February 3, 2022

Fortify Security Team
Feb 3, 2022

Title: Wormhole Cryptocurrency Platform Hacked to Steal $326 Million

Date Published: February 3, 2022

https://www.bleepingcomputer.com/news/cryptocurrency/wormhole-cryptocurrency-platform-hacked-to-steal-326-million/

Excerpt: “Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $326 million in cryptocurrency. Wormhole is a platform that allows users to transfer cryptocurrency across different blockchains. It does this by locking the original token in a smart contract and then minting a wrapped version of the stored token that can be transferred to another blockchain. The platform supports the Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, Solana, and Terra blockchains.”

Title: Trend Micro Fixed 2 Flaws in Hybrid Cloud Security Products

Date Published: February 3, 2022

https://securityaffairs.co/wordpress/127562/security/trend-micro-flaws-hybrid-cloud.html

Excerpt: “Trend Micro released security updates to fix two high-severity vulnerabilities, tracked as CVE-2022-23119 and CVE-2022-23120, affecting some of its hybrid cloud security products. The vulnerabilities affect Deep Security and Cloud One workload security solutions. The flaws were reported by the cybersecurity firm modzero, which also published PoC exploits the same day Trend Micro released the security fixes (on January 19). The experts first reported the vulnerabilities to Trend Micro in September and patches were released between October and December.”

Title: KP Snacks Left with Crumbs After Ransomware Attack

Date Published: February 2, 2022

https://threatpost.com/kp-snacks-crumbs-ransomware-attack/178176/

Excerpt: “KP Snacks, maker of the high-end Tyrrell’s and Popchips potato-chip brands, has suffered a ransomware attack that it said could affect deliveries to supermarkets through the end of March – at the earliest. The British company (also the purveyor of deeply English treats such as Skips prawn cocktail snacks and Butterkist toffees) said that the Conti gang was behind the strike, which was reportedly discovered on Monday. True to form, the cyberattackers also stole data in a classic double-extortion gambit, posting “proof” of the steal on its leak site.”

Title: Cisco Plugs Critical Flaws in Small Business Routers

Date Published: February 3, 2022

https://www.helpnetsecurity.com/2022/02/03/cisco-small-business-routers/

Excerpt: “Cisco has patched 14 vulnerabilities affecting some of its Small Business RV Series routers, the worst of which may allow attackers to achieve unauthenticated remote code execution or execute arbitrary commands on the underlying Linux operating system. “The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory,” the company said in the accompanying security advisory. Luckily, the PoCs aren’t public – Cisco (mostly) refers to the exploits used by security researchers to “pwn” the Cisco RV340 router at the Pwn2Own hacking contest held in Austin, Texas, in November 2021.”

Title: New Variant of UpdateAgent Malware Infects Mac Computers with Adware

Date Published: February 3, 2022

https://thehackernews.com/2022/02/new-variant-of-updateagent-malware.html

Excerpt: “Microsoft on Wednesday shed light on a previously undocumented Mac trojan that it said has underwent several iterations since its first appearance in September 2020, effectively granting it an “increasing progression of sophisticated capabilities.” The company’s Microsoft 365 Defender Threat Intelligence Team dubbed the new malware family “UpdateAgent,” charting its evolution from a barebones information stealer to a second-stage payload distributor as part of multiple attack waves observed in 2021. “The latest campaign saw the malware installing the evasive and persistent Adload adware, but UpdateAgent’s ability to gain access to a device can theoretically be further leveraged to fetch other, potentially more dangerous payloads,” the researchers said.”

Title: MFA Adoption Pushes Phishing Actors to Reverse-Proxy Solutions

Date Published: February 3, 2022

https://www.bleepingcomputer.com/news/security/mfa-adoption-pushes-phishing-actors-to-reverse-proxy-solutions/

Excerpt: “The rising adoption of multi-factor authentication (MFA) for online accounts pushes phishing actors to use more sophisticated solutions to continue their malicious operations, most notably reverse-proxy tools. The COVID-19 pandemic has changed the way people work forever, proving that it’s possible and sometimes even preferable to work from home. This has increased security risks for companies, many of which can be mitigated by using MFA to protect their employees’ accounts.”

Title: Oil Terminals in Europe’s Biggest Ports Hit by a Cyberattack

Date Published: February 3, 2022

https://securityaffairs.co/wordpress/127583/hacking/oil-port-terminals-hit-cyberattack.html

Excerpt: “Some of the major oil terminals in Western Europe’s biggest ports have been targeted with a cyberattack. Threat actors have hit multiple oil facilities in Belgium’s ports, including Antwerp, which is the second biggest port in Europe after Rotterdam. Among the impacted port infrastructure, there is the Amsterdam-Rotterdam-Antwerp oil trading hub, along with the SEA-Tank Terminal in Antwerp. “A spokesperson for prosecutors in the northern Belgian city confirmed on Thursday they had begun an investigation earlier this week, but declined to give further details.” reported Reuters agency. “Belgian business daily De Tijd reported that terminal operator Sea-Tank had been hit by a cyber attack last Friday. The company declined to comment. The AFP agency reported that the attackers have disrupted the unloading of barges in the affected European ports.”

Title: Log4j Updates: Flaw Challenges Global Security Leaders

Date Published: February 2, 2022

https://www.bankinfosecurity.com/log4j-updates-flaw-challenges-global-security-leaders-a-18142

Excerpt: “The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability – tracked as CVE-2021-44229 – in Apache’s Log4j software library, versions 2.0-beta9 to 2.14.1, known as “Log4Shell” and “Logjam.” As the U.S. Cybersecurity and Infrastructure Security Agency warns, Log4j is “very broadly used in variety of consumer and enterprise services, websites, and applications – as well as in OT products – to log security and performance information.” An unauthenticated remote actor, CISA warns, could exploit this vulnerability to take control of an affected system.”

Title: New Wave of Cyber Attacks Target Palestine with Political Bait and Malware

Date Published: February 3, 2022

https://thehackernews.com/2022/02/new-wave-of-cyber-attacks-target.html

Excerpt: “Cybersecurity researchers have turned the spotlight on a new wave of offensive cyberattacks targeting Palestinian activists and entities starting around October 2021 using politically-themed phishing emails and decoy documents. The intrusions are part of what Cisco Talos calls a longstanding espionage and information theft campaign undertaken by the Arid Viper hacking group using a Delphi-based implant called Micropsia dating all the way back to June 2017.”

Title: Office 365 Boosts Email Security Against MITM, Downgrade Attacks

Date Published: February 2, 2022

https://www.bleepingcomputer.com/news/microsoft/office-365-boosts-email-security-against-mitm-downgrade-attacks/

Excerpt: “Microsoft has added SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to ensure Office 365 customers’ email communication integrity and security. Redmond first announced MTA-STS’ introduction in September 2020, after revealing that it was also working on adding inbound and outbound support for DNSSEC (Domain Name System Security Extensions) and DANE for SMTP (DNS-based Authentication of Named Entities). “We have been validating our implementation and are now pleased to announce support for MTA-STS for all outgoing messages from Exchange Online,” the Exchange Online Transport Team said today.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...