February 11, 2022

Fortify Security Team
Feb 11, 2022

Title: Hacking Group ‘ModifiedElephant’ Evaded Discovery for a Decade
Date Published: February 10, 2022

https://www.bleepingcomputer.com/news/security/hacking-group-modifiedelephant-evaded-discovery-for-a-decade/

Excerpt: “For a decade, an advanced persistent threat (APT) actor tracked as ModifiedElephant has been using tactics that allowed it to operate in utmost secrecy, without cybersecurity companies connecting the dots between attacks. This particular group of hackers employs readily-available trojans through spear-phishing, and has been targeting human rights activists, free speech defenders, academics, and lawyers in India since 2012. The malicious emails push keyloggers and remote access trojans like NetWire and DarkComet, and even Android malware.”

Title: Spanish Police Dismantled SIM Swapping Gang Who Stole Money from Victims’ Bank Accounts
Date Published: February 11, 2022

https://securityaffairs.co/wordpress/127880/cyber-crime/sim-swapping-gang-dismantled.html

Excerpt: “Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Crooks conduct SIM swapping attacks to take control of victims’ phone numbers tricking the mobile operator employees into porting them to SIMs under the control of the fraudsters. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones.”

Title: Apple Patches Actively Exploited WebKit Zero Day
Date Published: February 11, 2022

https://threatpost.com/apple-patches-actively-exploited-webkit-zero-day/178370/

Excerpt: “Apple has patched yet another zero-day vulnerability, this time in its WebKit browser engine, that threat actors already are actively exploiting to compromise iPhones, iPads and MacOS devices. The zero-day, tracked as CVE-2022-22620, is a Use-After-Free issue, which is related to incorrect use of dynamic memory during program operation. In the case of Apple’s zero-day, threat actors can execute arbitrary code on affected devices after they process maliciously crafted web content, the company said in a description of the bug. The flaw also can lead to unexpected OS crashes.”

Title: Log4j Exploitation Risk is not as High as First Thought, Cyber MGA says
Date Published: February 11, 2022

https://www.helpnetsecurity.com/2022/02/11/log4j-exploitation-risk/

Excerpt: “When the Log4Shell vulnerability (CVE-2021-44228) was publicly revealed in December 2021, CISA Director Jen Easterly said that it is the “most serious” vulnerability she has seen in her decades-long career and it could take years to address. It’s true: the flaw is remotely exploitable by unskilled attackers and vulnerable versions of the open source library are seemingly ubiquitous – and are still being downloaded and used.”

Title: France Rules That Using Google Analytics Violates GDPR Data Protection Law
Date Published: February 10, 2022

https://thehackernews.com/2022/02/france-rules-that-using-google.html

Excerpt: “French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union’s General Data Protection Regulation (GDPR) laws in the country, almost a month after a similar decision was reached in Austria. To that end, the National Commission on Informatics and Liberty (CNIL) ruled that the transatlantic movement of Google Analytics data to the U.S. is not “sufficiently regulated” citing a violation of Articles 44 et seq. of the data protection decree, which govern the transfers of personal data to third countries or international entities.”

Title: Credential-Stuffing Attacks on Remote Windows Systems Took Off in 2021
Date Published: February 10, 2022

https://www.darkreading.com/endpoint/credential-stuffing-attacks-on-remote-windows-systems-took-off-in-2021
Excerpt: “Attackers have increasingly targeted remote Windows systems, fueling a surge in credential-stuffing attacks against systems running the remote desktop protocol (RDP), which jumped nearly ninefold in 2021, according to new data. A report published by ESET this week shows password-based attacks hit European countries the hardest — particularly, Spain, Italy, France, and Germany — accounting for 116 billion of the 288 billion RDP attacks detected by ESET in 2021. While attackers mainly targeted RDP servers, they also sent billions of log-in attempts to database and file-sharing servers, according to the report.”

Title: CISA Urges Orgs to Patch Actively Exploited Windows SeriousSAM Bug
Date Published: February 11, 2022

https://www.bleepingcomputer.com/news/security/cisa-urges-orgs-to-patch-actively-exploited-windows-serioussam-bug/

Excerpt: “The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added to the catalog of vulnerabilities another 15 security issues actively used in cyberattacks. CISA’s warning about these vulnerabilities serves as a wake-up call to all system administrators that they need to prioritize installing security updates to protect their organizations’ networks. Failing to do so turns the company into a target for threat actors, who could breach digital premises, compromise data or gain access to sensitive accounts.”

Title: AI Can Spot Biometric Spoofing Attacks with Ease
Date Published: February 11, 2022

https://www.helpnetsecurity.com/2022/02/11/computers-identifying-biometric-spoofing/

Excerpt: “Humans have far greater difficulty identifying images of biometric spoofing attacks compared to computers performing the same task, according to research released by ID R&D. The research report finds that computers are more adept than people at accurately and quickly determining whether a photo is of an actual, live person versus a presentation attack. Fraudsters attempt to imitate real customers during processes such as creating a new bank account or logging into an existing account. Liveness detection instantly validates whether a photo, taken in real time, is of a live person.”

Title: Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers
Date Published: February 11, 2022

https://thehackernews.com/2022/02/hackers-planted-fake-digital-evidence.html

Excerpt: “A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant “incriminating digital evidence.” Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks as “ModifiedElephant,” an elusive threat actor that’s been operational since at least 2012, whose activity aligns sharply with Indian state interests.”

Title: Microsoft Fixes Defender Flaw Letting Hackers Bypass Antivirus Scans
Date Published: February 10, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-defender-flaw-letting-hackers-bypass-antivirus-scans/

Excerpt: “Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender’s malware detection engine. This security flaw [1, 2] affected the latest Windows 10 versions, and threat attackers could abuse it since at least 2014. As BleepingComputer previously reported, the flaw resulted from lax security settings for the “HKLM\Software\Microsoft\Windows Defender\Exclusions” Registry key. This key contains the list of locations (files, folders, extensions, or processes) excluded from Microsoft Defender scanning.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...