January 10, 2022

Fortify Security Team
Jan 10, 2022

Title: Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries

Date Published: January 10, 2022


Excerpt: “In a deep-dive analysis jointly conducted by cybersecurity firms Claroty and Synk, eight security vulnerabilities were identified in as many third-party libraries written in C, JavaScript, PHP, Python, and Ruby languages and used by several web applications. “The confusion in URL parsing can cause unexpected behavior in the software (e.g., web application), and could be exploited by threat actors to cause denial-of-service conditions, information leaks, or possibly conduct remote code execution attacks,” the researchers said in a report shared with The Hacker News.”

Title: Indian-Linked Patchwork Apt Infected Its Own System Revealing Its Ops

Date Published: January 10, 2022


Excerpt: “In a recent campaign, the Patchwork group carried out a spear-phishing campaign using weaponized RTF files to drop a variant of the BADNEWS (Ragnatela) Remote Administration Trojan (RAT). The malicious RTF files impersonating Pakistani authorities and exploit a vulnerability in Microsoft Equation Editor to deliver and execute the final payload (RAT). Malwarebytes researchers reported that that payload is stored within the RTF document as an OLE object.”

Title: Uncovering and Defending Systems Against Attacks With Layers of Remote Control

Date Published: January 10, 2022


Excerpt: “We first saw malware in an endpoint where the product was quarantined. While traditional endpoint protection platforms (EPPs) would stop at this stage, MDR took the context of the detection into consideration. The detection was a web shell malware identified as Possible_SMWEBSHELLYXBH5A, which was found on a Microsoft Exchange server. This signified a high likelihood that the server was compromised through a vulnerability. In this case, the exploit most likely involved three ProxyShell vulnerabilities: CVE-2021-31207, CVE-2021-34473, and CVE-2021-34523. This prompted the team to activate incident response mode and alert the customer involved.”

Title: FBI: Cyber Criminals Are Mailing Out Usb Drives That Install Ransomware

Date Published: January 10, 2022


Excerpt: “A cybercrime group has been mailing out USB thumb drives in the hope that recipients will plug them into their PCs and install ransomware on their networks, according to the FBI. The USB drives contain so-called ‘BadUSB’ attacks. They were sent in the mail through the United States Postal Service and United Parcel Service. One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.”

Title: Abcbot Botnet Is Linked To Xanthe Cryptojacking Group

Date Published: January 10, 2022


Excerpt: “A VirusTotal graph based on known Indicators of Compromise (IoCs), stylistic choices, and unique strings then revealed four hosts that overlapped in infrastructure and delivered both Abcbot botnet and Xanthe malware campaigns.  However, the samples also revealed recent changes in functionality, including commented-out mining components, that suggest mining may “no longer [be] an objective” of Abcbot.”

Title: SonicWall Email Security and Firewall Products Impacted by the Y2K22 Vulnerability

Date Published: January 10, 2022


Excerpt: “Although SonicWall didn’t give any details on what is causing the Y2K22 vulnerability in its security solutions, the tech company is not the only one dealing with this problem. According to BleepingComputer, starting January 1st, Honda and Acura automobile owners began complaining that their in-car navigation systems’ clocks were automatically set back 20 years, to January 1st, 2002.”

Title: FlexBooker Reveals Major Customer Data Breach

Date Published: January 10, 2022


Excerpt: “On December 23, 2021, starting at 4:05 PM EST our account on Amazon’s AWS servers was compromised, resulting in our temporary inability to service customer accounts, and preventing customers from accessing their data,” it said. “As part of the incident, our system data storage was also accessed and downloaded. In response to the outage, we worked closely with Amazon to restore a backup, and were able to restore operations within 12 hours.” It’s unclear how the attackers were able to compromise the FlexBooker account and whether human error such as cloud misconfiguration had anything to do with it.”

Title: Cyberattacks Increased 50% Over the Past Year

Date Published: January 10, 2022


Excerpt: “Africa experienced the highest volume of attacks in 2021, as can be seen in the visual below, with an average of 1,582 weekly attacks per organization. This represents a 13% increase from 2020. This was followed by APAC, which has an average of 1,353 weekly attacks per organization (25% increase); Latin America, with 1,118 attacks weekly (38% increase); Europe, with 670 attacks weekly (68% increase); and North America, with an average of 503 weekly attacks per organization (61% increase).”

Title: Finalsite: All School Sites Now Restored After Ransomware Attack

Date Published: January 10, 2022


Excerpt: “A school IT supplier hit by ransomware last week has claimed that all of its customers’ websites have now been restored, although many will still be suffering some kind of disruption. Finalsite claims to serve over 8000 schools worldwide, offering content management, communications, mobile and enrolment software. After discovering ransomware on some systems on January 4, it was claimed that thousands of schools were affected – not only by the downing of websites but also critical messaging services designed to notify communities about weather-related closures or changing COVID-19 protocols.”

Title: WordPress 5.8.3 Security Update Fixes SQL Injection, XSS Flaws

Date Published: January 10, 2022


Excerpt: “There have been no reports of the above being under active exploitation in the wild, and none of these flaws is thought to have a severe potential impact on most WordPress sites. Nonetheless, it is recommended that all WordPress site owners upgrade to version 5.8.3, review their firewall configuration, and ensure that WP core updates are activated. This setting can be seen on the ‘define’ parameter in wp-config.php, which should be “define(‘WP_AUTO_UPDATE_CORE’, true );” Automated core updates were introduced in 2013 on WordPress 3.7, and according to official stats, only 0.7% of all WP sites are currently running a version older than that.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...