April 7, 2022

Fortify Security Team
Apr 7, 2022

Title: Palo Alto Networks Firewalls, VPNs Vulnerable to OpenSSL Bug
Date Published: April 7, 2022

https://www.bleepingcomputer.com/news/security/palo-alto-networks-firewalls-vpns-vulnerable-to-openssl-bug/

Excerpt: “American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago. Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched software.”

Title: CVE-2022-22292 Flaw Could Allow Hacking of Samsung Android Devices
Date Published: April 7, 2022

https://securityaffairs.co/wordpress/129942/hacking/cve-2022-22292-hack-samsung-android-devices.html

Excerpt: “Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292, in Android 9, 10, 11, and 12 devices. The vulnerability resides in the pre-installed Phone app that executes with system privileges on Samsung devices. Experts pointed out that the Phone app has an insecure component which allows local apps to perform privileged operations without any user interaction.”

Title: The Cyclops Blink botnet has been Disrupted
Date Published: April 7, 2022

https://www.helpnetsecurity.com/2022/04/07/cyclops-blink-botnet-disrupted/

Excerpt: “The US Justice Department has announced that the FBI has disrupted the Cyclops Blink botnet, which they say was under the control of the Sandworm group – a threat actor that has been previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU).”

Title: SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps
Date Published: April 7, 2022

https://thehackernews.com/2022/04/sharkbot-banking-trojan-resurfaces-on.html

Excerpt: “As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. “SharkBot steals credentials and banking information,” Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with The Hacker News. “This malware implements a geofencing feature and evasion techniques, which makes it stand out from the rest of malwares.””

Title: As ‘open banking’ Blossoms, Application-Based Security Becomes a Concern
Date Published: April 6, 2022

https://www.scmagazine.com/analysis/compliance/as-open-banking-blossoms-application-based-security-becomes-a-concern

Excerpt: “More financial institutions are often leaning toward providing an “open banking” experience where customers use applications to conduct transactions through their bank. While useful, the reliance on applications can open the doors to new streams of potential financial fraud. Apple’s entrance into open banking not only gives a greater weight and importance to this approach, it predicts the possibility of a more secure digital banking experience.”

Title: Nearly 40% of Macs Left Exposed to 2 Zero-Day Exploits
Date Published: April 6, 2022

https://www.darkreading.com/vulnerabilities-threats/up-to-4-in-10-supported-macs-could-be-exposed-to-2-recently-patched-0-day-flaws

Excerpt: “Between 35% and 40% of all supported Macs might be at heightened risk of compromise from two zero-day vulnerabilities that Apple has said are being exploited in the wild, but for which the company has not yet issued a patch. Apple disclosed the two vulnerabilities — CVE-2022-22675 and CVE-2022-22674 — last week and described them as impacting devices running its macOS, iOS, and iPadOS operating systems. The company released updated versions of the software that addressed the issue for users of Apple’s latest macOS Monterey and iOS 15 and iPadOS 15 operating systems.”

Title: New FFDroider malware steals Facebook, Instagram, Twitter accounts
Date Published: April  6, 2022

https://www.bleepingcomputer.com/news/security/new-ffdroider-malware-steals-facebook-instagram-twitter-accounts/

Excerpt: “A new information stealer named FFDroider has emerged, stealing credentials and cookies stored in browsers to hijack victims’ social media accounts. Social Media accounts, especially verified ones, are an attractive target for hackers as threat actors can use them for various malicious activities, including conducting cryptocurrency scams and distributing malware.”

Title: VMware Addressed Several Critical Vulnerabilities in Multiple Products
Date Published: April 7, 2022

https://securityaffairs.co/wordpress/129906/security/vmware-critical-flaws-2.html

Excerpt: “VMware has addressed critical remote code vulnerabilities in multiple products, including VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products.  The virtualization giant urges its customers to address the critical vulnerability immediately to prevent its exploitation.”

Title: SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
Date Published: April 7, 2022

https://threatpost.com/ssrf-flaw-fintech-bank-accounts/179247/

Excerpt: “A server-side request forgery (SSRF) flaw in an API of a large financial technology (fintech) platform potentially could have compromised millions of bank customers, allowing attackers to defraud clients by controlling their bank accounts and funds, researchers have found.”

Title: Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems
Date Published: April 7, 2022

https://thehackernews.com/2022/04/researchers-uncover-how-colibri-malware.html

Excerpt: “Cybersecurity researchers have detailed a “simple but efficient” persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. “The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer,” Malwarebytes Labs said in an analysis. “The document contacts a remote server at (securetunnel[.]co) to load a remote template named ‘trkal0.dot’ that contacts a malicious macro,” the researchers added.”

Recent Posts

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...

November 30, 2022

Title: China-Linked UNC4191 APT Relies on USB Devices in Attacks Against Entities in the Philippines Date Published: November 30, 2022 https://securityaffairs.co/wordpress/139097/apt/unc4191-used-usb-devices.html Excerpt: “An alleged China-linked cyberespionage group,...

November 30, 2022

Title: China-Linked UNC4191 APT Relies on USB Devices in Attacks Against Entities in the Philippines Date Published: November 30, 2022 https://securityaffairs.co/wordpress/139097/apt/unc4191-used-usb-devices.html Excerpt: “An alleged China-linked cyberespionage group,...

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...