January 10, 2022

Fortify Security Team
Jan 10, 2022

Title: Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries

Date Published: January 10, 2022


Excerpt: “In a deep-dive analysis jointly conducted by cybersecurity firms Claroty and Synk, eight security vulnerabilities were identified in as many third-party libraries written in C, JavaScript, PHP, Python, and Ruby languages and used by several web applications. “The confusion in URL parsing can cause unexpected behavior in the software (e.g., web application), and could be exploited by threat actors to cause denial-of-service conditions, information leaks, or possibly conduct remote code execution attacks,” the researchers said in a report shared with The Hacker News.”

Title: Indian-Linked Patchwork Apt Infected Its Own System Revealing Its Ops

Date Published: January 10, 2022


Excerpt: “In a recent campaign, the Patchwork group carried out a spear-phishing campaign using weaponized RTF files to drop a variant of the BADNEWS (Ragnatela) Remote Administration Trojan (RAT). The malicious RTF files impersonating Pakistani authorities and exploit a vulnerability in Microsoft Equation Editor to deliver and execute the final payload (RAT). Malwarebytes researchers reported that that payload is stored within the RTF document as an OLE object.”

Title: Uncovering and Defending Systems Against Attacks With Layers of Remote Control

Date Published: January 10, 2022


Excerpt: “We first saw malware in an endpoint where the product was quarantined. While traditional endpoint protection platforms (EPPs) would stop at this stage, MDR took the context of the detection into consideration. The detection was a web shell malware identified as Possible_SMWEBSHELLYXBH5A, which was found on a Microsoft Exchange server. This signified a high likelihood that the server was compromised through a vulnerability. In this case, the exploit most likely involved three ProxyShell vulnerabilities: CVE-2021-31207, CVE-2021-34473, and CVE-2021-34523. This prompted the team to activate incident response mode and alert the customer involved.”

Title: FBI: Cyber Criminals Are Mailing Out Usb Drives That Install Ransomware

Date Published: January 10, 2022


Excerpt: “A cybercrime group has been mailing out USB thumb drives in the hope that recipients will plug them into their PCs and install ransomware on their networks, according to the FBI. The USB drives contain so-called ‘BadUSB’ attacks. They were sent in the mail through the United States Postal Service and United Parcel Service. One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.”

Title: Abcbot Botnet Is Linked To Xanthe Cryptojacking Group

Date Published: January 10, 2022


Excerpt: “A VirusTotal graph based on known Indicators of Compromise (IoCs), stylistic choices, and unique strings then revealed four hosts that overlapped in infrastructure and delivered both Abcbot botnet and Xanthe malware campaigns.  However, the samples also revealed recent changes in functionality, including commented-out mining components, that suggest mining may “no longer [be] an objective” of Abcbot.”

Title: SonicWall Email Security and Firewall Products Impacted by the Y2K22 Vulnerability

Date Published: January 10, 2022


Excerpt: “Although SonicWall didn’t give any details on what is causing the Y2K22 vulnerability in its security solutions, the tech company is not the only one dealing with this problem. According to BleepingComputer, starting January 1st, Honda and Acura automobile owners began complaining that their in-car navigation systems’ clocks were automatically set back 20 years, to January 1st, 2002.”

Title: FlexBooker Reveals Major Customer Data Breach

Date Published: January 10, 2022


Excerpt: “On December 23, 2021, starting at 4:05 PM EST our account on Amazon’s AWS servers was compromised, resulting in our temporary inability to service customer accounts, and preventing customers from accessing their data,” it said. “As part of the incident, our system data storage was also accessed and downloaded. In response to the outage, we worked closely with Amazon to restore a backup, and were able to restore operations within 12 hours.” It’s unclear how the attackers were able to compromise the FlexBooker account and whether human error such as cloud misconfiguration had anything to do with it.”

Title: Cyberattacks Increased 50% Over the Past Year

Date Published: January 10, 2022


Excerpt: “Africa experienced the highest volume of attacks in 2021, as can be seen in the visual below, with an average of 1,582 weekly attacks per organization. This represents a 13% increase from 2020. This was followed by APAC, which has an average of 1,353 weekly attacks per organization (25% increase); Latin America, with 1,118 attacks weekly (38% increase); Europe, with 670 attacks weekly (68% increase); and North America, with an average of 503 weekly attacks per organization (61% increase).”

Title: Finalsite: All School Sites Now Restored After Ransomware Attack

Date Published: January 10, 2022


Excerpt: “A school IT supplier hit by ransomware last week has claimed that all of its customers’ websites have now been restored, although many will still be suffering some kind of disruption. Finalsite claims to serve over 8000 schools worldwide, offering content management, communications, mobile and enrolment software. After discovering ransomware on some systems on January 4, it was claimed that thousands of schools were affected – not only by the downing of websites but also critical messaging services designed to notify communities about weather-related closures or changing COVID-19 protocols.”

Title: WordPress 5.8.3 Security Update Fixes SQL Injection, XSS Flaws

Date Published: January 10, 2022


Excerpt: “There have been no reports of the above being under active exploitation in the wild, and none of these flaws is thought to have a severe potential impact on most WordPress sites. Nonetheless, it is recommended that all WordPress site owners upgrade to version 5.8.3, review their firewall configuration, and ensure that WP core updates are activated. This setting can be seen on the ‘define’ parameter in wp-config.php, which should be “define(‘WP_AUTO_UPDATE_CORE’, true );” Automated core updates were introduced in 2013 on WordPress 3.7, and according to official stats, only 0.7% of all WP sites are currently running a version older than that.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...