March 30, 2022

Fortify Security Team
Mar 30, 2022

Title: Phishing Campaign Targets Russian Govt Dissidents with Cobalt Strike

Date Published: March 30, 2022

Excerpt: “A new spear phishing campaign is taking place in Russia targeting dissenters with opposing views to those promoted by the state and national media about the war against Ukraine. The campaign targets government employees and public servants with emails warning of the software tools and online platforms that are forbidden in the country.”

Title: Threat Actors Actively Exploit Recently Fixed Sophos Firewall Bug

Date Published: March 30, 2022

Excerpt: “Sophos has recently fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. The CVE-2022-1040 flaw received a CVSS score of 9.8 and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier. The vulnerability was reported to the security firm by an unnamed security researcher via its bug bounty program.”

Title: FBI Asks Congress for More Money, People and Authorities to Match Cyber Threats

Date Published: March 29, 2022

Excerpt: “A top FBI cyber official asked Congress for a raft of new money and enhanced statutory powers to pursue criminal and nation-state hackers who target American businesses and data. During a House Judiciary Committee oversight hearing Tuesday, FBI Assistant Director for Cyber Bryan Vorndran laid out a number of needs for the bureau, including a bigger budget, more qualified cybersecurity personnel and more legal authorities that would give them access to private sector reporting and help impede the easy sale and use of servers, malware and botnets that help to underpin the broader cybercriminal ecosystem.”

Title: IceID trojan Delivered via Hijacked Email Threads, Compromised MS Exchange Servers

Date Published: March 29, 2022

Excerpt: “A threat actor is exploiting vulnerable on-prem Microsoft Exchange servers and using hijacked email threads to deliver the IceID (BokBot) trojan without triggering email security solutions. “The payload has also moved away from using office documents to the use of ISO files with a Windows LNK file and a DLL file. The use of ISO files allows the threat actor to bypass the Mark-of-the-Web controls, resulting in execution of the malware without warning to the user,” Intezer researchers Joakim Kennedy and Ryan Robinson have noted.”

Title: Crypto Hackers Exploit Ronin Network for $615 Million

Date Published: March 30, 2022

Excerpt “Ronin Network, a sidechain tied to blockchain game Axie Infinity, announced it had been breached by hackers that hijacked 173,600 ethereum and $25.5 million – totaling nearly $615 million in stolen funds. Attackers breached Ronin Network security by gaining access to private keys used to forge fake withdrawals. Ronin Network announced the breach on Tuesday, five days after a user reported an inability to withdraw 5,000 in Ethereum from its bridge, or the port that allows inter-blockchain asset transfers. The investigation is currently ongoing, however, developments in the case are rapidly unfolding.”

Title: Honda’s Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles

Date Published: March 30, 2022

Excerpt: “A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what’s called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured between 2016 and 2020. Credited with discovering the issue are Ayyappan Rajesh, a student at UMass Dartmouth, and Blake Berry (HackingIntoYourHeart).”

Title: Financial Institutions Face Cyberattacks from Nation-State Actors Amid Political Turmoil

Date Published: March 29, 2022

Excerpt: “As open war rages in Ukraine, the long-promised cyberattacks from Russia are also striking U.S. financial industry targets. A report released Monday examining how IT security executives view nation-state bad actors and how they attack organizations in other countries.”

Title: Log4j Attacks Continue Unabated Against VMware Horizon Servers

Date Published: March 29, 2022

Excerpt: “VMware Horizon servers — which many organizations are using to enable secure anywhere, anytime access to enterprise apps for remote workers — continue to be a popular target for attackers looking to exploit the critical Apache Log4j remote code execution vulnerability disclosed in December 2021. Researchers from Sophos this week said they had observed a wave of attacks against vulnerable Horizon servers starting January 19, 2022, through now. Many of the attacks have involved attempts by threat actors to deploy cryptocurrency miners such as JavaX miner, Jin, z0Miner, XMRig variants, and other similar tools. But in several other instances, Sophos observed attackers attempting to install backdoors for maintaining persistent access on compromised systems.”

Title: Hive Ransomware Uses new ‘IPfuscation’ Trick to Hide Payload

Date Published: March 30, 2022

Excerpt: “Threat analysts have discovered a new obfuscation technique used by the Hive ransomware gang, which involves IPv4 addresses and a series of conversions that eventually lead to downloading a Cobalt Strike beacon. Code obfuscation is what helps threat actors hide the malicious nature of their code from human reviewers or security software so that they can evade detection.”

Title: Lapsus$ Extortion Gang Claims to Have Hacked IT Giant Globant

Date Published: March 30, 2022

Excerpt: “The Lapsus$ extortion group claims to have hacked IT giant Globant and leaked roughly 70 Gb of stolen data. The gang claims that the company has implemented poor security practices that allowed them to hack their infrastructure.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 Excerpt: “The duration of ransomware attacks in 2021...