May 5, 2022

Fortify Security Team
May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System

Date Published: May 5, 2022

https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/

Excerpt: “The Tor Project has published details about a newly introduced system called Congestion Control that promises to eliminate speed limits on the network. This new system is up and running in the Tor protocol version 0.4.7.7, the latest stable release available since last week. Congestion Control “will result in significant performance improvements in Tor, as well as increased utilization of our network capacity,” say the maintainers of the project.”

Title: F5 Warns its Customers of Tens of Flaws in its Products

Date Published: May 5, 2022

https://securityaffairs.co/wordpress/130934/security/f5-flaws.html

Excerpt: “Security and application delivery solutions provider F5 released its security notification to inform customers that it has released security updates from tens of vulnerabilities in its products.
The company addressed a total of 43 vulnerabilities, the most severe one is a critical issue tracked as CVE-2022-1388 (CVSS score of 9.8). An unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses can exploit the CVE-2022-1388 flaw to execute arbitrary system commands, create or delete files, or disable services.”

Title: VHD Ransomware Linked to North Korea’s Lazarus Group

Date Published: May 5, 2022

https://threatpost.com/vhd-ransomware-lazarus-group/179507/

Excerpt: “Cryptocurrency thief Lazarus Group appears to be widening its scope into using ransomware as a way to rip off financial institutions and other targets in the Asia-Pacific (APAC) region, researchers have found. Financial transactions and similarities to previous malware in its source code link a recently emerged ransomware strain called VHD to the North Korean threat actors, also known as Unit 180 or APT35.”

Title: Stealthy APT Group Plunders Very Specific Corporate Email Accounts

Date Published: May 4, 2022

https://www.helpnetsecurity.com/2022/05/04/apt-corporate-email/

Excerpt: “An eminently sophisticated and stealthy APT group is going after specific corporate email accounts and has, on occasion, managed to remain undetected in victim environments for at least 18 months. Catalogued as UNC3524 by Mandiant, the threat actor is also extremely adept at re-gaining access to a victim environment when booted out, “re-compromising the environment with a variety of mechanisms, immediately restarting their data theft campaign.””

Title: Ransomware Payments: Just 46% of Victims Now Pay a Ransom

Date Published: May 5, 2022

https://www.bankinfosecurity.com/blogs/ransomware-payments-just-46-victims-now-pay-ransom-p-3225

Excerpt: “Is the tide finally turning on ransomware? One piece of good news is that the number of organizations hit by ransomware who choose to pay a ransom to their attackers has been declining, reports ransomware incident response firm Coveware. Based on thousands of cases on which it has worked, Coveware says the number of ransomware-hit victims who paid a ransom declining from 85% in Q1 of 2019, to 46% in Q1 of this year.”

Title: Researchers Disclose Years-Old Vulnerabilities in Avast and AVG Antivirus

Date Published: May 5, 2022

https://thehackernews.com/2022/05/researchers-disclose-10-year-old.html

Excerpt: “Two high-severity security vulnerabilities, which went undetected for several years, have been discovered in a legitimate driver that’s part of Avast and AVG antivirus solutions. “These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded,” SentinelOne researcher Kasif Dekel said in a report shared with The Hacker News.

Title: Security and Exchange Commission Doubles Enforcement Team for Crypto Markets

Date Published: May  5, 2022

https://www.scmagazine.com/analysis/cybercrime/security-and-exchange-commission-doubles-enforcement-team-for-crypto-markets

Excerpt: “Investment company malfeasance has played a key role in cinematic and real-world incidents in recent years. Hence, the U.S. Securities and Exchange Commission is eager to reduce negative appearances. The SEC announced May 3 that it will be adding 20 new positions to its enforcement team for crypto markets in an effort to find fraud in the financial industry. The regulator also said that it is henceforth naming this team of 50 employees the “Crypto Assets and Cyber Unit.””

Title: China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage Attack

Date Published: May 4, 2022

https://www.darkreading.com/attacks-breaches/china-winnti-apt-trade-secrets-us

Excerpt: “China’s Winnti cyberthreat group has been quietly stealing immense stores of intellectual property and other sensitive data from manufacturing and technology companies in North America and Asia for years. That’s according to researchers from Cybereason, who estimate that the group has so far stolen hundreds of gigabytes of data from more than 30 global organizations since the cyber-espionage campaign began. Trade secrets are a big part of that, they said, including blueprints, formulas, diagrams, proprietary manufacturing documents, and other business-sensitive information.“

Title: Heroku Admits that Customer Credentials were Stolen in Cyberattack

Date Published: May 5, 2022

https://www.bleepingcomputer.com/news/security/heroku-admits-that-customer-credentials-were-stolen-in-cyberattack/

Excerpt: “Heroku has now revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database. The Salesforce-owned cloud platform acknowledged the same compromised token was used by attackers to exfiltrate customers’ hashed and salted passwords from “a database.” Heroku’s update comes after BleepingComputer reached out to Salesforce yesterday.”

Title: Experts Linked Multiple Ransomware Strains North Korea-backed APT38 Group

Date Published: May 4, 2022

https://securityaffairs.co/wordpress/130892/apt/ransomware-strains-linked-to-nk-apt38.html

Excerpt: “The ransomware was employed in attacks on financial institutions, experts estimated that APT38 (Unit 180 of North Korea’s cyber-army Bureau 121) has stolen at hundreds of million dollars from banks worldwide. APT38 appears to be a North Korea-linked group separate from the infamous Lazarus group, it has been active since at least 2014 and it has been observed targeting over 16 organizations across 11 countries.”

Recent Posts

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...

November 16, 2022

Title: North Korean Hackers Target European Orgs With Updated Malware Date Published: November 15, 2022 https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-european-orgs-with-updated-malware/ Excerpt: “North Korean hackers are using a new...

November 16, 2022

Title: North Korean Hackers Target European Orgs With Updated Malware Date Published: November 15, 2022 https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-european-orgs-with-updated-malware/ Excerpt: “North Korean hackers are using a new...

November 15, 2022

Title: China-Based Campaign Uses 42,000 Phishing Domains Date Published: November 15, 2022 https://www.infosecurity-magazine.com/news/chinabased-campaign-42000-phishing/ Excerpt: “Security researchers have uncovered a sophisticated phishing campaign using tens of...

November 14, 2022

Title: Kmsdbot, a New Evasive Bot for Cryptomining Activity and Ddos Attacks Date Published: November 14, 2022 https://securityaffairs.co/wordpress/138514/malware/kmsdbot-golang-malware.html Excerpt: “Researchers spotted a new evasive malware, tracked as KmsdBot, that...