April 7, 2022

Fortify Security Team
Apr 7, 2022

Title: Palo Alto Networks Firewalls, VPNs Vulnerable to OpenSSL Bug
Date Published: April 7, 2022

https://www.bleepingcomputer.com/news/security/palo-alto-networks-firewalls-vpns-vulnerable-to-openssl-bug/

Excerpt: “American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago. Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched software.”

Title: CVE-2022-22292 Flaw Could Allow Hacking of Samsung Android Devices
Date Published: April 7, 2022

https://securityaffairs.co/wordpress/129942/hacking/cve-2022-22292-hack-samsung-android-devices.html

Excerpt: “Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292, in Android 9, 10, 11, and 12 devices. The vulnerability resides in the pre-installed Phone app that executes with system privileges on Samsung devices. Experts pointed out that the Phone app has an insecure component which allows local apps to perform privileged operations without any user interaction.”

Title: The Cyclops Blink botnet has been Disrupted
Date Published: April 7, 2022

https://www.helpnetsecurity.com/2022/04/07/cyclops-blink-botnet-disrupted/

Excerpt: “The US Justice Department has announced that the FBI has disrupted the Cyclops Blink botnet, which they say was under the control of the Sandworm group – a threat actor that has been previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU).”

Title: SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps
Date Published: April 7, 2022

https://thehackernews.com/2022/04/sharkbot-banking-trojan-resurfaces-on.html

Excerpt: “As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. “SharkBot steals credentials and banking information,” Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with The Hacker News. “This malware implements a geofencing feature and evasion techniques, which makes it stand out from the rest of malwares.””

Title: As ‘open banking’ Blossoms, Application-Based Security Becomes a Concern
Date Published: April 6, 2022

https://www.scmagazine.com/analysis/compliance/as-open-banking-blossoms-application-based-security-becomes-a-concern

Excerpt: “More financial institutions are often leaning toward providing an “open banking” experience where customers use applications to conduct transactions through their bank. While useful, the reliance on applications can open the doors to new streams of potential financial fraud. Apple’s entrance into open banking not only gives a greater weight and importance to this approach, it predicts the possibility of a more secure digital banking experience.”

Title: Nearly 40% of Macs Left Exposed to 2 Zero-Day Exploits
Date Published: April 6, 2022

https://www.darkreading.com/vulnerabilities-threats/up-to-4-in-10-supported-macs-could-be-exposed-to-2-recently-patched-0-day-flaws

Excerpt: “Between 35% and 40% of all supported Macs might be at heightened risk of compromise from two zero-day vulnerabilities that Apple has said are being exploited in the wild, but for which the company has not yet issued a patch. Apple disclosed the two vulnerabilities — CVE-2022-22675 and CVE-2022-22674 — last week and described them as impacting devices running its macOS, iOS, and iPadOS operating systems. The company released updated versions of the software that addressed the issue for users of Apple’s latest macOS Monterey and iOS 15 and iPadOS 15 operating systems.”

Title: New FFDroider malware steals Facebook, Instagram, Twitter accounts
Date Published: April  6, 2022

https://www.bleepingcomputer.com/news/security/new-ffdroider-malware-steals-facebook-instagram-twitter-accounts/

Excerpt: “A new information stealer named FFDroider has emerged, stealing credentials and cookies stored in browsers to hijack victims’ social media accounts. Social Media accounts, especially verified ones, are an attractive target for hackers as threat actors can use them for various malicious activities, including conducting cryptocurrency scams and distributing malware.”

Title: VMware Addressed Several Critical Vulnerabilities in Multiple Products
Date Published: April 7, 2022

https://securityaffairs.co/wordpress/129906/security/vmware-critical-flaws-2.html

Excerpt: “VMware has addressed critical remote code vulnerabilities in multiple products, including VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products.  The virtualization giant urges its customers to address the critical vulnerability immediately to prevent its exploitation.”

Title: SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
Date Published: April 7, 2022

https://threatpost.com/ssrf-flaw-fintech-bank-accounts/179247/

Excerpt: “A server-side request forgery (SSRF) flaw in an API of a large financial technology (fintech) platform potentially could have compromised millions of bank customers, allowing attackers to defraud clients by controlling their bank accounts and funds, researchers have found.”

Title: Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems
Date Published: April 7, 2022

https://thehackernews.com/2022/04/researchers-uncover-how-colibri-malware.html

Excerpt: “Cybersecurity researchers have detailed a “simple but efficient” persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. “The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer,” Malwarebytes Labs said in an analysis. “The document contacts a remote server at (securetunnel[.]co) to load a remote template named ‘trkal0.dot’ that contacts a malicious macro,” the researchers added.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...