February 1, 2022

Fortify Security Team
Feb 1, 2022

Title: MuddyWater Hacking Group Targets Turkey in New Campaign
Date Published: February 1, 2022

https://www.bleepingcomputer.com/news/security/muddywater-hacking-group-targets-turkey-in-new-campaign/

Excerpt: “The Iranian-backed MuddyWater hacking group is conducting a new malicious campaign targeting private Turkish organizations and governmental institutions. This cyber-espionage group (aka Mercury, SeedWorm, and TEMP.Zagros) was linked this month to Iran’s Ministry of Intelligence and Security (MOIS) by the US Cyber Command (USCYBERCOM). The hacking group has been attributed to attacks against entities in Central and Southwest Asia and numerous public and privately-held organizations from Europe, Asia, and North America in the telecommunications, government (IT services), oil, and airline industry sectors.”

Title: Samba Fixed CVE-2021-44142 Remote Code Execution Flaw
Date Published: January 31, 2022

https://securityaffairs.co/wordpress/127457/security/cve-2021-44142-samba-rce.html

Excerpt: “Samba has addressed a critical vulnerability, tracked as CVE-2021-44142, that can be exploited by remote attackers to gain code execution with root privileges on servers running vulnerable software. Samba is a free software re-implementation of the SMB networking protocol that provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. Samba runs on most Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple’s macOS Server, and macOS client (Mac OS X 10.2 and greater).”

Title: OpenSSF’s Alpha-Omega Project to Target Vulnerabilities From Beginning to End
Date Published: February 1, 2022

https://www.scmagazine.com/analysis/application-security/openssfs-alpha-omega-project-to-target-vulnerabilities-from-beginning-to-end

Excerpt: “The effort, backed by a $5 million grant from Microsoft and Google, will be known as the Alpha-Omega Project. The “Alpha” side will emphasize vulnerability testing by hand in the most popular open-source projects, developing close working relationships with a handful of the top 200 projects for testing each year. “Omega” will look more at the broader landscape of open source, running automated testing on the top 10,000. “They will find a vulnerability and try to answer how many other bugs are there like this?” said Brian Behlendorf, OpenSSF general manager. “Can you find some way to characterize that bug in some way a script could scan for it? How many of the other things like this are happening at other open-source projects, and when we find them, how do we connect to those those developers and try to engage them in fixing in a constructive way, rather than simply dumping a CVE on their shoulders.””

Title: Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks
Date Published: February 1, 2022

https://thehackernews.com/2022/02/iranian-hackers-using-new-powershell.html

Excerpt: “An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor’s evasive PowerShell execution.”

Title: Aggressive BlackCat Ransomware on the Rise
Date Published: January 31, 2022

https://www.darkreading.com/threat-intelligence/aggressive-blackcat-ransomware-on-the-rise

Excerpt: “BlackCat, the latest ransomware threat touted on underground forums, has quickly made inroads into the ransomware-as-a-service cybercriminal marketplace by offering 80% to 90% of ransoms to “affiliates” and aggressively outing victims on a name-and-shame blog. In less than a month, the BlackCat group has purportedly compromised more than a dozen victims, named those victims on its blog, and broken into the top 10 threats as measured by victim count, according to recent analysis of the malware by researchers at Palo Alto Networks. The ransomware program seems well-designed and is written in Rust, an efficient programming language that has gained popularity over the past decade.”

Title: Telco Fined €9 Million for Hiding Cyberattack Impact to Customers
Date Published: February 1, 2022

https://www.bleepingcomputer.com/news/security/telco-fined-9-million-for-hiding-cyberattack-impact-to-customers/

Excerpt: “The Greek data protection authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication due to a cyberattack. As the agency says in an announcement, COSMOTE infringed at least eight articles of the GDPR, including violating its duty to inform affected customers of the true impact of the incident. OTE (Hellenic Telecommunications Organization) and COSMOTE belong to the same entity, OTE Group, which is the largest technology company in Greece, offering fixed and mobile telephony, broadband, and network communication services.”

Title: RCE in WordPress Plugin Essential Addons for Elementor Impacts Hundreds of Thousands of Websites
Date Published: February 1, 2022

https://securityaffairs.co/wordpress/127465/hacking/wordpress-essential-addons-for-elementor-rce.html

Excerpt: “Essential Addons for Elementor is a popular WordPress plugin used in over a million sites that provides easy-to-use and creative elements to improve the appearance of the pages. The plugin is affected by a critical remote code execution (RCE) vulnerability that impacts version 5.0.4 and older.
An unauthenticated user can exploit the vulnerability to perform a local file inclusion attack, such as a PHP file, to remotely gain code execution on sites running a vulnerable version of the plugin.”

Title: NSO Group Pegasus Spyware Aims at Finnish Diplomats
Date Published: January 31, 2022

https://threatpost.com/nso-group-pegasus-spyware-finnish-diplomats/178113/

Excerpt: “The controversial Pegasus spyware, developed by NSO Group, has been found on the devices of Finland’s diplomatic corps serving outside the country as part of a wide-ranging espionage campaign, according to Finnish officials. They also said the infections were of the zero-click variety. “The highly sophisticated malware has infected users’ Apple or Android telephones without their noticing and without any action from the user’s part,” Finland’s Ministry for Foreign Affairs announced.  “Through the spyware, the perpetrators may have been able to harvest data from the device and exploit its features.””

Title: Solarmarker Malware Uses Novel Techniques to Persist on Hacked Systems
Date Published: February 1, 2022

https://thehackernews.com/2022/02/solarmarker-malware-uses-novel.html

Excerpt: “In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy tricks to establish long-term persistence on compromised systems. Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted networks despite the campaign witnessing a decline in November 2021. Boasting of information harvesting and backdoor capabilities, the .NET-based malware has been linked to at least three different attack waves in 2021. The first set, reported in April, took advantage of search engine poisoning techniques to trick business professionals into visiting sketchy Google sites that installed SolarMarker on the victim’s machines.”

Title: German Petrol Supply Firm Oiltanking Paralyzed by Cyber attackE
Date Published: February 1, 2022

https://www.bleepingcomputer.com/news/security/german-petrol-supply-firm-oiltanking-paralyzed-by-cyber-attack/

Excerpt: “Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations. Additionally, the attack has also affected Mabanaft GmbH, an oil supplier. Both entities are subsidiaries of the Marquard & Bahls group, which may have been the breach point. Because the firm supplies a total of 26 companies in the country with fuel, German media raised worries about shortages immediately, but officials came forth to appease them.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...