January 24, 2022

Fortify Security Team
Jan 24, 2022

Title: CISA Adds 17 Vulnerabilities to List of Bugs Exploited in Attacks
Date Published: January 22, 2022

https://www.bleepingcomputer.com/news/security/cisa-adds-17-vulnerabilities-to-list-of-bugs-exploited-in-attacks/

Excerpt: “This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the ‘Known Exploited Vulnerabilities Catalog. The ‘Known Exploited Vulnerabilities Catalog’ is a list of vulnerabilities that have been seen abused by threat actors in attacks and that are required to be patched by Federal Civilian Executive Branch (FCEB) agencies.”Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise,” explains CISA.”

Title: OpenSubtitles Data Breach Impacted 7 Million Subscribers
Date Published: January 23, 2022

https://securityaffairs.co/wordpress/127092/data-breach/opensubtitles-data-breach.html

Excerpt: “OpenSubtitles is a popular subtitles websites, it suffered a data breach that affected 6,783,158 subscribers. Exposed data include email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes. The administrator of the website become aware of the hack after a hacker notified them via Telegram in August 2021 demanding the payment of a ransom. The attacker also offered his support to OpenSubtitles to address the security flaws he has found on the website. Administrators of the website agreed to pay the ransom due to the low amount, but after receiving the ransom, the attackers never helped them to secure the website and on 11 January 2022 they leaked the data online.”

Title: Spike in Brand Abuse Attacks, 3-D Secure Transaction Volume Rising
Date Published: January 24, 2022

https://www.helpnetsecurity.com/2022/01/24/brand-abuse-attacks-spike/

Excerpt: “Outseer has published its latest quarterly Fraud & Payments report, confirming a troubling and massive spike in worldwide brand abuse attacks. The Q4 installment of the report features insights from July through September of 2021 as captured and collected while authenticating consumer transactions and investigating threats. According to the report, brand abuse attacks have continued to dominate fraud actor tactics, growing 274% in Q3 2021 annually and comprising 45% of all attacks detected and investigated. Organizations are strongly advised to employ monitoring services that rapidly detect, investigate, and take down these scams that impersonate authentic brand websites, mobile apps, and social media profiles.”

Title: FBI Warns of Malicious QR Codes Used to Steal your Money
Date Published: January 23, 2022

https://www.bleepingcomputer.com/news/security/fbi-warns-of-malicious-qr-codes-used-to-steal-your-money/

Excerpt: “The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info. The warning was issued as a public service announcement (PSA) published on the Bureau’s Internet Crime Complaint Center (IC3) earlier this week. “Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information,” the federal law enforcement agency said.”

Title: COVID Test Related Scam Emails Still Highly Popular Among Cybercriminals
Date Published: January 24, 2022

https://www.helpnetsecurity.com/2022/01/24/covid-test-scam-emails/

Excerpt: “The Omicron variant has contributed to a 521 per cent rise in COVID test related scam emails between October 2021 and January 2022, according to Barracuda Networks. Researchers concluded that this surge in ‘COVID-test’ related phishing attacks is just the latest edition of COVID-19 themed phishing attack campaigns that cyber criminals have exploited throughout the course of the pandemic. In fact, in March 2020, when COVID-19 started to spread rapidly, researchers observed that COVID-related phishing attacks jumped 667 per cent. Similarly, as vaccination programmes began to roll out at the start of 2021, so too did a new wave of vaccine-related email threats.”

Title: Microsoft Tests a New “Rejuvenated” Windows 11 Task Manager, How to Enable
Date Published: January 23, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-a-new-rejuvenated-windows-11-task-manager-how-to-enable/

Excerpt: “Microsoft is testing a new hidden feature in the latest Windows 11 preview build that rejuvenates the user interface for Task Manager with a new design and modern appearance. Task Manager is one of the most commonly used built-in Windows apps, allowing users to see how much a process uses CPU and memory, terminate processes, manage auto-starting programs, or simply see what programs are running on a computer. However, other than a few tweaks and small changes, the Windows Task Manager has remained relatively unchanged since Windows 10 was released.”

Title: Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers
Date Published: January 24, 2022

https://threatpost.com/donald-trump-packer-malware-infostealers/177887/

Excerpt: A new .NET malware packer being used to deliver a variety of remote access trojans (RATs) and infostealers has a fixed password named after Donald Trump, giving the new find its name, “DTPacker.” DTPacker was discovered by researchers at Proofpoint who, since 2020, have observed it being used by several threat actors in campaigns targeting hundreds of thousands of end users with thousands of malicious messages across many sectors. One notable campaign, which lasted for weeks, used fake Liverpool Football Club (LFC) sites to lure users to download DTPacker, ultimately delivering Agent Tesla, the researchers found. Ave Maria, AsyncRAT and FormBook have also been spread by DTPacker, according to a Monday report.”

Title: Hackers Creating Fraudulent Crypto Tokens as Part of ‘Rug Pull’ Scams
Date Published: January 24, 2022

https://thehackernews.com/2022/01/hackers-creating-fraudulent-crypto.html

Excerpt: “Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, researchers from Check Point said in a report shared with The Hacker News. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met according to the terms of a contract or an agreement. They allow trusted transactions and agreements to be carried out between anonymous parties without the need for a central authority.”

Title: Malicious PowerPoint files Used to Push Remote Access Trojans
Date Published: January 24, 2022

https://www.bleepingcomputer.com/news/security/malicious-powerpoint-files-used-to-push-remote-access-trojans/

Excerpt: “Since December 2021, a growing trend in phishing campaigns has emerged that uses malicious PowerPoint documents to distribute various types of malware, including remote access and information-stealing trojans. According to a report by Netskope’s Threat Labs shared with Bleeping Computer before publication, the actors are using PowerPoint files combined with legitimate cloud services that host the malware payloads. The families deployed in the tracked campaign are Warzone (aka AveMaria) and AgentTesla, two powerful RATs and info-stealers that target many applications, while the researchers also noticed the dropping of cryptocurrency stealers.”

Title: Russian Authorities Arrested the Kingpin of Cybercrime Infraud Organization
Date Published: January 24, 2022

https://securityaffairs.co/wordpress/127116/cyber-crime/infraud-organization-head-arrested.html

Excerpt: “In February 2008, the US authorities dismantled the global cybercrime organization tracked as Infraud Organization, which was involved in stealing and selling credit card and personal identity data. The Justice Department announced indictments for 36 people charged with being part of a crime ring. The group has been active since 2010 and was created in Ukraine by Svyatoslav Bondarenko. According to th experts, the activities of the gang caused $530 million in losses. Bondarenko remained at large, but Russian co-founder Sergey Medvedev was arrested by the authorities in 2018. Most of the members of the gang were arrested in the US (30), the remaining members come from Australia, Britain, France, Italy, Kosovo, and Serbia.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...