April 25, 2022

Fortify Security Team
Apr 25, 2022

Title: New Powerful Prynt Stealer Malware Sells for just $100 per Month
Date Published: April 25, 2022

https://www.bleepingcomputer.com/news/security/new-powerful-prynt-stealer-malware-sells-for-just-100-per-month/

Excerpt: “Threat analysts have spotted yet another addition to the growing space of info-stealer malware infections, named Prynt Stealer, which offers powerful capabilities and extra keylogger and clipper modules. Prynt Stealer targets a large selection of web browsers, messaging apps, and gaming apps and can also perform direct financial compromise.”

Title: BlackCat Ransomware Gang Breached Over 60 orgs Worldwide
Date Published: April 25, 2022

https://securityaffairs.co/wordpress/130582/reports/fbi-blackcat-ransomware.html

Excerpt: “The U.S. Federal Bureau of Investigation (FBI) published a flash report that states that at least 60 entities worldwide have been breached by BlackCat ransomware (aka ALPHV and Noberus) since it started its operations in November. “The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks involving BlackCat/ALPHV, a Ransomware-as-a-Service that has compromised at least 60 entities worldwide.” reads the flash advisory. “CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000167-MW and apply the recommended mitigations.” The list of the victims of the gang includes Moncler, the Swissport, and Inetum.”

Title: 41% of Businesses had an API Security Incident Last Year
Date Published: April 25, 2022

https://www.helpnetsecurity.com/2022/04/25/apis-security-challenges/

Excerpt: “In the wake of the digital transformation wave, web application program interfaces (APIs) have experienced exponential growth as the rise of integrated web and mobile-based offerings requires significantly more data sharing across products. As dependency on APIs increases, so do its related security challenges like broken authentication, authorization, and accidental disclosure or breach of data.”

Title: T-Mobile Breached Again; Lapsus$ Behind the Attack
Date Published: April 23, 2022

https://www.bankinfosecurity.com/t-mobile-breached-again-lapsus-behind-attack-a-18956

Excerpt: “The U.S. telecom carrier T-Mobile has confirmed that the Lapsus$ ransomware group has breached its internal network by compromising employee accounts, according to multiple media reports. But, it says, hackers did not steal any sensitive customer or government information during the incident.”

Title: Critical Bug in Everscale Wallet Could’ve Let Attackers Steal Cryptocurrencies
Date Published: April 25, 2022

https://thehackernews.com/2022/04/critical-bug-in-everscale-wallet.html

Excerpt: “A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim’s wallet. “By exploiting the vulnerability, it’s possible to decrypt the private keys and seed phrases that are stored in the browser’s local storage,” Israeli cybersecurity company Check Point said in a report shared with The Hacker News. “In other words, attackers could gain full control over the victim’s wallets.” Ever Surf is a cryptocurrency wallet for the Everscale (formerly FreeTON) blockchain that also doubles up as a cross-platform messenger and allows users to access decentralized apps as well as send and receive non-fungible tokens (NFTs). It’s said to have an estimated 669,700 accounts across the world.

Title: Visa Takes a More Aggressive Stand on Cybersecurity
Date Published: April 22, 2022

https://www.scmagazine.com/analysis/identity-and-access/visa-takes-a-more-aggressive-stand-on-cybersecurity

Excerpt: “Earlier this week, Visa set a more ambitious stance on cybersecurity, blogging about the company’s commitment to IT security in the face of heightened digital security concerns. The premier credit card brand pointed out that internet fraud surged by 69% in 2020 alone, according to the FBI Internet Crime Report. Yet despite this rise in cybercrime, Visa reported record-lows in cyber fraud, as the company has invested more than $9 billion over the past five years in security innovation and analytics.”

Title: Quantum Ransomware seen Deployed in Rapid Network Attacks
Date Published: April  25, 2022

https://www.bleepingcomputer.com/news/security/quantum-ransomware-seen-deployed-in-rapid-network-attacks/

Excerpt: “The Quantum ransomware, a strain first discovered in August 2021, were seen carrying out speedy attacks that escalate quickly, leaving defenders little time to react. The threat actors are using the IcedID malware as one of their initial access vectors, which deploys Cobalt Strike for remote access and leads to data theft and encryption using Quantum Locker. The technical details of a Quantum ransomware attack were analyzed by security researchers at The DFIR Report, who says the attack lasted only 3 hours and 44 minutes from initial infection to the completion of encrypting devices.”

Title: Atlassian addresses a critical Jira authentication bypass flaw
Date Published: April 24, 2022

https://securityaffairs.co/wordpress/130564/hacking/atlassian-jira-authentication-bypass-issue.html

Excerpt: “Atlassian has addressed a critical vulnerability in its Jira Seraph software, tracked as CVE-2022-0540 (CVSS score 9.9), that can be exploited by an unauthenticated attacker to bypass authentication. A threat actor could trigger the vulnerability by sending a specially crafted HTTP request to vulnerable software. The issue affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. The flaw also impacts Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.”

Title: New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices
Date Published: April 25, 2022

https://thehackernews.com/2022/04/new-botenago-malware-variant-targeting.html

Excerpt: “A new variant of an IoT botnet called BotenaGo has emerged in the wild, specifically singling out Lilin security camera DVR devices to infect them with Mirai malware. Dubbed “Lilin Scanner” by Nozomi Networks, the latest version is designed to exploit a two-year-old critical command injection vulnerability in the DVR firmware that was patched by the Taiwanese company in February 2020.”

Title: ‘Hack DHS’ Bug Hunters Find 122 Security Flaws in DHS Systems
Date Published: April 22, 2022

https://www.bleepingcomputer.com/news/security/hack-dhs-bug-hunters-find-122-security-flaws-in-dhs-systems/

Excerpt: “The Department of Homeland Security (DHS) today revealed that bug bounty hunters enrolled in its ‘Hack DHS’ bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity. DHS awarded a total of $125,600 to over 450 vetted security researchers and ethical hackers, with rewards of up to $5,000 per bug, depending on the flaw’s severity.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...