January 31, 2022

Fortify Security Team
Jan 31, 2022

Title: Over 20,000 Data Center Management Systems Exposed to Hackers
Date Published: January 29, 2022

https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/

Excerpt: “Researchers have found over 20,000 instances of publicly exposed data center infrastructure management (DCIM) software that monitor devices, HVAC control systems, and power distribution units, which could be used for a range of catastrophic attacks. Data centers house costly systems that support business storage solutions, operational systems, website hosting, data processing, and more. The buildings that host data centers must comply with strict safety regulations concerning fire protection, airflow, electric power, and physical security.”

Title: Expert Releases PoC for CVE-2022-21882 Windows Local Privilege Elevation Issue
Date Published: January 30, 2022

https://securityaffairs.co/wordpress/127377/hacking/cve-2022-21882-win-local-privilege-elevation.html

Excerpt: “The security researchers RyeLv has publicly released an exploit for a Windows local privilege elevation flaw (CVE-2022-21882) that allows anyone to gain admin privileges in Windows 10. The Win32k elevation of privilege vulnerability was fixed this month as part of the January 2022 Patch Tuesday, it is the result of a bypass for the previously CVE-2021-1732 flaw. “A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver.” reads the advisory published by Microsoft. Now RyeLv published a detailed analysis of the vulnerability that affects all supported support versions of Windows 10.”

Title: Dark Overlord Collaborator Sentenced to Three Years
Date Published: January 31, 2022

https://www.bankinfosecurity.com/dark-overlord-collaborator-sentenced-to-three-years-a-18409

Excerpt: “A 29-year-old Canadian man has been sentenced to three years in prison for trading in stolen personal information, including transactions with an aggressive hacking and extortion group known as The Dark Overlord. Slava Dmitriev, of Vaughn, Ontario, pleaded guilty on Aug. 30, 2021, to a charge of fraud and related activity, according to a news release from the U.S. Attorney’s Office for the Northern District of Georgia. He was arrested in September 2020 while traveling in Greece. Dmitriev was accused of buying and selling stolen identity information, including Social Security numbers, names, birth dates, on the AlphaBay marketplace. AlphaBay was shut down by law enforcement in July 2017. Prosecutors accused Dmitriev, who went by the nickname GoldenAce, of netting $100,000 from the sale of 1,764 items on the market between May 2016 through July 2017.”

Title: Researchers Use Natural Silk Fibers to Generate Secure Keys for Strong Authentication
Date Published: January 30, 2022

https://thehackernews.com/2022/01/researchers-use-natural-silk-fibers-to.html

Excerpt: “A group of academics at South Korea’s Gwangju Institute of Science and Technology (GIST) have utilized natural silk fibers from domesticated silkworms to build an environmentally friendly digital security system that they say is “practically unbreachable.” “The first natural physical unclonable function (PUF) […] takes advantage of the diffraction of light through natural microholes in native silk to create a secure and unique digital key for future security solutions,” the researchers said. Physical unclonable functions or PUFs refer to devices that leverage inherent randomness and microscopic differences in electronics introduced during manufacturing to generate a unique identifier (e.g., cryptographic keys) for a given set of inputs and conditions.”

Title: Smart-chain Financial Site Qubit Hacked for $80 million
Date Published: January 29, 2022

https://www.scmagazine.com/analysis/cryptocurrency/smart-chain-financial-site-qubit-hacked-for-80-million

Excerpt: “Decentralized finance (DeFi) is defying security hopes as Qubit Finance, a major decentralized digital finance platform, was taken for $80 million in cryptocurrency by cyber-thieves on Thursday. The largest crypto-hack so far this year was initially reported (and admitted by Qubit) in an incident report released on Medium. The attack happened at approximately 5 p.m. Eastern on Jan. 27. Qubit Finance operate as a bridge between various blockchain providers, like a settlement processing provider might in more conventional financial services transactions, so that digital funds deposited into one type of cryptocurrency can be taken out through another type. Qubit specifically works as a “bridge” between Ethereum and the Binance Smart Chain (BSC) network.”

Title: FTC: Americans Lost $770 Million from Social Media Fraud Surge
Date Published: January 30, 2022

https://www.bleepingcomputer.com/news/security/ftc-americans-lost-770-million-from-social-media-fraud-surge/

Excerpt: “Americans are increasingly targeted by scammers on social media, according to tens of thousands of reports received by the US Federal Trade Commission (FTC) in 2021. As revealed by the FTC, over 95,000 US consumers reported losses of roughly $770 million after getting scammed on social media platforms. This amounts to approximately a quarter of all losses to fraud reported in 2021, showing a massive 18-fold increase over 2017 reported losses and more than double compared to 2020.”

