January 12, 2022

Fortify Security Team
Jan 12, 2022

Title: Remote Access Trojans Spread through Microsoft Azure, AWS Cloud Service Abuse
Date Published: January 12, 2022

https://www.zdnet.com/article/remote-access-trojans-spread-through-microsoft-azure-aws-cloud-service-abuse/

Excerpt: “This abuse allows cybercriminals to leverage the resources of cloud services managed by vendors including Microsoft Azure and Amazon Web Services (AWS) for malicious purposes. “These types of cloud services like Azure and AWS allow attackers to set up their infrastructure and connect to the internet with minimal time or monetary commitments,” Talos says. “It also makes it more difficult for defenders to track down the attackers’ operations.” On Wednesday, Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer said that a new campaign based on public cloud infrastructure was discovered in October 2021 and the majority of victims are based in the US, Canada, and Italy – however, a handful appear to be from Spain and South Korea.”

Title:  APT35 Exploits Log4j Vulnerability To Distribute New Modular PowerShell toolkit
Date Published: January 11, 2022

https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/

Excerpt: “Every time there is a new published critical vulnerability, the entire InfoSec community holds its breath until its worst fears come true: scenarios of real-world exploitation, especially by state-sponsored actors. As we showed in this article, the wait incase of Log4j vulnerability was only a few days. The combination of its simplicity, and the widespread number of vulnerable devices, made this a very attractive vulnerability for actors such as APT35.”

Title: Ransomware Targets Edge Users
Date Published: January 12, 2022

https://blog.malwarebytes.com/threat-intelligence/2022/01/ransomware-targets-edge-users/

Excerpt: “Magnitude is regularly updated with fresh attacks, and the fake Edge update appears to have been added in the last few weeks. In the past, Magnitude has made extensive use of Flash and Internet Explorer vulnerabilities, but as the software landscape has changed it has had to adapt. In late 2021, it was seen targeting a sandbox escape vulnerability in the Chrome browser family, for example. That should be no surprise, Chrome is the most popular web browser by far and it suffered from an unprecedented glut of zero-days in 2021.”

Title: COVID Omicron Variant Lure Used to Distribute RedLine Stealer
Date Published: January 10, 2022

https://www.fortinet.com/blog/threat-research/omicron-variant-lure-used-to-distribute-redline-stealer

Excerpt: “While we have not been able to identify the infection vector for this particular variant, we believe that it is being distributed via email. Past RedLine Stealer variants are known to have been distributed in COVID-themed emails to lure victims. The file name of this current variant, “Omicron Stats.exe,” was used just as the Omicron variant was becoming a global concern, following the pattern of previous variants. And given that this malware is embedded in a document designed to be opened by a victim, we have concluded that email is the infection vector for this variant as well.”

Title: Hackers Take Over Diplomat’s Email, Target Russian Deputy Minister
Date Published: January 12, 2022

https://www.bleepingcomputer.com/news/security/hackers-take-over-diplomats-email-target-russian-deputy-minister/

Excerpt: “It was a congratulatory message that appeared to be from fellow diplomats at the Russian embassy in Serbia sending a ZIP archive with a holiday screensaver. When extracted, the file was an executable that ultimately delivered the Konni RAT disguised as the Windows service “scrnsvc.dll. Researchers at Lumen’s Black Lotus Labs were also tracking these spear-phishing campaigns that had started at least two months earlier, the likely goal being to harvest credentials of an active MID account. To achieve their objective, the attackers relied on spoofed hostnames for email services common in Russia, Mail[.]ru and Yandex.”

Title: U.S. Blacklists Chinese Quantum Computing Groups — U.S. DoC Blacklists 27 Foreign Entities.
Date Published: January 10, 2022

https://www.zdnet.com/article/panasonic-giving-employees-the-option-of-a-four-day-work-week/

Excerpt: “In recent years Chinese researchers have made quite a number of quantum computing breakthroughs, which could provide the country and the PLA with the capability to build counter-stealth and counter-submarine applications, to break U.S. encryption technologies and/or develop unbreakable encryption. The U.S. believes that such capabilities contradict the country’s national security and foreign policy interests, which is why it added Hefei National Laboratory for Physical Sciences at Microscale, QuantumCTek, and Shanghai QuantumCTek to the Entity List.”

Title: First Patch Tuesday of 2022 Brings Fix for a Critical ‘Wormable’ Windows Vulnerability
Date Published: January 11, 2022

https://thehackernews.com/2022/01/first-patch-tuesday-of-2022-brings-fix.html

Excerpt: “Of the 96 vulnerabilities, nine are rated Critical and 89 are rated Important in severity, with six zero-day publicly known at the time of the release. This is in addition to 29 issues patched in Microsoft Edge on January 6, 2022. None of the disclosed bugs are listed as under attack. The patches cover a swath of the computing giant’s portfolio, including Microsoft Windows and Windows Components, Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop Protocol (RDP).”

Title: Breach Response Shift: More Lawyers, Less Cyber-Insurance Coverage
Date Published: January 12, 2022

https://krebsonsecurity.com/2022/01/who-is-the-network-access-broker-wazawaka/

Excerpt: “In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by “Wazawaka,” the hacker handle chosen by a major access broker in the Russian-speaking cybercrime scene.”

Title: Who is the Network Access Broker ‘Wazawaka?’
Date Published: January 12, 2022

https://krebsonsecurity.com/2022/01/who-is-the-network-access-broker-wazawaka/

Excerpt: “In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by “Wazawaka,” the hacker handle chosen by a major access broker in the Russian-speaking cybercrime scene.”

Title: Adobe Fixes 4 Critical Reader Bugs That Were Demonstrated at Tianfu Cup
Date Published: January 12, 2022

https://securityaffairs.co/wordpress/126593/security/adobe-reader-tianfu-cup.html

Excerpt: “Adobe released security updates for InCopy that address three Critical-rated RCE flaws and one Important-rated privilege escalation issue. The updates for InDesign fixes two Critical-rated Out-of-bounds (OOB) Write flaws that could be exploited to execute arbitrary code on vulnerable systems and a Moderate Use-After-Free privilege escalation. The update for Bridge addresses six flaws, one of them in OOB Write is rated as Critical. The company also fixed two OOB Read bugs in Illustrator.

Recent Posts

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...