March 22, 2022

Fortify Security Team
Mar 22, 2022

Title: Hundreds of HP Printers Vulnerable to Remote Code Execution Flaws

Date Published: March 22, 2022

https://www.bleepingcomputer.com/news/security/hundreds-of-hp-printers-vulnerable-to-remote-code-execution-flaws/

Excerpt: “HP has published security advisories for three critical-severity vulnerabilities affecting hundreds of its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models. The first security bulletin warns about a buffer overflow flaw that could lead to remote code execution on the affected machine. Tracked as CVE-2022-3942, the security issue was reported by Trend Micro’s Zero Day Initiative team.”

Title: Lapsus$ Extortion Gang Leaked the Source Code for Some Microsoft Projects

Date Published: March 22, 2022

https://securityaffairs.co/wordpress/129344/cyber-crime/lapsus-leak-37gb-microsoft-source-code.html

Excerpt: “Microsoft recently announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. On Sunday, the Lapsus$ gang announced to have compromised Microsoft’s Azure DevOps server and shared a screenshot of alleged internal source code repositories.”
Title: Browser-in-the-Browser Attack Makes Phishing Nearly Invisible

Date Published: March 21, 2022

https://threatpost.com/browser-in-the-browser-attack-makes-phishing-nearly-invisible/179014/

Excerpt: “We’ve had it beaten into our brains: Before you go wily-nily clicking on a page, check the URL. First things first, the tried-and-usually-but-not-always-true advice goes, check that the site’s URL shows “https,” indicating that the site is secured with TLS/SSL encryption. If only it were that easy to avoid phishing sites. In reality, URL reliability hasn’t been absolute for a long time, given things like homograph attacks that swap in similar-looking characters in order to create new, identical-looking but malicious URLs, as well as DNS hijacking, in which Domain Name System (DNS) queries are subverted.”

Title: HEAT attacks: A New Class of Cyber Threats Organizations are Not Prepared For

Date Published: March 22, 2022

https://www.helpnetsecurity.com/2022/03/22/web-security-threats/

Excerpt: “Web malware (47%) and ransomware (42%) now top the list of security threats that organizations are most concerned about. Yet despite the growing risks, just 27% have advanced threat protection in place on every endpoint device that can access corporate applications and resources.”

Title: HubSpot Allegedly Hacked to Target Cryptocurrency Firms

Date Published: March 22, 2022

https://www.bankinfosecurity.com/hubspot-allegedly-hacked-to-target-cryptocurrency-firms-a-18768

Excerpt: “Content management software giant HubSpot released a statement Sunday saying that it had been the victim of a data breach on Friday, citing a compromised employee account as the entry point. Several cryptocurrency firms – BlockFi, Swan Bitcoin, Paxos and NYDIG, among others – have confirmed some customer data was leaked via HubSpot. The customer relationship management firm is a third-party vendor for the cryptocurrency companies, and the leak appears to be an attempt by a malicious actor to access users’ details.”

Title: U.S. Government Warns Companies of Potential Russian Cyberattacks

Date Published: March 22, 2022

https://thehackernews.com/2022/03/us-government-warns-companies-of.html

Excerpt: “The U.S. government on Monday once again cautioned of potential cyber attacks from Russia in retaliation for economic sanctions imposed by the west on the country following its military assault on Ukraine last month.”

Title: OpenSSL Vulnerability can ‘Definitely be Weaponized,’ NSA Cyber Director says

Date Published: March 22, 2022

https://www.scmagazine.com/analysis/application-security/openssl-vulnerability-can-definitely-be-weaponized-nsa-cyber-director-says

Excerpt: “A cryptographic vulnerability in the Tonelli Shanks modular algorithm, which is used in popular cryptographic library OpenSSL, can lead to denial-of-service attacks and can “definitely be weaponized” in the current threat environment, according to an NSA official. The bug — discovered by two Google employees, security researcher Tavis Ormandy and software engineer David Benjamin, and is being tracked under CVE-2022-0778 — affects the BN_mod_sqrt() function in OpenSSL, which is used to compute the modular square root and parses certificates that use elliptic curve public key encryption.”

Title: BitRAT malware now spreading as a Windows 10 license activator

Date Published: March 21, 2022

https://www.bleepingcomputer.com/news/security/bitrat-malware-now-spreading-as-a-windows-10-license-activator/

Excerpt: “A new BitRAT malware distribution campaign is underway, exploiting users looking to activate pirated Windows OS versions for free using unofficial Microsoft license activators. BitRAT is a powerful remote access trojan sold on cybercrime forums and dark web markets for as low as $20 (lifetime access) to any cybercriminal who wants it.”

Title: Serpent Backdoor Targets French Entities with High-Evasive Attack Chain

Date Published: March 22, 2022

https://securityaffairs.co/wordpress/129326/malware/serpent-backdoor-targets-french-orgs.html

Excerpt: “Proofpoint researchers uncovered a targeted attack leveraging an open-source package installer Chocolatey to deliver a backdoor tracked as Serpent. The campaign targeted French entities in the construction, real estate, and government industries. Experts believe the attacks were conducted by a sophisticated threat actor.”

Title: Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts

Date Published: March 21, 2022

https://threatpost.com/facestealer-trojan-google-play-facebook/179015/

Excerpt: “A popular mobile app in the official Google Play store called “Craftsart Cartoon Photo Tools” has racked up more than 100,000 installs – but unfortunately for the app’s enthusiasts, it contains a version of the Facestealer Android malware.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...