June 10, 2022

Fortify Security Team
Jun 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store
Date Published: June 9, 2022


Excerpt: “A new ransomware is taking the unusual approach of selling its decryptor on the Roblox gaming platform using the service’s in-game Robux currency.Roblox is an online kids gaming platform where members can create their own games and monetize them by selling Game Passes, which provide in-game items, special access, or enhanced features.”

Title: Vice Society Ransomware Gang Adds the Italian City of Palermo to its Data Leak Site
Date Published: June 10, 2022


Excerpt: “The Vice Society ransomware group has claimed responsibility for the recent cyber attack that hit the city of Palermo in the South of Italy. In response to the security breach, the IT infrastructure of the city was shut down. The attack took place on June 02 and the outage caused severe problems to the citizens. Sispi (Palermo Innovazione System), which is the municipal company that is responsible for the technical management of the municipal IT and telematic system of the Municipality of Palermo, confirmed the ransomware attack a few days later, but at this time it doesn’t confirm the data breach.”

Title: Feds Forced Travel Firms to Share Surveillance Data on Hacker
Date Published: June 9, 2022


Excerpt: “The U.S. government ordered two travel companies to provide information about the movement of a Russian citizen suspected of hacking. The surveillance data was used as part of an investigation by the U.S. Secret Service, according to court documents recently unsealed. The revelation of the extent of surveillance that the feds ordered companies to do in a 2015 investigation of Russian hacker Aleksei Burkov once again raises questions of privacy, accountability and responsibility in terms of how much access the government should have to an individual’s private data.”

Title: Researchers Unearth Highly Evasive “Parasitic” Linux Malware
Date Published: June 10, 2022


Excerpt: “Security researchers at Intezer and BlackBerry have documented Symbiote, a wholly unique, multi-purpose piece of Linux malware that is nearly impossible to detect. “What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD (T1574.006), and parasitically infects the machine,” the researchers pointed out.”

Title: Researchers Detail How Cyber Criminals Targeting Cryptocurrency Users
Date Published: June 10, 2022


Excerpt: “Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds. “As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim to fraud attempting to exploit people for digital currencies,” Proofpoint said in a new report.”

Title: Since 2004, the Average American has had At Least 7 Data Breaches
Date Published: June  9, 2022


Excerpt: “U.S. citizens face the greatest number of cyber threats as compared with people in other nations worldwide, according to a recent study by IT security company Surfshark. After reviewing nearly two decades of data regarding cyber incidents, Surkshark found that the average American had been affected by at least seven data breaches since 2004. U.S. citizens have faced an estimated 2.3 billion account compromises, while Russia comes second with 2.2 billion accounts of cyberattacks, followed by China, Germany and France.”

Title: Design Weakness Discovered in Apple M1 Kernel Protections
Date Published: June  10, 2022


Excerpt: “Security researchers today released details about a new attack they designed against Apple’s M1 processor chip that can undermine a key security feature that protects the operating system (OS) kernel from memory corruption attacks. Dubbed PACMAN, the proof-of-concept attack targets ARM Pointer Authentication, a processor hardware feature that’s used as a last line of defense against software bugs that can be leveraged to corrupt the content of a memory location, hijack the execution flow of a running program, and ultimately gain complete control of the system.”

Title: Microsoft Defender now Isolates Hacked, Unmanaged Windows Devices
Date Published: June 9, 2022


Excerpt: “Microsoft has announced a new feature for Microsoft Defender for Endpoint (MDE) to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network. This new feature allows admins to “contain” unmanaged Windows devices on their network if they were compromised or are suspected to be compromised.”

Title: New Emotet Variant Uses a Module to Steal Data from Google Chrome
Date Published: June 9, 2022


Excerpt: “Proofpoint researchers reported a new wave of Emotet infections, in particular, a new variant is using a new info-stealing module used to siphon credit card information stored in the Chrome browser. Once the card data were gathered, the module exfiltrates it to C2 servers that are different from the loader module.”

Title: New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing
Date Published: June 9, 2022


Excerpt: “A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. Dubbed Peekaboo by researchers from Carnegie Mellon University, the system “leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before sending it to external cloud servers.””

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...