March 31, 2022

Fortify Security Team
Mar 31, 2022

Title: LockBit Victim Estimates Cost of Ransomware Attack to be $42 Million

Date Published: March 31, 2022

https://www.bleepingcomputer.com/news/security/lockbit-victim-estimates-cost-of-ransomware-attack-to-be-42-million/

Excerpt: “Atento, a provider of customer relationship management (CRM) services, has published its 2021 financial performance results, which show a massive impact of $42.1 million due to a ransomware attack the firm suffered in October last year. More specifically, the disruption caused by the cyberattack affected the company’s Brazil-based operations, resulting in a revenue loss of $34.8 million and an additional $7.3 million in costs related to mitigating the impact of the incident.”

Title: Anonymous Hacked Russian Thozis Corp, but Denies Attacks on Rosaviatsia

Date Published: March 31, 2022

https://securityaffairs.co/wordpress/129651/hacktivism/anonymous-hacked-thozis-corp.html

Excerpt: “Anonymous continues to target Russian organizations and private foreign businesses the are still operating in the country. The popular collective claims to have hacked the Russian investment firm Thozis Corp, which is owned by the oligarch Zakhar Smushkin. The hacktivists have stolen thousands of internal email and shared it with the data leak platform DDoSecrets. At this time 5,500 emails from Thozis Corp., were available online, some of them containing sensitive information about deals and investments of the firm.

Title: Google Chrome Bug Actively Exploited as Zero-Day

Date Published: March 30, 2022

https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/

Excerpt: “Google has updated its Stable channel for the desktop version of Chrome, to address a zero-day security vulnerability that’s being actively exploited in the wild. The bug, tracked as CVE-2022-1096, is a type-confusion issue in the V8 JavaScript engine, which is an open-source engine used by Chrome and Chromium-based web browsers. Type confusion, as Microsoft has laid out in the past, occurs “when a piece of code doesn’t verify the type of object that is passed to it, and uses it blindly without type-checking, it leads to type confusion…Also with type confusion, wrong function pointers or data are fed into the wrong piece of code. In some circumstances this can lead to code execution.””

Title: Mars Stealer Malware Pushed via Google Ads and Phishing Emails

Date Published: March 30, 2022

https://www.helpnetsecurity.com/2022/03/30/mars-stealer/

Excerpt: “Cybercriminals trying to foist the Mars Stealer malware onto users seemingly have a penchant for one particular tactic: disguising it as legitimate, benign software to trick users into downloading it. In a recent campaign described by Morphisec malware researcher Arnold Osipov, the threat actor distributed the malware via cloned websites offering well-known software such as Apache Open Office.

Title: Viasat Traces Outage to Exploit of VPN Misconfiguration

Date Published: March 30, 2022

https://www.bankinfosecurity.com/viasat-traces-outage-to-exploit-vpn-misconfiguration-a-18815

Excerpt “Tens of thousands of modems were knocked offline in central Europe at nearly the same time Russian forces invaded Ukraine on Feb. 24. The outage affected infrastructure run by communications company Viasat, based in Carlsbad, California. Four days later, the company reported that it was investigating the outage, which it says affected “fixed broadband customers” (see: Russia May Have Caused Widespread Satellite Network Outage).”

Title: Bugs in Wyze Cams Could Let Attackers Takeover Devices and Access Video Feeds

Date Published: March 31, 2022

https://thehackernews.com/2022/03/bugs-in-wyze-cams-could-let-attackers.html

Excerpt: “Three security vulnerabilities have been disclosed in the popular Wyze Cam devices that grant malicious actors to execute arbitrary code and access camera feeds as well as unauthorizedly read the SD cards, the latter of which remained unresolved for nearly three years after the initial discovery. The security flaws relate to an authentication bypass (CVE-2019-9564), a remote code execution bug stemming from a stack-based buffer overflow (CVE-2019-12266), and a case of unauthenticated access to the contents of the SD card (no CVE).”

Title: Nation-State Hackers Ramp Up Ukraine War-Themed Attacks

Date Published: March 31, 2022

https://www.darkreading.com/attacks-breaches/nation-state-backed-actors-ramp-up-ukraine-war-themed-attacks

Excerpt: “The Belarus-based operator of an organized and ongoing disinformation campaign in Europe called “Ghostwriter” is using a new, hard-to-detect phishing technique to target organizations in Ukraine just days after a researcher highlighted the method in a blog post. The method, dubbed browser-in-the-browser, basically involves the threat actor drawing a browser window within a browser to impersonate the entire pop-up login window — including URL — of a legitimate domain. Users get fooled into entering login details when they land on these spoofed account login windows because the URL looks legitimate.”

Title: DPRK Hackers go after Crypto Assets Using Trojanized DeFi Wallet App

Date Published: March 31, 2022

https://www.bleepingcomputer.com/news/security/dprk-hackers-go-after-crypto-assets-using-trojanized-defi-wallet-app/

Excerpt: “Hackers associated with the North Korean government have been distributing a trojanized version of the DeFi Wallet for storing cryptocurrency assets to gain access to the systems of cryptocurrency users and investors. The threat actor relied in this attack on web servers located in South Korea to push the malware and to communicate with the installed implants.”

Title: Mysterious Disclosure of a Zero-Day RCE flaw Spring4Shell in Spring

Date Published: March 31, 2022

https://securityaffairs.co/wordpress/129644/hacking/spring-java-framework-rce-zero-day.html

Excerpt: “Researchers disclosed a zero-day vulnerability, dubbed Spring4Shell, in the Spring Core Java framework called ‘Spring4Shell.’ An unauthenticated, remote attacker could trigger the vulnerability to execute arbitrary code on the target system. The framework is currently maintained by Spring.io which is a subsidiary of VMware.”

Title: QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug

Date Published: March 31, 2022

https://threatpost.com/qnap-customers-adrift-fix-openssl-bug/179197/

Excerpt: “Customers of Taiwan-based QNAP Systems are in a bit of limbo, waiting until the company releases a patch for an OpenSSL bug that the company has warned affects most of its network-attached storage (NAS) devices. The vulnerability can trigger an infinite loop that creates a denial-of-service (DoS) scenario.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...