April 7, 2022

Fortify Security Team
Apr 7, 2022

Title: Palo Alto Networks Firewalls, VPNs Vulnerable to OpenSSL Bug
Date Published: April 7, 2022


Excerpt: “American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago. Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched software.”

Title: CVE-2022-22292 Flaw Could Allow Hacking of Samsung Android Devices
Date Published: April 7, 2022


Excerpt: “Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292, in Android 9, 10, 11, and 12 devices. The vulnerability resides in the pre-installed Phone app that executes with system privileges on Samsung devices. Experts pointed out that the Phone app has an insecure component which allows local apps to perform privileged operations without any user interaction.”

Title: The Cyclops Blink botnet has been Disrupted
Date Published: April 7, 2022


Excerpt: “The US Justice Department has announced that the FBI has disrupted the Cyclops Blink botnet, which they say was under the control of the Sandworm group – a threat actor that has been previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU).”

Title: SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps
Date Published: April 7, 2022


Excerpt: “As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. “SharkBot steals credentials and banking information,” Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with The Hacker News. “This malware implements a geofencing feature and evasion techniques, which makes it stand out from the rest of malwares.””

Title: As ‘open banking’ Blossoms, Application-Based Security Becomes a Concern
Date Published: April 6, 2022


Excerpt: “More financial institutions are often leaning toward providing an “open banking” experience where customers use applications to conduct transactions through their bank. While useful, the reliance on applications can open the doors to new streams of potential financial fraud. Apple’s entrance into open banking not only gives a greater weight and importance to this approach, it predicts the possibility of a more secure digital banking experience.”

Title: Nearly 40% of Macs Left Exposed to 2 Zero-Day Exploits
Date Published: April 6, 2022


Excerpt: “Between 35% and 40% of all supported Macs might be at heightened risk of compromise from two zero-day vulnerabilities that Apple has said are being exploited in the wild, but for which the company has not yet issued a patch. Apple disclosed the two vulnerabilities — CVE-2022-22675 and CVE-2022-22674 — last week and described them as impacting devices running its macOS, iOS, and iPadOS operating systems. The company released updated versions of the software that addressed the issue for users of Apple’s latest macOS Monterey and iOS 15 and iPadOS 15 operating systems.”

Title: New FFDroider malware steals Facebook, Instagram, Twitter accounts
Date Published: April  6, 2022


Excerpt: “A new information stealer named FFDroider has emerged, stealing credentials and cookies stored in browsers to hijack victims’ social media accounts. Social Media accounts, especially verified ones, are an attractive target for hackers as threat actors can use them for various malicious activities, including conducting cryptocurrency scams and distributing malware.”

Title: VMware Addressed Several Critical Vulnerabilities in Multiple Products
Date Published: April 7, 2022


Excerpt: “VMware has addressed critical remote code vulnerabilities in multiple products, including VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products.  The virtualization giant urges its customers to address the critical vulnerability immediately to prevent its exploitation.”

Title: SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
Date Published: April 7, 2022


Excerpt: “A server-side request forgery (SSRF) flaw in an API of a large financial technology (fintech) platform potentially could have compromised millions of bank customers, allowing attackers to defraud clients by controlling their bank accounts and funds, researchers have found.”

Title: Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems
Date Published: April 7, 2022


Excerpt: “Cybersecurity researchers have detailed a “simple but efficient” persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. “The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer,” Malwarebytes Labs said in an analysis. “The document contacts a remote server at (securetunnel[.]co) to load a remote template named ‘trkal0.dot’ that contacts a malicious macro,” the researchers added.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...