May 31, 2022

Fortify Security Team
May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks
DatePublished: May 31, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/

Excerpt: “Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely. The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group.”

Title: Experts Warn of Ransomware Attacks Against Government Organizations of Small States
Date Published: May 31, 2022

https://securityaffairs.co/wordpress/131816/malware/ransomware-attacks-small-states-q2-2022.html

Excerpt: “Cyber Research Labs observed a rise in ransomware attacks in the second quarter of 2022, some of them with a severe impact on the victims, such as the attack that hit the Costa Rican government that caused a nationwide crisis. The experts warn of ransomware attacks against government organizations. They observed a total of 48 government organizations from 21 countries that were hit by 13 ransomware attacks in 2022.”

Title: ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats
Date Published: May 31, 2022

https://threatpost.com/chromeloader-hijacker-threats/179761/

Excerpt: “ChromeLoader may seem on the surface like a run-of-the-mill browser hijacker that merely redirects victims to advertisement websites. However, its use of PowerShell could pose a greater risk by leading to further and advanced malicious activity, such as the propagation of ransomware or spyware or theft of browser-session data. Researchers are warning of the potential for ChromeLoader—which has seen a resurgence in activity recently—to pose a more sophisticated threat than typical malvertisers do, according to two separate blog posts by Malwarebytes Labs and Red Canary.”

Title: $39.5 Billion Lost to Phone Scams in Last Year
Date Published: May 30, 2022

https://www.helpnetsecurity.com/2022/05/30/spam-phone-scams-impact/

Excerpt: “Truecaller announced a research conducted in partnership with The Harris Poll in March of 2022, and the findings detail trends/insights on the impact of spam and phone scams that have increasingly permeated the U.S. over the last 12 months. The study estimates that a staggering $39.5 billion was lost to phone scams this past year, which is the highest number recorded since Truecaller began researching scam and spam calls in the U.S. eight years ago.

Title: CISA Adds 75 Flaws to Known Vulnerability Catalog in 3 Days
Date Published: May 30, 2022

https://www.bankinfosecurity.com/cisa-adds-75-flaws-to-known-vulnerability-catalog-in-3-days-a-19170

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency added 75 flaws to its catalog of known exploited software vulnerabilities. The vulnerabilities were disclosed as part of three separate batches on three consecutive days – it released batches of 21, 20 and 34 vulnerabilities on Monday, Tuesday and Wednesday respectively. The known exploited vulnerability catalog requires federal civilian agencies to patch vulnerabilities known to be actively exploited in the wild.”

Title: Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise
Date Published: May 31, 2022

https://thehackernews.com/2022/05/latest-mobile-malware-report-suggests.html

Excerpt: “An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud (ODF). Other frequently targeted countries include Poland, Australia, the U.S., Germany, the U.K., Italy, France, and Portugal.

Title: Russia Nixes US Charges Against REvil Defendants as Cooperation Fizzles
Date Published: May  31, 2022

https://www.scmagazine.com/analysis/ransomware/russia-nixes-us-charges-against-revil-defendants-as-cooperation-fizzles

Excerpt: “Blaming the United States for a lack of cooperation, Russian will not charge the defendants in the REvil case with any attacks on Americans or American businesses, according to Russian media reports last week. Whatever progress the United States had made under the Biden administration in encouraging Moscow to address its harboring of cybercriminals appears to be at a standstill.”

Title: Vodafone Plans Carrier-Level User Tracking for Targeted ads
Date Published: May 30, 2022

https://www.bleepingcomputer.com/news/security/vodafone-plans-carrier-level-user-tracking-for-targeted-ads/

Excerpt: “Vodafone is piloting a new advertising ID system called TrustPid, which will work as a persistent user tracker at the mobile Internet Service Provider (ISP) level. The new system is in test phase in Germany and is intended to be impossible to bypass from within the web browser settings or through cookie blocking or IP address masking.”

Title: Three Nigerian Men Arrested in INTERPOL Operation Killer Bee
Date Published: May 30, 2022

https://securityaffairs.co/wordpress/131811/cyber-crime/three-nigerians-arrested-by-interpol.html

Excerpt: “Interpol arrested 3 Nigerian men in Lagos, as part of an international operation codenamed Killer Bee. The three men are suspected of using the Agent Tesla RAT to reroute financial transactions and steal confidential details from corporate organizations. The suspects, aged between 31 and 38, the police found them in possession of fake documents, including fraudulent invoices and forged official letters.”

Title: EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities
Date Published: May 30, 2022

https://thehackernews.com/2022/05/enemybot-linux-botnet-now-exploits-web.html

Excerpt: “A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems (CMS).”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...