School Sites Now Restored After Ransomware Attack

Date Published: January 10, 2022


Excerpt: “A school IT supplier hit by ransomware last week has claimed that all of its customers’ websites have now been restored, although many will still be suffering some kind of disruption. Finalsite claims to serve over 8000 schools worldwide, offering content management, communications, mobile and enrolment software. After discovering ransomware on some systems on January 4, it was claimed that thousands of schools were affected – not only by the downing of websites but also critical messaging services designed to notify communities about weather-related closures or changing COVID-19 protocols.”

Title: WordPress 5.8.3 Security Update Fixes SQL Injection, XSS Flaws

Date Published: January 10, 2022


Excerpt: “There have been no reports of the above being under active exploitation in the wild, and none of these flaws is thought to have a severe potential impact on most WordPress sites. Nonetheless, it is recommended that all WordPress site owners upgrade to version 5.8.3, review their firewall configuration, and ensure that WP core updates are activated. This setting can be seen on the ‘define’ parameter in wp-config.php, which should be “define(‘WP_AUTO_UPDATE_CORE’, true );” Automated core updates were introduced in 2013 on WordPress 3.7, and according to official stats, only 0.7% of all WP sites are currently running a version older than that.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...