June 13, 2022

Fortify Security Team
Jun 13, 2022

Title: PyPI package ‘Keep’ Mistakenly Included a Password Stealer

Date Published: June 12, 2022

https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/

Excerpt: “PyPI packages ‘keep,’ ‘pyanxdns,’ ‘api-res-py’ were found to be containing a backdoor due to the presence of malicious ‘request’ dependency within some versions.  For example, while most versions of ‘keep’ project use the legitimate Python module requests for making HTTP requests, ‘keep’ v.1.2 contains ‘request’ (without s) which is malware.”

Title: HelloXD Ransomware Operators Install MicroBackdoor on Target Systems

Date Published: June 13, 2022

https://securityaffairs.co/wordpress/132207/malware/helloxd-ransomware-installs-microbackdoor.html

Excerpt: “The HelloXD ransomware first appeared in the threat landscape on November 30, 2021, it borrows the code from Babuk ransomware, which is available in Russian-speaking hacking forums since September 2021. Unlike other ransomware operations, this ransomware gang doesn’t use a leak site, instead, it contacts victims through TOX chat and onion-based messenger instances.”

Title: Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers

Date Published: June 13, 2022

https://threatpost.com/bluetooth-signals-track-smartphones/179937/

Excerpt: “Researchers warn Bluetooth signals can be used to track device owners via a unique fingerprinting of the radio signal. The technique was presented via a paper presented at IEEE Security and Privacy conference last month by researchers at the University of California San Diego.”

Title: Microsoft Helps Prevent Lateral Movement from Compromised Unmanaged Devices

Date Published: June 13, 2022

https://www.helpnetsecurity.com/2022/06/13/microsoft-prevent-lateral-movement/

Excerpt: “A new feature in Microsoft Defender for Endpoint can make it more difficult for attackers to perform lateral movement within company networks, as it allows admins to prevent traffic flowing to and from unmanaged devices that have been compromised. Lateral movement is a fundamental tactic deployed by most cyberattackers today, which means that enterprise defenders should work to prevent it or at least minimize it.”

Title: Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users

Date Published: June 13, 202

https://thehackernews.com/2022/06/chinese-hackers-distribute-backdoored.html

Excerpt: “A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims’ funds. Said to be first discovered in March 2022, the cluster of activity “hint[s] to a strong relationship with a Chinese-speaking entity yet to be uncovered,” based on the macOS usernames, source code comments in the backdoor code, and its abuse of Alibaba’s Content Delivery Network (CDN).”

Title: New Vytal Chrome Extension Hides Location info that your VPN Can’t

Date Published: June  12, 2022

https://www.bleepingcomputer.com/news/security/new-vytal-chrome-extension-hides-location-info-that-your-vpn-cant/

Excerpt: “A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN. Many people use VPNs to hide their location or connect from another country while browsing the web. People do this for various reasons, such as bypassing censorship, geographic blocks, or simply having additional privacy on the Internet.”

Title: Using WiFi Connection Probe Requests to Track Users

Date Published: June  13, 2022

https://securityaffairs.co/wordpress/132193/mobile-2/wifi-probe-requests-track-users.html

Excerpt: “A group of academics at the University of Hamburg (Germany) demonstrated that it is possible to use WiFi connection probe requests to identify and track devices and thereby their users. Mobile devices transmit probe requests to receive information about nearby Wi-Fi networks and establish a Wi-Fi connection. An access point receiving a probe request replies with a probe response, thereby establishing a connection between both devices. However, probe requests can contain identifying information about the device owner depending on the age of the device and its OS. For example, a request can contain the preferred network list (PNL), which includes networks identified by their so-called Service Set Identifier (SSIDs). Experts explained that 23 % of the probe requests contain SSIDs of networks the devices were connected to in the past.”

Title: API Security Warrants its Own Specific Solution

Date Published: June 13, 2022

https://www.helpnetsecurity.com/2022/06/13/risks-api-security/

Excerpt: “Application programming interfaces (APIs) enable developers to quickly and easily roll-out services but they’re also equally attractive to attackers. This is because they can provide ready access to back-end systems and sensitive data sets. What makes these attacks so interesting is how they are executed: unlike a traditional “hack,” an API attack doesn’t hinge on there being something wrong with the API. Rather, attackers can legitimately use the way an API functions against it and can simply find out if it hasn’t been developed securely through standard interaction.”

Title: Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses

Date Published: June 13, 2022

https://thehackernews.com/2022/06/researchers-disclose-rooting-backdoor.html

Excerpt: “Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May 2022.”

Title: Russian Hackers Start Targeting Ukraine with Follina Exploits

Date Published: June 13, 2022

https://www.bleepingcomputer.com/news/security/russian-hackers-start-targeting-ukraine-with-follina-exploits/

Excerpt: “Ukraine’s Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. The security issue can be triggered by either opening or selecting a specially crafted document and threat actors have been exploiting it in attacks since at least April 2022.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...