Title: Phishing Campaign Targets Russian Govt Dissidents with Cobalt Strike
Date Published: March 30, 2022
Excerpt: “A new spear phishing campaign is taking place in Russia targeting dissenters with opposing views to those promoted by the state and national media about the war against Ukraine. The campaign targets government employees and public servants with emails warning of the software tools and online platforms that are forbidden in the country.”
Title: Threat Actors Actively Exploit Recently Fixed Sophos Firewall Bug
Date Published: March 30, 2022
https://securityaffairs.co/wordpress/129604/security/sophos-firewall-cve-2022-1040-exploited.html
Excerpt: “Sophos has recently fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. The CVE-2022-1040 flaw received a CVSS score of 9.8 and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier. The vulnerability was reported to the security firm by an unnamed security researcher via its bug bounty program.”
Title: FBI Asks Congress for More Money, People and Authorities to Match Cyber Threats
Date Published: March 29, 2022
Excerpt: “A top FBI cyber official asked Congress for a raft of new money and enhanced statutory powers to pursue criminal and nation-state hackers who target American businesses and data. During a House Judiciary Committee oversight hearing Tuesday, FBI Assistant Director for Cyber Bryan Vorndran laid out a number of needs for the bureau, including a bigger budget, more qualified cybersecurity personnel and more legal authorities that would give them access to private sector reporting and help impede the easy sale and use of servers, malware and botnets that help to underpin the broader cybercriminal ecosystem.”
Title: IceID trojan Delivered via Hijacked Email Threads, Compromised MS Exchange Servers
Date Published: March 29, 2022
https://www.helpnetsecurity.com/2022/03/29/hijacked-email-threads/
Excerpt: “A threat actor is exploiting vulnerable on-prem Microsoft Exchange servers and using hijacked email threads to deliver the IceID (BokBot) trojan without triggering email security solutions. “The payload has also moved away from using office documents to the use of ISO files with a Windows LNK file and a DLL file. The use of ISO files allows the threat actor to bypass the Mark-of-the-Web controls, resulting in execution of the malware without warning to the user,” Intezer researchers Joakim Kennedy and Ryan Robinson have noted.”
Title: Crypto Hackers Exploit Ronin Network for $615 Million
Date Published: March 30, 2022
https://www.bankinfosecurity.com/crypto-hackers-exploit-ronin-network-for-615-million-a-18810
Excerpt “Ronin Network, a sidechain tied to blockchain game Axie Infinity, announced it had been breached by hackers that hijacked 173,600 ethereum and $25.5 million – totaling nearly $615 million in stolen funds. Attackers breached Ronin Network security by gaining access to private keys used to forge fake withdrawals. Ronin Network announced the breach on Tuesday, five days after a user reported an inability to withdraw 5,000 in Ethereum from its bridge, or the port that allows inter-blockchain asset transfers. The investigation is currently ongoing, however, developments in the case are rapidly unfolding.”
Title: Honda’s Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles
Date Published: March 30, 2022
https://thehackernews.com/2022/03/hondas-keyless-access-bug-could-let.html
Excerpt: “A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what’s called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured between 2016 and 2020. Credited with discovering the issue are Ayyappan Rajesh, a student at UMass Dartmouth, and Blake Berry (HackingIntoYourHeart).”
Title: Financial Institutions Face Cyberattacks from Nation-State Actors Amid Political Turmoil
Date Published: March 29, 2022
Excerpt: “As open war rages in Ukraine, the long-promised cyberattacks from Russia are also striking U.S. financial industry targets. A report released Monday examining how IT security executives view nation-state bad actors and how they attack organizations in other countries.”
Title: Log4j Attacks Continue Unabated Against VMware Horizon Servers
Date Published: March 29, 2022
Excerpt: “VMware Horizon servers — which many organizations are using to enable secure anywhere, anytime access to enterprise apps for remote workers — continue to be a popular target for attackers looking to exploit the critical Apache Log4j remote code execution vulnerability disclosed in December 2021. Researchers from Sophos this week said they had observed a wave of attacks against vulnerable Horizon servers starting January 19, 2022, through now. Many of the attacks have involved attempts by threat actors to deploy cryptocurrency miners such as JavaX miner, Jin, z0Miner, XMRig variants, and other similar tools. But in several other instances, Sophos observed attackers attempting to install backdoors for maintaining persistent access on compromised systems.”
Title: Hive Ransomware Uses new ‘IPfuscation’ Trick to Hide Payload
Date Published: March 30, 2022
Excerpt: “Threat analysts have discovered a new obfuscation technique used by the Hive ransomware gang, which involves IPv4 addresses and a series of conversions that eventually lead to downloading a Cobalt Strike beacon. Code obfuscation is what helps threat actors hide the malicious nature of their code from human reviewers or security software so that they can evade detection.”
Title: Lapsus$ Extortion Gang Claims to Have Hacked IT Giant Globant
Date Published: March 30, 2022
https://securityaffairs.co/wordpress/129615/cyber-crime/lapsus-gang-hacked-globant.html
Excerpt: “The Lapsus$ extortion group claims to have hacked IT giant Globant and leaked roughly 70 Gb of stolen data. The gang claims that the company has implemented poor security practices that allowed them to hack their infrastructure.”