January 6, 2021

Fortify Security Team
Jan 6, 2022

Title: FBI Warns About Ongoing Google Voice Authentication Scams

Date Published:  January 6, 2022


Excerpt:  “The Federal Bureau of Investigation (FBI) says Americans who share their phone number online are being targeted by Google Voice authentication scams.  As the federal law enforcement agency explains, the fraudsters are targeting those who have posted their phone number as a form of contact when trying to sell various items on online marketplaces or social media apps.  “Recently, we have also been getting reports of people who are getting targeted in other locations, including sites where you post about lost pets,” the FBI said.”

Title: Google Docs Commenting Feature Exploited for Spear-phishing

Date Published:  January 6, 2022


Excerpt:  “A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy.  Google Docs is used by many employees working or collaborating remotely, so most recipients of these emails are familiar with these notifications.  Since Google itself is being “tricked” into sending out these emails, the chances of email security tools tagging them as potentially risky are practically zero.”

Title: VMware Fixed CVE-2021-22045 Heap-overflow in Workstation, Fusion and ESXi

Date Published:  January 6, 2022


Excerpt:  “VMware released security updates to address a heap-overflow vulnerability, tracked as CVE-2021-22045, in its Workstation, Fusion and ESXi products. VMware has addressed the vulnerability with the release of ESXi670-202111101-SG, ESXi650-202110101-SG, Workstation 16.2.0, and Fusion 12.2.0.  According to the company, the security vulnerability exists in the CD-ROM device emulation function of the above products. An attacker with access to a virtual machine that has CD-ROM device emulation enabled can chain this vulnerability with other flaws to execute code on the hypervisor from a virtual machine.  The vulnerability was privately reported to VMware and received a CVSS score of 7.7.”

Title: France Hits Google, Facebook with Fines Over ‘Cookies’ Management

Date Published:  January 6, 2022


Excerpt:  “France’s National Commission on Informatics and Liberty (CNIL), the French data privacy and protection authority, hit Facebook and Google with 60 million euro ($68 million) and 150 million euro ($170 million) fines respectively.  The CNIL fined the IT giants for making it difficult for visitors to opt out of the tracking cookies.  “The CNIL has received many complaints about the way cookies can be refused on the websites google.fr and youtube.com. In June 2021, the CNIL carried out an online investigation on these websites and found that, while they offer a button allowing immediate acceptance of cookies, the sites do not implement an equivalent solution (button or other) enabling the user to refuse the deposit of cookies equally easily. Several clicks are required to refuse all cookies, against a single one to accept them.” reads the announcement published by CNIL.  The French regulatory body states that both sites do not allow users to refuse the use of cookies as simply as to accept them.”

Title: Log4j Flaw Hunt Shows How Complicated the Software Supply Chain Really Is

Date Published:  January 6, 2022


Excerpt:  “Open source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain.  The challenge with the Log4j flaw (also known as Log4Shell) is not only that admins need to patch the flaw — which got a ‘critical’ rating of 10 out of 10 — but that IT folk can’t easily discover whether a product or system is affected by the vulnerability in the component.  Google has calculated that approximately 17,000 Java packages in the Maven Central repository – the most significant Java package repository – were found to contain the vulnerable log4j-core library as a direct or transitive dependency.”

Title: Kazakhstan Leaders Shut Down Internet Amid Gas Price Protests

Date Published:  January 6, 2022


Excerpt:  “Internet service in Kazakhstan was disrupted this week as thousands took to the streets in protest over a rise in energy prices. The internet was partially restored on Wednesday but there is still evidence of significant disruption.  Both Netblocks and Cloudflare reported significant internet shutdowns in the country on Tuesday evening after protests began in the western town of Zhanaozen.  Alp Toker, director of NetBlocks, told ZDNet that they have been tracking the disruptions since their onset on Tuesday. NetBlocks found that initially, mobile services and some fixed lines were affected before there was a country-wide blackout around 5 pm on Wednesday affecting all connectivity in the country.”

Title: Ny AG Notifies 17 Companies of Breaches, Says 1.1 Million Accounts Compromised in Attacks

Date Published:  January 5, 2021


Excerpt:  “Seventeen companies have been informed of cyberattacks that compromised user information by New York Attorney General Letitia James following an investigation into credential stuffing. More than 1 million customer accounts were compromised due to the attacks, which James said were previously undetected.  James said her office was releasing a guide for businesses on how they can deal with credential stuffing attacks, noting that the practice has “quickly become one of the top attack vectors online.” The 17 businesses affected include well-known online retailers, restaurant chains, and food delivery services.  The FBI said last year that credential stuffing attacks — which involve repeated, automated attempts to access online accounts using usernames and passwords stolen from other online services — have been used to compromise 50,000 online bank accounts since 2017. Akamai released a report last year that found over 193 billion credential stuffing attacks occurred globally in 2020.”

Title: The Colonial Pipeline Attack Eight Months On

Date Published:  January 6, 2022


Excerpt:  “The attack on Colonial Pipeline in May last year, which affected the company’s billing system, highlighted some cybersecurity gaps in both the US government and industries, as an attack on the IT systems of critical infrastructure was able to bring operational technology operations to its knees. Not only did the ransomware attack force Colonial Pipeline to go offline, but it also compromised the personal information of nearly 6000 individuals, highlighting the importance of adequate cybersecurity to protect both business operations and customers.  Even relatively naïve attacks are accompanied by a torrent of consequences while also revealing how far governments and OT industry asset owners must go to thwart cyber-attacks and implement defense-in-depth security control strategies to protect critical infrastructure. Unfortunately, Colonial Pipeline suffered these consequences and can now be used as an example to teach some valuable lessons about how to handle a cyber-attack. The primary takeaway for other organizations is to separate IT management and the actual operational technology. Other pipeline operators, for instance, have started paying more attention to how to proactively deploy a security strategy that involves the segregation and separation of duties while defining logical boundaries between IT and OT networks.”

Title: Tek Fog: An App With BJP Footprints for Cyber Troops to Automate Hate, Manipulate Trends

Date Published:  January 6, 2022


Excerpt:  “Over a series of tweets in April 2020, an anonymous Twitter account @Aarthisharma08 claiming to be a disgruntled employee of the Bharatiya Janata Party’s (BJP’s) Information Technology Cell (IT Cell) alleged the existence of a highly sophisticated and secret app called ‘Tek Fog’. They claimed this app is used by political operatives affiliated with the ruling party to artificially inflate the popularity of the party, harass its critics and manipulate public perceptions at scale across major social media platforms.”

Title: Log4Shell Vulnerabilities in VMware Horizon Targeted to Install Web Shells

Date Published:  January 5, 2022


Excerpt:  “Attackers are actively targeting Log4Shell vulnerabilities in VMware Horizon servers in an effort to establish web shells.  An unknown threat group has been observed targeting VMware Horizon servers running versions affected by Log4Shell vulnerabilities in order to establish persistence within affected networks.  The attack likely consists of a reconnaissance phase, where the attacker uses the Java Naming and Directory InterfaceTM (JNDI) via Log4Shell payloads to call back to malicious infrastructure.  Once a weakness has been identified, the attack then uses the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service.  The web shell can then be used by an attacker to carry out a number of malicious activities such as deploying additional malicious software, data exfiltration, or deployment of ransomware.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...