February 11, 2022

Fortify Security Team
Feb 11, 2022

Title: Hacking Group ‘ModifiedElephant’ Evaded Discovery for a Decade
Date Published: February 10, 2022


Excerpt: “For a decade, an advanced persistent threat (APT) actor tracked as ModifiedElephant has been using tactics that allowed it to operate in utmost secrecy, without cybersecurity companies connecting the dots between attacks. This particular group of hackers employs readily-available trojans through spear-phishing, and has been targeting human rights activists, free speech defenders, academics, and lawyers in India since 2012. The malicious emails push keyloggers and remote access trojans like NetWire and DarkComet, and even Android malware.”

Title: Spanish Police Dismantled SIM Swapping Gang Who Stole Money from Victims’ Bank Accounts
Date Published: February 11, 2022


Excerpt: “Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Crooks conduct SIM swapping attacks to take control of victims’ phone numbers tricking the mobile operator employees into porting them to SIMs under the control of the fraudsters. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones.”

Title: Apple Patches Actively Exploited WebKit Zero Day
Date Published: February 11, 2022


Excerpt: “Apple has patched yet another zero-day vulnerability, this time in its WebKit browser engine, that threat actors already are actively exploiting to compromise iPhones, iPads and MacOS devices. The zero-day, tracked as CVE-2022-22620, is a Use-After-Free issue, which is related to incorrect use of dynamic memory during program operation. In the case of Apple’s zero-day, threat actors can execute arbitrary code on affected devices after they process maliciously crafted web content, the company said in a description of the bug. The flaw also can lead to unexpected OS crashes.”

Title: Log4j Exploitation Risk is not as High as First Thought, Cyber MGA says
Date Published: February 11, 2022


Excerpt: “When the Log4Shell vulnerability (CVE-2021-44228) was publicly revealed in December 2021, CISA Director Jen Easterly said that it is the “most serious” vulnerability she has seen in her decades-long career and it could take years to address. It’s true: the flaw is remotely exploitable by unskilled attackers and vulnerable versions of the open source library are seemingly ubiquitous – and are still being downloaded and used.”

Title: France Rules That Using Google Analytics Violates GDPR Data Protection Law
Date Published: February 10, 2022


Excerpt: “French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union’s General Data Protection Regulation (GDPR) laws in the country, almost a month after a similar decision was reached in Austria. To that end, the National Commission on Informatics and Liberty (CNIL) ruled that the transatlantic movement of Google Analytics data to the U.S. is not “sufficiently regulated” citing a violation of Articles 44 et seq. of the data protection decree, which govern the transfers of personal data to third countries or international entities.”

Title: Credential-Stuffing Attacks on Remote Windows Systems Took Off in 2021
Date Published: February 10, 2022

Excerpt: “Attackers have increasingly targeted remote Windows systems, fueling a surge in credential-stuffing attacks against systems running the remote desktop protocol (RDP), which jumped nearly ninefold in 2021, according to new data. A report published by ESET this week shows password-based attacks hit European countries the hardest — particularly, Spain, Italy, France, and Germany — accounting for 116 billion of the 288 billion RDP attacks detected by ESET in 2021. While attackers mainly targeted RDP servers, they also sent billions of log-in attempts to database and file-sharing servers, according to the report.”

Title: CISA Urges Orgs to Patch Actively Exploited Windows SeriousSAM Bug
Date Published: February 11, 2022


Excerpt: “The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added to the catalog of vulnerabilities another 15 security issues actively used in cyberattacks. CISA’s warning about these vulnerabilities serves as a wake-up call to all system administrators that they need to prioritize installing security updates to protect their organizations’ networks. Failing to do so turns the company into a target for threat actors, who could breach digital premises, compromise data or gain access to sensitive accounts.”

Title: AI Can Spot Biometric Spoofing Attacks with Ease
Date Published: February 11, 2022


Excerpt: “Humans have far greater difficulty identifying images of biometric spoofing attacks compared to computers performing the same task, according to research released by ID R&D. The research report finds that computers are more adept than people at accurately and quickly determining whether a photo is of an actual, live person versus a presentation attack. Fraudsters attempt to imitate real customers during processes such as creating a new bank account or logging into an existing account. Liveness detection instantly validates whether a photo, taken in real time, is of a live person.”

Title: Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers
Date Published: February 11, 2022


Excerpt: “A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant “incriminating digital evidence.” Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks as “ModifiedElephant,” an elusive threat actor that’s been operational since at least 2012, whose activity aligns sharply with Indian state interests.”

Title: Microsoft Fixes Defender Flaw Letting Hackers Bypass Antivirus Scans
Date Published: February 10, 2022


Excerpt: “Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender’s malware detection engine. This security flaw [1, 2] affected the latest Windows 10 versions, and threat attackers could abuse it since at least 2014. As BleepingComputer previously reported, the flaw resulted from lax security settings for the “HKLM\Software\Microsoft\Windows Defender\Exclusions” Registry key. This key contains the list of locations (files, folders, extensions, or processes) excluded from Microsoft Defender scanning.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...