January 13, 2022

Fortify Security Team
Jan 13, 2022

Title:U.S. Links Muddywater Hacking Group To Iranian Intelligence Agency
Date Published: January 12, 2022


Excerpt: “MuddyWater is an Iranian threat group; previously, industry has reported that MuddyWater has primarily targeted Middle Eastern nations, and has also targeted European and North American nations. MuddyWater is a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS).The cyber-espionage group (aka SeedWorm and TEMP.Zagros) was first spotted in 2017 and is known for mainly targeting Middle Eastern entities and continuously upgrading its arsenal.”

Title:  Cybersecurity experts discovered a flaw in the KCodes NetUSB component that impacts millions of end-user routers from different vendors
Date Published: January 13, 2022


Excerpt: “Cybersecurity researchers from SentinelOne have discovered a critical vulnerability (CVE-2021-45608) in KCodes NetUSB component that is present in millions of end-user routers from different vendors, including Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital.
NetUSB is a product developed by KCodes to allow remote devices in a network to interact with USB devices connected to a router. Users could interact with a printer or a hard drive plugged into a router via network using a driver on their computer that allows communication with the network device.”

Title: New Windows KB5009543, KB5009566 updates break L2TP VPN connections
Date Published: January 12, 2022


Excerpt: “Windows 10 users and administrators report problems making L2TP VPN connections after installing the recent Windows 10 KB5009543 and Windows 11 KB5009566 cumulative updates.Yesterday, Microsoft released Windows updates to fix security vulnerabilities and bugs as part of the January 2022 Patch Tuesday.These updates include KB5009566 for Windows 11 and KB5009543 for Windows 10 2004, 20H1, and 21H1”

Title: Researchers Decrypted Qakbot Banking Trojan’s Encrypted Registry Keys
Date Published: January 13, 2022


Excerpt: “Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry.Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly fashioned as an information-stealing malware, Qakbot has since shifted its goals and acquired new functionality to deliver post-compromise attack platforms such as Cobalt Strike Beacon, with the final objective of loading ransomware on infected machines.”

Title: FBI, NSA & CISA Issue Advisory on Russian Cyber Threat to US Critical Infrastructure
Date Published: January 11, 2022


Excerpt: “At a time when US-Russian diplomatic tensions are high amid another round of talks on security concerns between the nations recently concluding, the US Cybersecurity and Infrastructure Security Agency (CISA), FBI, and National Security Agency today released a joint advisory on how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups.The three agencies urged the cybersecurity community and critical infrastructure organizations to take on “a heightened state of awareness” to the threat of attacks from Russia by employing threat hunting and applying mitigations detailed in the advisory. Critical infrastructure organizations should “immediately” patch all of their computer systems, the advisory said, especially ones with vulnerabilities that have known exploits; deploy multifactor authentication; run anti-malware tools; and establish reporting process for incident response.”

Title: Iran-linked APT35 group exploits Log4Shell flaw
Date Published: January 13, 2022


Excerpt: “APT35 (aka Charming Kitten, TA453, or Phosphorus), suspected of being an Iranian nation-state actor, started widespread scanning and attempted to leverage Log4j flaw in publicly facing systems only four days after the vulnerability was disclosed, according to new Check Point research.

The actor’s attack setup was obviously rushed, Check Point says, as they used the basic open-source tool for the exploitation and based their operations on the previous infrastructure, making the attack easier to detect and attribute.”

Title: Phishers are targeting Office 365 users by exploiting Adobe Cloud
Date Published: January 13, 2022


Excerpt: “Phishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks and some advanced threat protection solutions, Avanan security researcher Jeremy Fuchs warns.This new wave of attacks started in December 2021, and they are exploiting the fact that Adobe’s apps are designed to foster collaboration by sharing documents.”

Title: Mozilla addresses High-Risk Firefox, Thunderbird vulnerabilities
Date Published: January 13, 2022


Excerpt: “Mozilla released Firefox 96 that addressed 18 security vulnerabilities in its web browser and the Thunderbird mail program. Nine vulnerabilities addressed by the new release are rated high-severity, the most severe one is a race condition issue tracked as CVE-2022-22746.“A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.” reads the advisory published by Mozilla.The vulnerability only impacts Firefox for Windows operating systems.”

Title: Magniber ransomware using signed APPX files to infect systems
Date Published: January 12, 2022


Excerpt: “The Magniber ransomware has been spotted using Windows application package files (.APPX) signed with valid certificates to drop malware pretending to be Chrome and Edge web browser updates. This distribution method marks a shift from previous approaches seen with this threat actor, which typically relies on exploiting Internet Explorer vulnerabilities.”

Title: Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware
Date Published: January 12, 2022


Excerpt: “Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems.The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the U.S., Canada, Italy, and Singapore, researchers from Cisco Talos said in a report shared with The Hacker News.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...