Title: Hybrid Cloud Campaign OiVaVoii Targets Company Executives
Date Published: January 30, 2022

https://securityaffairs.co/wordpress/127396/cyber-crime/oivavoii-campaign-oauth.html

Excerpt: “Researchers from Proofpoint have uncovered a new campaign named ‘OiVaVoii’ that is targeting company executives, former board members, Presidents and managers with bogus OAuth apps and cleverly-crafted lures sent from compromised Office 365 accounts. Microsoft has blocked many of the apps, but according to the researchers, the campaign is still ongoing. Once the attackers have compromised the executive accounts, they can carry out a broad range of malicious activities, from insider phishing to human-operated ransomware attacks. The researchers uncovered five malicious OAuth applications employed in this campaign, some of them created by a “verified” organization (‘Yuma Counseling Services’).”

Title: Number of Data Compromises Reaching all-time High
Date Published: January 31, 2022

https://www.helpnetsecurity.com/2022/01/31/data-compromises-up/

Excerpt: “According to an Identity Theft Resource Center (ITRC) report, the overall number of data compromises (1,862) is up more than 68 percent compared to 2020. The new record number of data compromises is 23 percent over the previous all-time high (1,506) set in 2017. The number of data events that involved sensitive information (Ex: Social Security numbers) increased slightly compared to 2020 (83 percent vs. 80 percent). However, it remained well below the previous high of 95 percent set in 2017.”

Title: Researchers use GPU Fingerprinting to Track Users Online
Date Published: January 30, 2022

https://www.bleepingcomputer.com/news/security/researchers-use-gpu-fingerprinting-to-track-users-online/

Excerpt: “A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people’s GPUs to create unique fingerprints and use them for persistent web tracking. The results of their large-scale experiment involving 2,550 devices with 1,605 distinct CPU configurations show that their technique, named ‘DrawnApart,’ can boost the median tracking duration to 67 compare to current state-of-the-art methods. This is a severe problem for user privacy, which is currently protected by laws that focus on acquiring consent to activate website cookies.”

Title: Expert Earned $100,500 Bounty to Hack Apple MacBook Webcam and Microphone
Date Published: January 31, 2022

https://securityaffairs.co/wordpress/127410/hacking/apple-macbook-webcam-microphone-hack.html

Excerpt: “Apple last year addressed multiple macOS vulnerabilities discovered by the security researcher Ryan Pickren in the Safari browser that could allow threat actors to access users’ online accounts, microphone, and webcam. Pickren received a total of $100,500 payouts for these issues as part of Apple’s bug bounty program. The security researcher chained the vulnerabilities in iCloud Sharing and Safari 15 to gain unauthorized camera access. An attacker can trick victims into clicking “open” on a popup from my website in order to hijack multimedia permissions and gain full access to every website ever visited by the victim.”

Recent Posts

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...

June 17, 2022

Title: QNAP 'Thoroughly Investigating' New DeadBolt Ransomware Attacks Date Published: June 17, 2022 https://www.bleepingcomputer.com/news/security/qnap-thoroughly-investigating-new-deadbolt-ransomware-attacks/ Excerpt: “Network-attached storage (NAS) vendor QNAP once...

June 17, 2022

Title: QNAP 'Thoroughly Investigating' New DeadBolt Ransomware Attacks Date Published: June 17, 2022 https://www.bleepingcomputer.com/news/security/qnap-thoroughly-investigating-new-deadbolt-ransomware-attacks/ Excerpt: “Network-attached storage (NAS) vendor QNAP once...

June 16, 2022

Title: Microsoft Office 365 Feature Can Help Cloud Ransomware Attacks Date Published: June 16, 2022 https://www.bleepingcomputer.com/news/security/microsoft-office-365-feature-can-help-cloud-ransomware-attacks/ Excerpt: “Security researchers are warning that threat...

June 15, 2022

Title: New Go Botnet Panchan Spreading Rapidly in Education Networks Date Published: June 15, 2022 https://www.bleepingcomputer.com/news/security/new-go-botnet-panchan-spreading-rapidly-in-education-networks/ Excerpt: “A new peer-to-peer botnet named Panchan appeared...