January 24, 2022

Fortify Security Team
Jan 24, 2022

Title: CISA Adds 17 Vulnerabilities to List of Bugs Exploited in Attacks
Date Published: January 22, 2022

https://www.bleepingcomputer.com/news/security/cisa-adds-17-vulnerabilities-to-list-of-bugs-exploited-in-attacks/

Excerpt: “This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the ‘Known Exploited Vulnerabilities Catalog. The ‘Known Exploited Vulnerabilities Catalog’ is a list of vulnerabilities that have been seen abused by threat actors in attacks and that are required to be patched by Federal Civilian Executive Branch (FCEB) agencies.”Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise,” explains CISA.”

Title: OpenSubtitles Data Breach Impacted 7 Million Subscribers
Date Published: January 23, 2022

https://securityaffairs.co/wordpress/127092/data-breach/opensubtitles-data-breach.html

Excerpt: “OpenSubtitles is a popular subtitles websites, it suffered a data breach that affected 6,783,158 subscribers. Exposed data include email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes. The administrator of the website become aware of the hack after a hacker notified them via Telegram in August 2021 demanding the payment of a ransom. The attacker also offered his support to OpenSubtitles to address the security flaws he has found on the website. Administrators of the website agreed to pay the ransom due to the low amount, but after receiving the ransom, the attackers never helped them to secure the website and on 11 January 2022 they leaked the data online.”

Title: Spike in Brand Abuse Attacks, 3-D Secure Transaction Volume Rising
Date Published: January 24, 2022

https://www.helpnetsecurity.com/2022/01/24/brand-abuse-attacks-spike/

Excerpt: “Outseer has published its latest quarterly Fraud & Payments report, confirming a troubling and massive spike in worldwide brand abuse attacks. The Q4 installment of the report features insights from July through September of 2021 as captured and collected while authenticating consumer transactions and investigating threats. According to the report, brand abuse attacks have continued to dominate fraud actor tactics, growing 274% in Q3 2021 annually and comprising 45% of all attacks detected and investigated. Organizations are strongly advised to employ monitoring services that rapidly detect, investigate, and take down these scams that impersonate authentic brand websites, mobile apps, and social media profiles.”

Title: FBI Warns of Malicious QR Codes Used to Steal your Money
Date Published: January 23, 2022

https://www.bleepingcomputer.com/news/security/fbi-warns-of-malicious-qr-codes-used-to-steal-your-money/

Excerpt: “The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info. The warning was issued as a public service announcement (PSA) published on the Bureau’s Internet Crime Complaint Center (IC3) earlier this week. “Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information,” the federal law enforcement agency said.”

Title: COVID Test Related Scam Emails Still Highly Popular Among Cybercriminals
Date Published: January 24, 2022

https://www.helpnetsecurity.com/2022/01/24/covid-test-scam-emails/

Excerpt: “The Omicron variant has contributed to a 521 per cent rise in COVID test related scam emails between October 2021 and January 2022, according to Barracuda Networks. Researchers concluded that this surge in ‘COVID-test’ related phishing attacks is just the latest edition of COVID-19 themed phishing attack campaigns that cyber criminals have exploited throughout the course of the pandemic. In fact, in March 2020, when COVID-19 started to spread rapidly, researchers observed that COVID-related phishing attacks jumped 667 per cent. Similarly, as vaccination programmes began to roll out at the start of 2021, so too did a new wave of vaccine-related email threats.”

Title: Microsoft Tests a New “Rejuvenated” Windows 11 Task Manager, How to Enable
Date Published: January 23, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-a-new-rejuvenated-windows-11-task-manager-how-to-enable/

Excerpt: “Microsoft is testing a new hidden feature in the latest Windows 11 preview build that rejuvenates the user interface for Task Manager with a new design and modern appearance. Task Manager is one of the most commonly used built-in Windows apps, allowing users to see how much a process uses CPU and memory, terminate processes, manage auto-starting programs, or simply see what programs are running on a computer. However, other than a few tweaks and small changes, the Windows Task Manager has remained relatively unchanged since Windows 10 was released.”

Title: Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers
Date Published: January 24, 2022

https://threatpost.com/donald-trump-packer-malware-infostealers/177887/

Excerpt: A new .NET malware packer being used to deliver a variety of remote access trojans (RATs) and infostealers has a fixed password named after Donald Trump, giving the new find its name, “DTPacker.” DTPacker was discovered by researchers at Proofpoint who, since 2020, have observed it being used by several threat actors in campaigns targeting hundreds of thousands of end users with thousands of malicious messages across many sectors. One notable campaign, which lasted for weeks, used fake Liverpool Football Club (LFC) sites to lure users to download DTPacker, ultimately delivering Agent Tesla, the researchers found. Ave Maria, AsyncRAT and FormBook have also been spread by DTPacker, according to a Monday report.”

Title: Hackers Creating Fraudulent Crypto Tokens as Part of ‘Rug Pull’ Scams
Date Published: January 24, 2022

https://thehackernews.com/2022/01/hackers-creating-fraudulent-crypto.html

Excerpt: “Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, researchers from Check Point said in a report shared with The Hacker News. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met according to the terms of a contract or an agreement. They allow trusted transactions and agreements to be carried out between anonymous parties without the need for a central authority.”

Title: Malicious PowerPoint files Used to Push Remote Access Trojans
Date Published: January 24, 2022

https://www.bleepingcomputer.com/news/security/malicious-powerpoint-files-used-to-push-remote-access-trojans/

Excerpt: “Since December 2021, a growing trend in phishing campaigns has emerged that uses malicious PowerPoint documents to distribute various types of malware, including remote access and information-stealing trojans. According to a report by Netskope’s Threat Labs shared with Bleeping Computer before publication, the actors are using PowerPoint files combined with legitimate cloud services that host the malware payloads. The families deployed in the tracked campaign are Warzone (aka AveMaria) and AgentTesla, two powerful RATs and info-stealers that target many applications, while the researchers also noticed the dropping of cryptocurrency stealers.”

Title: Russian Authorities Arrested the Kingpin of Cybercrime Infraud Organization
Date Published: January 24, 2022

https://securityaffairs.co/wordpress/127116/cyber-crime/infraud-organization-head-arrested.html

Excerpt: “In February 2008, the US authorities dismantled the global cybercrime organization tracked as Infraud Organization, which was involved in stealing and selling credit card and personal identity data. The Justice Department announced indictments for 36 people charged with being part of a crime ring. The group has been active since 2010 and was created in Ukraine by Svyatoslav Bondarenko. According to th experts, the activities of the gang caused $530 million in losses. Bondarenko remained at large, but Russian co-founder Sergey Medvedev was arrested by the authorities in 2018. Most of the members of the gang were arrested in the US (30), the remaining members come from Australia, Britain, France, Italy, Kosovo, and Serbia.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...