June 13, 2022

Fortify Security Team
Jun 13, 2022

Title: PyPI package ‘Keep’ Mistakenly Included a Password Stealer

Date Published: June 12, 2022

https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/

Excerpt: “PyPI packages ‘keep,’ ‘pyanxdns,’ ‘api-res-py’ were found to be containing a backdoor due to the presence of malicious ‘request’ dependency within some versions.  For example, while most versions of ‘keep’ project use the legitimate Python module requests for making HTTP requests, ‘keep’ v.1.2 contains ‘request’ (without s) which is malware.”

Title: HelloXD Ransomware Operators Install MicroBackdoor on Target Systems

Date Published: June 13, 2022

https://securityaffairs.co/wordpress/132207/malware/helloxd-ransomware-installs-microbackdoor.html

Excerpt: “The HelloXD ransomware first appeared in the threat landscape on November 30, 2021, it borrows the code from Babuk ransomware, which is available in Russian-speaking hacking forums since September 2021. Unlike other ransomware operations, this ransomware gang doesn’t use a leak site, instead, it contacts victims through TOX chat and onion-based messenger instances.”

Title: Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers

Date Published: June 13, 2022

https://threatpost.com/bluetooth-signals-track-smartphones/179937/

Excerpt: “Researchers warn Bluetooth signals can be used to track device owners via a unique fingerprinting of the radio signal. The technique was presented via a paper presented at IEEE Security and Privacy conference last month by researchers at the University of California San Diego.”

Title: Microsoft Helps Prevent Lateral Movement from Compromised Unmanaged Devices

Date Published: June 13, 2022

https://www.helpnetsecurity.com/2022/06/13/microsoft-prevent-lateral-movement/

Excerpt: “A new feature in Microsoft Defender for Endpoint can make it more difficult for attackers to perform lateral movement within company networks, as it allows admins to prevent traffic flowing to and from unmanaged devices that have been compromised. Lateral movement is a fundamental tactic deployed by most cyberattackers today, which means that enterprise defenders should work to prevent it or at least minimize it.”

Title: Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users

Date Published: June 13, 202

https://thehackernews.com/2022/06/chinese-hackers-distribute-backdoored.html

Excerpt: “A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims’ funds. Said to be first discovered in March 2022, the cluster of activity “hint[s] to a strong relationship with a Chinese-speaking entity yet to be uncovered,” based on the macOS usernames, source code comments in the backdoor code, and its abuse of Alibaba’s Content Delivery Network (CDN).”

Title: New Vytal Chrome Extension Hides Location info that your VPN Can’t

Date Published: June  12, 2022

https://www.bleepingcomputer.com/news/security/new-vytal-chrome-extension-hides-location-info-that-your-vpn-cant/

Excerpt: “A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN. Many people use VPNs to hide their location or connect from another country while browsing the web. People do this for various reasons, such as bypassing censorship, geographic blocks, or simply having additional privacy on the Internet.”

Title: Using WiFi Connection Probe Requests to Track Users

Date Published: June  13, 2022

https://securityaffairs.co/wordpress/132193/mobile-2/wifi-probe-requests-track-users.html

Excerpt: “A group of academics at the University of Hamburg (Germany) demonstrated that it is possible to use WiFi connection probe requests to identify and track devices and thereby their users. Mobile devices transmit probe requests to receive information about nearby Wi-Fi networks and establish a Wi-Fi connection. An access point receiving a probe request replies with a probe response, thereby establishing a connection between both devices. However, probe requests can contain identifying information about the device owner depending on the age of the device and its OS. For example, a request can contain the preferred network list (PNL), which includes networks identified by their so-called Service Set Identifier (SSIDs). Experts explained that 23 % of the probe requests contain SSIDs of networks the devices were connected to in the past.”

Title: API Security Warrants its Own Specific Solution

Date Published: June 13, 2022

https://www.helpnetsecurity.com/2022/06/13/risks-api-security/

Excerpt: “Application programming interfaces (APIs) enable developers to quickly and easily roll-out services but they’re also equally attractive to attackers. This is because they can provide ready access to back-end systems and sensitive data sets. What makes these attacks so interesting is how they are executed: unlike a traditional “hack,” an API attack doesn’t hinge on there being something wrong with the API. Rather, attackers can legitimately use the way an API functions against it and can simply find out if it hasn’t been developed securely through standard interaction.”

Title: Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses

Date Published: June 13, 2022

https://thehackernews.com/2022/06/researchers-disclose-rooting-backdoor.html

Excerpt: “Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May 2022.”

Title: Russian Hackers Start Targeting Ukraine with Follina Exploits

Date Published: June 13, 2022

https://www.bleepingcomputer.com/news/security/russian-hackers-start-targeting-ukraine-with-follina-exploits/

Excerpt: “Ukraine’s Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. The security issue can be triggered by either opening or selecting a specially crafted document and threat actors have been exploiting it in attacks since at least April 2022.”

Recent Posts

June 30, 2022

Title: Google Blocked Dozens of Domains Used by Hack-For-Hire Groups Date Published: June 30, 2022 https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/ Excerpt: “Google's Threat Analysis Group (TAG) has blocked...

June 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online Date Published: June 28, 2022 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found...

June 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users Date Published: June 24, 2022 https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/ Excerpt: “The U.S. Federal Trade Commission (FTC) has...

June 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/ Excerpt: “Out-of-control scalper bots have created...

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...