June 10, 2022

Fortify Security Team
Jun 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store
Date Published: June 9, 2022


Excerpt: “A new ransomware is taking the unusual approach of selling its decryptor on the Roblox gaming platform using the service’s in-game Robux currency.Roblox is an online kids gaming platform where members can create their own games and monetize them by selling Game Passes, which provide in-game items, special access, or enhanced features.”

Title: Vice Society Ransomware Gang Adds the Italian City of Palermo to its Data Leak Site
Date Published: June 10, 2022


Excerpt: “The Vice Society ransomware group has claimed responsibility for the recent cyber attack that hit the city of Palermo in the South of Italy. In response to the security breach, the IT infrastructure of the city was shut down. The attack took place on June 02 and the outage caused severe problems to the citizens. Sispi (Palermo Innovazione System), which is the municipal company that is responsible for the technical management of the municipal IT and telematic system of the Municipality of Palermo, confirmed the ransomware attack a few days later, but at this time it doesn’t confirm the data breach.”

Title: Feds Forced Travel Firms to Share Surveillance Data on Hacker
Date Published: June 9, 2022


Excerpt: “The U.S. government ordered two travel companies to provide information about the movement of a Russian citizen suspected of hacking. The surveillance data was used as part of an investigation by the U.S. Secret Service, according to court documents recently unsealed. The revelation of the extent of surveillance that the feds ordered companies to do in a 2015 investigation of Russian hacker Aleksei Burkov once again raises questions of privacy, accountability and responsibility in terms of how much access the government should have to an individual’s private data.”

Title: Researchers Unearth Highly Evasive “Parasitic” Linux Malware
Date Published: June 10, 2022


Excerpt: “Security researchers at Intezer and BlackBerry have documented Symbiote, a wholly unique, multi-purpose piece of Linux malware that is nearly impossible to detect. “What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD (T1574.006), and parasitically infects the machine,” the researchers pointed out.”

Title: Researchers Detail How Cyber Criminals Targeting Cryptocurrency Users
Date Published: June 10, 2022


Excerpt: “Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds. “As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim to fraud attempting to exploit people for digital currencies,” Proofpoint said in a new report.”

Title: Since 2004, the Average American has had At Least 7 Data Breaches
Date Published: June  9, 2022


Excerpt: “U.S. citizens face the greatest number of cyber threats as compared with people in other nations worldwide, according to a recent study by IT security company Surfshark. After reviewing nearly two decades of data regarding cyber incidents, Surkshark found that the average American had been affected by at least seven data breaches since 2004. U.S. citizens have faced an estimated 2.3 billion account compromises, while Russia comes second with 2.2 billion accounts of cyberattacks, followed by China, Germany and France.”

Title: Design Weakness Discovered in Apple M1 Kernel Protections
Date Published: June  10, 2022


Excerpt: “Security researchers today released details about a new attack they designed against Apple’s M1 processor chip that can undermine a key security feature that protects the operating system (OS) kernel from memory corruption attacks. Dubbed PACMAN, the proof-of-concept attack targets ARM Pointer Authentication, a processor hardware feature that’s used as a last line of defense against software bugs that can be leveraged to corrupt the content of a memory location, hijack the execution flow of a running program, and ultimately gain complete control of the system.”

Title: Microsoft Defender now Isolates Hacked, Unmanaged Windows Devices
Date Published: June 9, 2022


Excerpt: “Microsoft has announced a new feature for Microsoft Defender for Endpoint (MDE) to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network. This new feature allows admins to “contain” unmanaged Windows devices on their network if they were compromised or are suspected to be compromised.”

Title: New Emotet Variant Uses a Module to Steal Data from Google Chrome
Date Published: June 9, 2022


Excerpt: “Proofpoint researchers reported a new wave of Emotet infections, in particular, a new variant is using a new info-stealing module used to siphon credit card information stored in the Chrome browser. Once the card data were gathered, the module exfiltrates it to C2 servers that are different from the loader module.”

Title: New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing
Date Published: June 9, 2022


Excerpt: “A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. Dubbed Peekaboo by researchers from Carnegie Mellon University, the system “leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before sending it to external cloud servers.””

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...