March 22, 2022

Fortify Security Team
Mar 22, 2022

Title: Hundreds of HP Printers Vulnerable to Remote Code Execution Flaws

Date Published: March 22, 2022

https://www.bleepingcomputer.com/news/security/hundreds-of-hp-printers-vulnerable-to-remote-code-execution-flaws/

Excerpt: “HP has published security advisories for three critical-severity vulnerabilities affecting hundreds of its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models. The first security bulletin warns about a buffer overflow flaw that could lead to remote code execution on the affected machine. Tracked as CVE-2022-3942, the security issue was reported by Trend Micro’s Zero Day Initiative team.”

Title: Lapsus$ Extortion Gang Leaked the Source Code for Some Microsoft Projects

Date Published: March 22, 2022

https://securityaffairs.co/wordpress/129344/cyber-crime/lapsus-leak-37gb-microsoft-source-code.html

Excerpt: “Microsoft recently announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. On Sunday, the Lapsus$ gang announced to have compromised Microsoft’s Azure DevOps server and shared a screenshot of alleged internal source code repositories.”
Title: Browser-in-the-Browser Attack Makes Phishing Nearly Invisible

Date Published: March 21, 2022

https://threatpost.com/browser-in-the-browser-attack-makes-phishing-nearly-invisible/179014/

Excerpt: “We’ve had it beaten into our brains: Before you go wily-nily clicking on a page, check the URL. First things first, the tried-and-usually-but-not-always-true advice goes, check that the site’s URL shows “https,” indicating that the site is secured with TLS/SSL encryption. If only it were that easy to avoid phishing sites. In reality, URL reliability hasn’t been absolute for a long time, given things like homograph attacks that swap in similar-looking characters in order to create new, identical-looking but malicious URLs, as well as DNS hijacking, in which Domain Name System (DNS) queries are subverted.”

Title: HEAT attacks: A New Class of Cyber Threats Organizations are Not Prepared For

Date Published: March 22, 2022

https://www.helpnetsecurity.com/2022/03/22/web-security-threats/

Excerpt: “Web malware (47%) and ransomware (42%) now top the list of security threats that organizations are most concerned about. Yet despite the growing risks, just 27% have advanced threat protection in place on every endpoint device that can access corporate applications and resources.”

Title: HubSpot Allegedly Hacked to Target Cryptocurrency Firms

Date Published: March 22, 2022

https://www.bankinfosecurity.com/hubspot-allegedly-hacked-to-target-cryptocurrency-firms-a-18768

Excerpt: “Content management software giant HubSpot released a statement Sunday saying that it had been the victim of a data breach on Friday, citing a compromised employee account as the entry point. Several cryptocurrency firms – BlockFi, Swan Bitcoin, Paxos and NYDIG, among others – have confirmed some customer data was leaked via HubSpot. The customer relationship management firm is a third-party vendor for the cryptocurrency companies, and the leak appears to be an attempt by a malicious actor to access users’ details.”

Title: U.S. Government Warns Companies of Potential Russian Cyberattacks

Date Published: March 22, 2022

https://thehackernews.com/2022/03/us-government-warns-companies-of.html

Excerpt: “The U.S. government on Monday once again cautioned of potential cyber attacks from Russia in retaliation for economic sanctions imposed by the west on the country following its military assault on Ukraine last month.”

Title: OpenSSL Vulnerability can ‘Definitely be Weaponized,’ NSA Cyber Director says

Date Published: March 22, 2022

https://www.scmagazine.com/analysis/application-security/openssl-vulnerability-can-definitely-be-weaponized-nsa-cyber-director-says

Excerpt: “A cryptographic vulnerability in the Tonelli Shanks modular algorithm, which is used in popular cryptographic library OpenSSL, can lead to denial-of-service attacks and can “definitely be weaponized” in the current threat environment, according to an NSA official. The bug — discovered by two Google employees, security researcher Tavis Ormandy and software engineer David Benjamin, and is being tracked under CVE-2022-0778 — affects the BN_mod_sqrt() function in OpenSSL, which is used to compute the modular square root and parses certificates that use elliptic curve public key encryption.”

Title: BitRAT malware now spreading as a Windows 10 license activator

Date Published: March 21, 2022

https://www.bleepingcomputer.com/news/security/bitrat-malware-now-spreading-as-a-windows-10-license-activator/

Excerpt: “A new BitRAT malware distribution campaign is underway, exploiting users looking to activate pirated Windows OS versions for free using unofficial Microsoft license activators. BitRAT is a powerful remote access trojan sold on cybercrime forums and dark web markets for as low as $20 (lifetime access) to any cybercriminal who wants it.”

Title: Serpent Backdoor Targets French Entities with High-Evasive Attack Chain

Date Published: March 22, 2022

https://securityaffairs.co/wordpress/129326/malware/serpent-backdoor-targets-french-orgs.html

Excerpt: “Proofpoint researchers uncovered a targeted attack leveraging an open-source package installer Chocolatey to deliver a backdoor tracked as Serpent. The campaign targeted French entities in the construction, real estate, and government industries. Experts believe the attacks were conducted by a sophisticated threat actor.”

Title: Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts

Date Published: March 21, 2022

https://threatpost.com/facestealer-trojan-google-play-facebook/179015/

Excerpt: “A popular mobile app in the official Google Play store called “Craftsart Cartoon Photo Tools” has racked up more than 100,000 installs – but unfortunately for the app’s enthusiasts, it contains a version of the Facestealer Android malware.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...