February 11, 2022

Fortify Security Team
Feb 11, 2022

Title: Hacking Group ‘ModifiedElephant’ Evaded Discovery for a Decade
Date Published: February 10, 2022

https://www.bleepingcomputer.com/news/security/hacking-group-modifiedelephant-evaded-discovery-for-a-decade/

Excerpt: “For a decade, an advanced persistent threat (APT) actor tracked as ModifiedElephant has been using tactics that allowed it to operate in utmost secrecy, without cybersecurity companies connecting the dots between attacks. This particular group of hackers employs readily-available trojans through spear-phishing, and has been targeting human rights activists, free speech defenders, academics, and lawyers in India since 2012. The malicious emails push keyloggers and remote access trojans like NetWire and DarkComet, and even Android malware.”

Title: Spanish Police Dismantled SIM Swapping Gang Who Stole Money from Victims’ Bank Accounts
Date Published: February 11, 2022

https://securityaffairs.co/wordpress/127880/cyber-crime/sim-swapping-gang-dismantled.html

Excerpt: “Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Crooks conduct SIM swapping attacks to take control of victims’ phone numbers tricking the mobile operator employees into porting them to SIMs under the control of the fraudsters. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones.”

Title: Apple Patches Actively Exploited WebKit Zero Day
Date Published: February 11, 2022

https://threatpost.com/apple-patches-actively-exploited-webkit-zero-day/178370/

Excerpt: “Apple has patched yet another zero-day vulnerability, this time in its WebKit browser engine, that threat actors already are actively exploiting to compromise iPhones, iPads and MacOS devices. The zero-day, tracked as CVE-2022-22620, is a Use-After-Free issue, which is related to incorrect use of dynamic memory during program operation. In the case of Apple’s zero-day, threat actors can execute arbitrary code on affected devices after they process maliciously crafted web content, the company said in a description of the bug. The flaw also can lead to unexpected OS crashes.”

Title: Log4j Exploitation Risk is not as High as First Thought, Cyber MGA says
Date Published: February 11, 2022

https://www.helpnetsecurity.com/2022/02/11/log4j-exploitation-risk/

Excerpt: “When the Log4Shell vulnerability (CVE-2021-44228) was publicly revealed in December 2021, CISA Director Jen Easterly said that it is the “most serious” vulnerability she has seen in her decades-long career and it could take years to address. It’s true: the flaw is remotely exploitable by unskilled attackers and vulnerable versions of the open source library are seemingly ubiquitous – and are still being downloaded and used.”

Title: France Rules That Using Google Analytics Violates GDPR Data Protection Law
Date Published: February 10, 2022

https://thehackernews.com/2022/02/france-rules-that-using-google.html

Excerpt: “French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union’s General Data Protection Regulation (GDPR) laws in the country, almost a month after a similar decision was reached in Austria. To that end, the National Commission on Informatics and Liberty (CNIL) ruled that the transatlantic movement of Google Analytics data to the U.S. is not “sufficiently regulated” citing a violation of Articles 44 et seq. of the data protection decree, which govern the transfers of personal data to third countries or international entities.”

Title: Credential-Stuffing Attacks on Remote Windows Systems Took Off in 2021
Date Published: February 10, 2022

https://www.darkreading.com/endpoint/credential-stuffing-attacks-on-remote-windows-systems-took-off-in-2021
Excerpt: “Attackers have increasingly targeted remote Windows systems, fueling a surge in credential-stuffing attacks against systems running the remote desktop protocol (RDP), which jumped nearly ninefold in 2021, according to new data. A report published by ESET this week shows password-based attacks hit European countries the hardest — particularly, Spain, Italy, France, and Germany — accounting for 116 billion of the 288 billion RDP attacks detected by ESET in 2021. While attackers mainly targeted RDP servers, they also sent billions of log-in attempts to database and file-sharing servers, according to the report.”

Title: CISA Urges Orgs to Patch Actively Exploited Windows SeriousSAM Bug
Date Published: February 11, 2022

https://www.bleepingcomputer.com/news/security/cisa-urges-orgs-to-patch-actively-exploited-windows-serioussam-bug/

Excerpt: “The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added to the catalog of vulnerabilities another 15 security issues actively used in cyberattacks. CISA’s warning about these vulnerabilities serves as a wake-up call to all system administrators that they need to prioritize installing security updates to protect their organizations’ networks. Failing to do so turns the company into a target for threat actors, who could breach digital premises, compromise data or gain access to sensitive accounts.”

Title: AI Can Spot Biometric Spoofing Attacks with Ease
Date Published: February 11, 2022

https://www.helpnetsecurity.com/2022/02/11/computers-identifying-biometric-spoofing/

Excerpt: “Humans have far greater difficulty identifying images of biometric spoofing attacks compared to computers performing the same task, according to research released by ID R&D. The research report finds that computers are more adept than people at accurately and quickly determining whether a photo is of an actual, live person versus a presentation attack. Fraudsters attempt to imitate real customers during processes such as creating a new bank account or logging into an existing account. Liveness detection instantly validates whether a photo, taken in real time, is of a live person.”

Title: Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers
Date Published: February 11, 2022

https://thehackernews.com/2022/02/hackers-planted-fake-digital-evidence.html

Excerpt: “A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant “incriminating digital evidence.” Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks as “ModifiedElephant,” an elusive threat actor that’s been operational since at least 2012, whose activity aligns sharply with Indian state interests.”

Title: Microsoft Fixes Defender Flaw Letting Hackers Bypass Antivirus Scans
Date Published: February 10, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-defender-flaw-letting-hackers-bypass-antivirus-scans/

Excerpt: “Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender’s malware detection engine. This security flaw [1, 2] affected the latest Windows 10 versions, and threat attackers could abuse it since at least 2014. As BleepingComputer previously reported, the flaw resulted from lax security settings for the “HKLM\Software\Microsoft\Windows Defender\Exclusions” Registry key. This key contains the list of locations (files, folders, extensions, or processes) excluded from Microsoft Defender scanning.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...