April 7, 2022

Fortify Security Team
Apr 7, 2022

Title: Palo Alto Networks Firewalls, VPNs Vulnerable to OpenSSL Bug
Date Published: April 7, 2022

https://www.bleepingcomputer.com/news/security/palo-alto-networks-firewalls-vpns-vulnerable-to-openssl-bug/

Excerpt: “American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago. Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched software.”

Title: CVE-2022-22292 Flaw Could Allow Hacking of Samsung Android Devices
Date Published: April 7, 2022

https://securityaffairs.co/wordpress/129942/hacking/cve-2022-22292-hack-samsung-android-devices.html

Excerpt: “Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292, in Android 9, 10, 11, and 12 devices. The vulnerability resides in the pre-installed Phone app that executes with system privileges on Samsung devices. Experts pointed out that the Phone app has an insecure component which allows local apps to perform privileged operations without any user interaction.”

Title: The Cyclops Blink botnet has been Disrupted
Date Published: April 7, 2022

https://www.helpnetsecurity.com/2022/04/07/cyclops-blink-botnet-disrupted/

Excerpt: “The US Justice Department has announced that the FBI has disrupted the Cyclops Blink botnet, which they say was under the control of the Sandworm group – a threat actor that has been previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU).”

Title: SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps
Date Published: April 7, 2022

https://thehackernews.com/2022/04/sharkbot-banking-trojan-resurfaces-on.html

Excerpt: “As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. “SharkBot steals credentials and banking information,” Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with The Hacker News. “This malware implements a geofencing feature and evasion techniques, which makes it stand out from the rest of malwares.””

Title: As ‘open banking’ Blossoms, Application-Based Security Becomes a Concern
Date Published: April 6, 2022

https://www.scmagazine.com/analysis/compliance/as-open-banking-blossoms-application-based-security-becomes-a-concern

Excerpt: “More financial institutions are often leaning toward providing an “open banking” experience where customers use applications to conduct transactions through their bank. While useful, the reliance on applications can open the doors to new streams of potential financial fraud. Apple’s entrance into open banking not only gives a greater weight and importance to this approach, it predicts the possibility of a more secure digital banking experience.”

Title: Nearly 40% of Macs Left Exposed to 2 Zero-Day Exploits
Date Published: April 6, 2022

https://www.darkreading.com/vulnerabilities-threats/up-to-4-in-10-supported-macs-could-be-exposed-to-2-recently-patched-0-day-flaws

Excerpt: “Between 35% and 40% of all supported Macs might be at heightened risk of compromise from two zero-day vulnerabilities that Apple has said are being exploited in the wild, but for which the company has not yet issued a patch. Apple disclosed the two vulnerabilities — CVE-2022-22675 and CVE-2022-22674 — last week and described them as impacting devices running its macOS, iOS, and iPadOS operating systems. The company released updated versions of the software that addressed the issue for users of Apple’s latest macOS Monterey and iOS 15 and iPadOS 15 operating systems.”

Title: New FFDroider malware steals Facebook, Instagram, Twitter accounts
Date Published: April  6, 2022

https://www.bleepingcomputer.com/news/security/new-ffdroider-malware-steals-facebook-instagram-twitter-accounts/

Excerpt: “A new information stealer named FFDroider has emerged, stealing credentials and cookies stored in browsers to hijack victims’ social media accounts. Social Media accounts, especially verified ones, are an attractive target for hackers as threat actors can use them for various malicious activities, including conducting cryptocurrency scams and distributing malware.”

Title: VMware Addressed Several Critical Vulnerabilities in Multiple Products
Date Published: April 7, 2022

https://securityaffairs.co/wordpress/129906/security/vmware-critical-flaws-2.html

Excerpt: “VMware has addressed critical remote code vulnerabilities in multiple products, including VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products.  The virtualization giant urges its customers to address the critical vulnerability immediately to prevent its exploitation.”

Title: SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
Date Published: April 7, 2022

https://threatpost.com/ssrf-flaw-fintech-bank-accounts/179247/

Excerpt: “A server-side request forgery (SSRF) flaw in an API of a large financial technology (fintech) platform potentially could have compromised millions of bank customers, allowing attackers to defraud clients by controlling their bank accounts and funds, researchers have found.”

Title: Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems
Date Published: April 7, 2022

https://thehackernews.com/2022/04/researchers-uncover-how-colibri-malware.html

Excerpt: “Cybersecurity researchers have detailed a “simple but efficient” persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. “The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer,” Malwarebytes Labs said in an analysis. “The document contacts a remote server at (securetunnel[.]co) to load a remote template named ‘trkal0.dot’ that contacts a malicious macro,” the researchers added.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...