February 4, 2022

Fortify Security Team
Feb 4, 2022

Title: Intuit Warns of Phishing Emails Threatening to Delete Accounts
Date Published: February 3, 2022

https://www.bleepingcomputer.com/news/security/intuit-warns-of-phishing-emails-threatening-to-delete-accounts/

Excerpt: “Accounting and tax software provider Intuit has notified customers of an ongoing phishing campaign impersonating the company and trying to lure victims with fake warnings that their accounts have been suspended. Intuit’s alert follows reports received from customers who were emailed and told that their Intuit accounts were disabled following a recent server security upgrade. “We have temporarily disabled your account due to inactivity. It is compulsory that you restore your access within the next 24 hours,” the attackers say in the phishing messages, masquerading as the Intuit Maintenance Team.”

Title: Zimbra Zero-day Vulnerability Actively Exploited by an Alleged Chinese Threat Actor
Date Published: February 4, 2022

https://securityaffairs.co/wordpress/127621/apt/zimbra-zero-day-actively-axploited.html

Excerpt: “An alleged Chinese threat actor, tracked as TEMP_Heretic, is actively attempting to exploit a zero-day XSS vulnerability in the Zimbra open-source email platform. The zero-day vulnerability impacts almost any Zimbra install running version 8.8.15. Researchers from cybersecurity company Volexity uncovered a cyber espionage spear-phishing campaign, tracked as EmailThief, that has been active at least since December 2021. The successful exploitation of the cross-site scripting (XSS) vulnerability could allow threat actors to execute arbitrary JavaScript code in the context of the user’s Zimbra session. In order to exploit the vulnerability, the attackers have to trick the target into clicking the attacker’s specially crafted link while logged into the Zimbra webmail client from a web browser.”

Title: Exposed Corporate Credentials Threatening the Pharma Sector
Date Published: February 4, 2022

https://www.helpnetsecurity.com/2022/02/04/pharma-sector-breaches/

Excerpt: “Constella Intelligence released a report which includes new and additional findings pertaining to exposures, breaches, and leakages within the pharma sector, specifically focusing on employees and executives from the top twenty pharma companies on the Fortune Global 500 list. By analyzing identity records from data breaches and leakages found in open sources and on the surface, deep, and dark web, the threat intelligence team identified 9,030 breaches/leakages and 4,549,871 exposed records—including attributes like email addresses, passwords, phone numbers, addresses, and even credit card and banking information—related to employee corporate credentials from the companies analyzed.”

Title: Russian Gamaredon Hackers Targeted ‘Western Government Entity’ in Ukraine
Date Published: February 4, 2022

https://thehackernews.com/2022/02/russian-gamaredon-hackers-targeted.html

Excerpt: “The Russia-linked Gamaredon hacking group attempted to compromise an unnamed Western government entity operating in Ukraine last month amidst ongoing geopolitical tensions between the two countries. Palo Alto Networks’ Unit 42 threat intelligence team, in a new report publicized on February 3, said that the phishing attack took place on January 19, adding it “mapped out three large clusters of their infrastructure used to support different phishing and malware purposes.” The threat actor, also known as Shuckworm, Armageddon, or Primitive Bear, has historically focused its offensive cyber attacks against Ukrainian government officials and organizations since 2013. Last year, Ukraine disclosed the collective’s ties to Russia’s Federal Security Service (FSB).”

Title: Wormhole Restores Stolen $326 Million After Major Crypto Bailout
Date Published: February 4, 2022

https://www.bleepingcomputer.com/news/security/wormhole-restores-stolen-326-million-after-major-crypto-bailout/

Excerpt: “Cryptocurrency platform Wormhole has recovered upwards of $326 million stolen in this week’s crypto hack, thanks to a major bailout. Being a cross-chain crypto platform, Wormhole allows users to transfer cryptocurrency across different blockchains, such as Ethereum, Solana, and Binance Smart Chain, among others. It does this by locking the original token in a smart contract and then minting a “wrapped” version of the stored token that can be transferred to another blockchain.”

Title: Retail Giant Target Open Sources Merry Maker e-skimmer Detection Tool
Date Published: February 4, 2022

https://securityaffairs.co/wordpress/127639/breaking-news/merry-maker-tool-e-skimmer.html

Excerpt: “The rising adoption of multi-factor authentication (MFA) for online accounts pushes phishing actors to use more sophisticated solutions to continue their malicious operations, most notably reverse-proxy tools. The COVID-19 pandemic has changed the way people work forever, proving that it’s possible and sometimes even preferable to work from home. This has increased security risks for companies, many of which can be mitigated by using MFA to protect their employees’ accounts.”

Title: Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware
Date Published: February 4, 2022

https://thehackernews.com/2022/02/another-israeli-firm-quadream-caught.html

Excerpt: “A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company’s devices. The development was reported by Reuters, citing unnamed sources, noting that “the two rival businesses gained the same ability last year to remotely break into iPhones [and] compromise Apple phones without an owner needing to open a malicious link.” The zero-click exploit in question is FORCEDENTRY, a flaw in iMessage that could be leveraged to circumvent iOS security protections and install spyware that allowed attackers to scoop up a wealth of information such as contacts, emails, files, messages, and photos, as well as access to the phone’s camera and microphone.”

Title: PowerPoint Files Abused to Take Over Computers
Date Published: February 3, 2022

https://threatpost.com/powerpoint-abused-take-over-computers/178182/

Excerpt: “Attackers are using an under-the-radar PowerPoint file to hide malicious executables that can rewrite Windows registry settings to take over an end user’s computer, researchers have found. It’s one of a number of stealthy ways threat actors recently have been targeting desktop users through trusted applications they use daily, using emails that are designed to evade security detections and appear legitimate. New research from Avanan, a Check Point company, has uncovered how a “little-known add-on” in PowerPoint – the .ppam file – is being used to hide malware. Jeremy Fuchs, cybersecurity researcher and analyst at Avanan, wrote in a report published Thursday that the file has bonus commands and custom macros, among other functions.”

Title: Swissport Ransomware Attack Delays Flights, Disrupts Operations
Date Published: February 4, 2022

https://www.bleepingcomputer.com/news/security/swissport-ransomware-attack-delays-flights-disrupts-operations/

Excerpt: “Aviation services company Swissport International has disclosed a ransomware attack that has impacted its IT infrastructure and services, causing flights to suffer delays. The Swiss company provides services for cargo handling, security, maintenance, cleaning, and lounge hospitality for 310 airports in 50 countries. It handles 282 million passengers and 4.8 million tons of cargo every year, making it a a vital link in the global aviation travel industry chain.”

Title: U.S. Authorities Charge 6 Indian Call Centers Scamming Thousands of Americans
Date Published: February 4, 2022

https://thehackernews.com/2022/02/us-authorities-charge-6-indian-call.html

Excerpt: “A number of India-based call centers and their directors have been indicted for their alleged role in placing tens of millions of scam calls aimed at defrauding thousands of American consumers. The indictment charged Manu Chawla, Sushil Sachdeva, Nitin Kumar Wadwani, Swarndeep Singh, Dinesh Manohar Sachdev, Gaje Singh Rathore, Sanket Modi, Rajiv Solanki and their respective call centers for conspiring with previously indicted VoIP provider E Sampark and its director, Guarav Gupta, to forward the calls to U.S. citizens.”Criminal India-based call centers defraud U.S. residents, including the elderly, by misleading victims over the telephone utilizing scams such as Social Security and IRS impersonation as well as loan fraud,” the U.S. Justice Department said in a release.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...