March 30, 2022

Fortify Security Team
Mar 30, 2022

Title: Phishing Campaign Targets Russian Govt Dissidents with Cobalt Strike

Date Published: March 30, 2022

Excerpt: “A new spear phishing campaign is taking place in Russia targeting dissenters with opposing views to those promoted by the state and national media about the war against Ukraine. The campaign targets government employees and public servants with emails warning of the software tools and online platforms that are forbidden in the country.”

Title: Threat Actors Actively Exploit Recently Fixed Sophos Firewall Bug

Date Published: March 30, 2022

Excerpt: “Sophos has recently fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. The CVE-2022-1040 flaw received a CVSS score of 9.8 and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier. The vulnerability was reported to the security firm by an unnamed security researcher via its bug bounty program.”

Title: FBI Asks Congress for More Money, People and Authorities to Match Cyber Threats

Date Published: March 29, 2022

Excerpt: “A top FBI cyber official asked Congress for a raft of new money and enhanced statutory powers to pursue criminal and nation-state hackers who target American businesses and data. During a House Judiciary Committee oversight hearing Tuesday, FBI Assistant Director for Cyber Bryan Vorndran laid out a number of needs for the bureau, including a bigger budget, more qualified cybersecurity personnel and more legal authorities that would give them access to private sector reporting and help impede the easy sale and use of servers, malware and botnets that help to underpin the broader cybercriminal ecosystem.”

Title: IceID trojan Delivered via Hijacked Email Threads, Compromised MS Exchange Servers

Date Published: March 29, 2022

Excerpt: “A threat actor is exploiting vulnerable on-prem Microsoft Exchange servers and using hijacked email threads to deliver the IceID (BokBot) trojan without triggering email security solutions. “The payload has also moved away from using office documents to the use of ISO files with a Windows LNK file and a DLL file. The use of ISO files allows the threat actor to bypass the Mark-of-the-Web controls, resulting in execution of the malware without warning to the user,” Intezer researchers Joakim Kennedy and Ryan Robinson have noted.”

Title: Crypto Hackers Exploit Ronin Network for $615 Million

Date Published: March 30, 2022

Excerpt “Ronin Network, a sidechain tied to blockchain game Axie Infinity, announced it had been breached by hackers that hijacked 173,600 ethereum and $25.5 million – totaling nearly $615 million in stolen funds. Attackers breached Ronin Network security by gaining access to private keys used to forge fake withdrawals. Ronin Network announced the breach on Tuesday, five days after a user reported an inability to withdraw 5,000 in Ethereum from its bridge, or the port that allows inter-blockchain asset transfers. The investigation is currently ongoing, however, developments in the case are rapidly unfolding.”

Title: Honda’s Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles

Date Published: March 30, 2022

Excerpt: “A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what’s called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured between 2016 and 2020. Credited with discovering the issue are Ayyappan Rajesh, a student at UMass Dartmouth, and Blake Berry (HackingIntoYourHeart).”

Title: Financial Institutions Face Cyberattacks from Nation-State Actors Amid Political Turmoil

Date Published: March 29, 2022

Excerpt: “As open war rages in Ukraine, the long-promised cyberattacks from Russia are also striking U.S. financial industry targets. A report released Monday examining how IT security executives view nation-state bad actors and how they attack organizations in other countries.”

Title: Log4j Attacks Continue Unabated Against VMware Horizon Servers

Date Published: March 29, 2022

Excerpt: “VMware Horizon servers — which many organizations are using to enable secure anywhere, anytime access to enterprise apps for remote workers — continue to be a popular target for attackers looking to exploit the critical Apache Log4j remote code execution vulnerability disclosed in December 2021. Researchers from Sophos this week said they had observed a wave of attacks against vulnerable Horizon servers starting January 19, 2022, through now. Many of the attacks have involved attempts by threat actors to deploy cryptocurrency miners such as JavaX miner, Jin, z0Miner, XMRig variants, and other similar tools. But in several other instances, Sophos observed attackers attempting to install backdoors for maintaining persistent access on compromised systems.”

Title: Hive Ransomware Uses new ‘IPfuscation’ Trick to Hide Payload

Date Published: March 30, 2022

Excerpt: “Threat analysts have discovered a new obfuscation technique used by the Hive ransomware gang, which involves IPv4 addresses and a series of conversions that eventually lead to downloading a Cobalt Strike beacon. Code obfuscation is what helps threat actors hide the malicious nature of their code from human reviewers or security software so that they can evade detection.”

Title: Lapsus$ Extortion Gang Claims to Have Hacked IT Giant Globant

Date Published: March 30, 2022

Excerpt: “The Lapsus$ extortion group claims to have hacked IT giant Globant and leaked roughly 70 Gb of stolen data. The gang claims that the company has implemented poor security practices that allowed them to hack their infrastructure.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 Excerpt: “Florida man Nicholas Truglia...