March 22, 2022

Fortify Security Team
Mar 22, 2022

Title: Hundreds of HP Printers Vulnerable to Remote Code Execution Flaws

Date Published: March 22, 2022

Excerpt: “HP has published security advisories for three critical-severity vulnerabilities affecting hundreds of its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models. The first security bulletin warns about a buffer overflow flaw that could lead to remote code execution on the affected machine. Tracked as CVE-2022-3942, the security issue was reported by Trend Micro’s Zero Day Initiative team.”

Title: Lapsus$ Extortion Gang Leaked the Source Code for Some Microsoft Projects

Date Published: March 22, 2022

Excerpt: “Microsoft recently announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. On Sunday, the Lapsus$ gang announced to have compromised Microsoft’s Azure DevOps server and shared a screenshot of alleged internal source code repositories.”
Title: Browser-in-the-Browser Attack Makes Phishing Nearly Invisible

Date Published: March 21, 2022

Excerpt: “We’ve had it beaten into our brains: Before you go wily-nily clicking on a page, check the URL. First things first, the tried-and-usually-but-not-always-true advice goes, check that the site’s URL shows “https,” indicating that the site is secured with TLS/SSL encryption. If only it were that easy to avoid phishing sites. In reality, URL reliability hasn’t been absolute for a long time, given things like homograph attacks that swap in similar-looking characters in order to create new, identical-looking but malicious URLs, as well as DNS hijacking, in which Domain Name System (DNS) queries are subverted.”

Title: HEAT attacks: A New Class of Cyber Threats Organizations are Not Prepared For

Date Published: March 22, 2022

Excerpt: “Web malware (47%) and ransomware (42%) now top the list of security threats that organizations are most concerned about. Yet despite the growing risks, just 27% have advanced threat protection in place on every endpoint device that can access corporate applications and resources.”

Title: HubSpot Allegedly Hacked to Target Cryptocurrency Firms

Date Published: March 22, 2022

Excerpt: “Content management software giant HubSpot released a statement Sunday saying that it had been the victim of a data breach on Friday, citing a compromised employee account as the entry point. Several cryptocurrency firms – BlockFi, Swan Bitcoin, Paxos and NYDIG, among others – have confirmed some customer data was leaked via HubSpot. The customer relationship management firm is a third-party vendor for the cryptocurrency companies, and the leak appears to be an attempt by a malicious actor to access users’ details.”

Title: U.S. Government Warns Companies of Potential Russian Cyberattacks

Date Published: March 22, 2022

Excerpt: “The U.S. government on Monday once again cautioned of potential cyber attacks from Russia in retaliation for economic sanctions imposed by the west on the country following its military assault on Ukraine last month.”

Title: OpenSSL Vulnerability can ‘Definitely be Weaponized,’ NSA Cyber Director says

Date Published: March 22, 2022

Excerpt: “A cryptographic vulnerability in the Tonelli Shanks modular algorithm, which is used in popular cryptographic library OpenSSL, can lead to denial-of-service attacks and can “definitely be weaponized” in the current threat environment, according to an NSA official. The bug — discovered by two Google employees, security researcher Tavis Ormandy and software engineer David Benjamin, and is being tracked under CVE-2022-0778 — affects the BN_mod_sqrt() function in OpenSSL, which is used to compute the modular square root and parses certificates that use elliptic curve public key encryption.”

Title: BitRAT malware now spreading as a Windows 10 license activator

Date Published: March 21, 2022

Excerpt: “A new BitRAT malware distribution campaign is underway, exploiting users looking to activate pirated Windows OS versions for free using unofficial Microsoft license activators. BitRAT is a powerful remote access trojan sold on cybercrime forums and dark web markets for as low as $20 (lifetime access) to any cybercriminal who wants it.”

Title: Serpent Backdoor Targets French Entities with High-Evasive Attack Chain

Date Published: March 22, 2022

Excerpt: “Proofpoint researchers uncovered a targeted attack leveraging an open-source package installer Chocolatey to deliver a backdoor tracked as Serpent. The campaign targeted French entities in the construction, real estate, and government industries. Experts believe the attacks were conducted by a sophisticated threat actor.”

Title: Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts

Date Published: March 21, 2022

Excerpt: “A popular mobile app in the official Google Play store called “Craftsart Cartoon Photo Tools” has racked up more than 100,000 installs – but unfortunately for the app’s enthusiasts, it contains a version of the Facestealer Android malware.”

Recent Posts

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 Excerpt: “The Keralty multinational healthcare...

November 30, 2022

Title: China-Linked UNC4191 APT Relies on USB Devices in Attacks Against Entities in the Philippines Date Published: November 30, 2022 Excerpt: “An alleged China-linked cyberespionage group,...

November 30, 2022

Title: China-Linked UNC4191 APT Relies on USB Devices in Attacks Against Entities in the Philippines Date Published: November 30, 2022 Excerpt: “An alleged China-linked cyberespionage group,...

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 Excerpt: “Several Ukrainian...