March 30, 2022

Fortify Security Team
Mar 30, 2022

Title: Phishing Campaign Targets Russian Govt Dissidents with Cobalt Strike

Date Published: March 30, 2022

https://www.bleepingcomputer.com/news/security/phishing-campaign-targets-russian-govt-dissidents-with-cobalt-strike/

Excerpt: “A new spear phishing campaign is taking place in Russia targeting dissenters with opposing views to those promoted by the state and national media about the war against Ukraine. The campaign targets government employees and public servants with emails warning of the software tools and online platforms that are forbidden in the country.”

Title: Threat Actors Actively Exploit Recently Fixed Sophos Firewall Bug

Date Published: March 30, 2022

https://securityaffairs.co/wordpress/129604/security/sophos-firewall-cve-2022-1040-exploited.html

Excerpt: “Sophos has recently fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. The CVE-2022-1040 flaw received a CVSS score of 9.8 and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier. The vulnerability was reported to the security firm by an unnamed security researcher via its bug bounty program.”

Title: FBI Asks Congress for More Money, People and Authorities to Match Cyber Threats

Date Published: March 29, 2022

https://www.scmagazine.com/analysis/cybercrime/fbi-asks-congress-for-more-money-people-and-authorities-to-match-cyber-threats

Excerpt: “A top FBI cyber official asked Congress for a raft of new money and enhanced statutory powers to pursue criminal and nation-state hackers who target American businesses and data. During a House Judiciary Committee oversight hearing Tuesday, FBI Assistant Director for Cyber Bryan Vorndran laid out a number of needs for the bureau, including a bigger budget, more qualified cybersecurity personnel and more legal authorities that would give them access to private sector reporting and help impede the easy sale and use of servers, malware and botnets that help to underpin the broader cybercriminal ecosystem.”

Title: IceID trojan Delivered via Hijacked Email Threads, Compromised MS Exchange Servers

Date Published: March 29, 2022

https://www.helpnetsecurity.com/2022/03/29/hijacked-email-threads/

Excerpt: “A threat actor is exploiting vulnerable on-prem Microsoft Exchange servers and using hijacked email threads to deliver the IceID (BokBot) trojan without triggering email security solutions. “The payload has also moved away from using office documents to the use of ISO files with a Windows LNK file and a DLL file. The use of ISO files allows the threat actor to bypass the Mark-of-the-Web controls, resulting in execution of the malware without warning to the user,” Intezer researchers Joakim Kennedy and Ryan Robinson have noted.”

Title: Crypto Hackers Exploit Ronin Network for $615 Million

Date Published: March 30, 2022

https://www.bankinfosecurity.com/crypto-hackers-exploit-ronin-network-for-615-million-a-18810

Excerpt “Ronin Network, a sidechain tied to blockchain game Axie Infinity, announced it had been breached by hackers that hijacked 173,600 ethereum and $25.5 million – totaling nearly $615 million in stolen funds. Attackers breached Ronin Network security by gaining access to private keys used to forge fake withdrawals. Ronin Network announced the breach on Tuesday, five days after a user reported an inability to withdraw 5,000 in Ethereum from its bridge, or the port that allows inter-blockchain asset transfers. The investigation is currently ongoing, however, developments in the case are rapidly unfolding.”

Title: Honda’s Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles

Date Published: March 30, 2022

https://thehackernews.com/2022/03/hondas-keyless-access-bug-could-let.html

Excerpt: “A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what’s called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured between 2016 and 2020. Credited with discovering the issue are Ayyappan Rajesh, a student at UMass Dartmouth, and Blake Berry (HackingIntoYourHeart).”

Title: Financial Institutions Face Cyberattacks from Nation-State Actors Amid Political Turmoil

Date Published: March 29, 2022

https://www.scmagazine.com/analysis/critical-infrastructure/financial-institutions-face-cyberattacks-from-nation-states-actors-amid-political-turmoil

Excerpt: “As open war rages in Ukraine, the long-promised cyberattacks from Russia are also striking U.S. financial industry targets. A report released Monday examining how IT security executives view nation-state bad actors and how they attack organizations in other countries.”

Title: Log4j Attacks Continue Unabated Against VMware Horizon Servers

Date Published: March 29, 2022

https://www.darkreading.com/vulnerabilities-threats/log4j-attacks-continue-unabated-against-vmware-horizon-servers

Excerpt: “VMware Horizon servers — which many organizations are using to enable secure anywhere, anytime access to enterprise apps for remote workers — continue to be a popular target for attackers looking to exploit the critical Apache Log4j remote code execution vulnerability disclosed in December 2021. Researchers from Sophos this week said they had observed a wave of attacks against vulnerable Horizon servers starting January 19, 2022, through now. Many of the attacks have involved attempts by threat actors to deploy cryptocurrency miners such as JavaX miner, Jin, z0Miner, XMRig variants, and other similar tools. But in several other instances, Sophos observed attackers attempting to install backdoors for maintaining persistent access on compromised systems.”

Title: Hive Ransomware Uses new ‘IPfuscation’ Trick to Hide Payload

Date Published: March 30, 2022

https://www.bleepingcomputer.com/news/security/hive-ransomware-uses-new-ipfuscation-trick-to-hide-payload/

Excerpt: “Threat analysts have discovered a new obfuscation technique used by the Hive ransomware gang, which involves IPv4 addresses and a series of conversions that eventually lead to downloading a Cobalt Strike beacon. Code obfuscation is what helps threat actors hide the malicious nature of their code from human reviewers or security software so that they can evade detection.”

Title: Lapsus$ Extortion Gang Claims to Have Hacked IT Giant Globant

Date Published: March 30, 2022

https://securityaffairs.co/wordpress/129615/cyber-crime/lapsus-gang-hacked-globant.html

Excerpt: “The Lapsus$ extortion group claims to have hacked IT giant Globant and leaked roughly 70 Gb of stolen data. The gang claims that the company has implemented poor security practices that allowed them to hack their infrastructure.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...