June 13, 2022

Fortify Security Team
Jun 13, 2022

Title: PyPI package ‘Keep’ Mistakenly Included a Password Stealer

Date Published: June 12, 2022


Excerpt: “PyPI packages ‘keep,’ ‘pyanxdns,’ ‘api-res-py’ were found to be containing a backdoor due to the presence of malicious ‘request’ dependency within some versions.  For example, while most versions of ‘keep’ project use the legitimate Python module requests for making HTTP requests, ‘keep’ v.1.2 contains ‘request’ (without s) which is malware.”

Title: HelloXD Ransomware Operators Install MicroBackdoor on Target Systems

Date Published: June 13, 2022


Excerpt: “The HelloXD ransomware first appeared in the threat landscape on November 30, 2021, it borrows the code from Babuk ransomware, which is available in Russian-speaking hacking forums since September 2021. Unlike other ransomware operations, this ransomware gang doesn’t use a leak site, instead, it contacts victims through TOX chat and onion-based messenger instances.”

Title: Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers

Date Published: June 13, 2022


Excerpt: “Researchers warn Bluetooth signals can be used to track device owners via a unique fingerprinting of the radio signal. The technique was presented via a paper presented at IEEE Security and Privacy conference last month by researchers at the University of California San Diego.”

Title: Microsoft Helps Prevent Lateral Movement from Compromised Unmanaged Devices

Date Published: June 13, 2022


Excerpt: “A new feature in Microsoft Defender for Endpoint can make it more difficult for attackers to perform lateral movement within company networks, as it allows admins to prevent traffic flowing to and from unmanaged devices that have been compromised. Lateral movement is a fundamental tactic deployed by most cyberattackers today, which means that enterprise defenders should work to prevent it or at least minimize it.”

Title: Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users

Date Published: June 13, 202


Excerpt: “A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims’ funds. Said to be first discovered in March 2022, the cluster of activity “hint[s] to a strong relationship with a Chinese-speaking entity yet to be uncovered,” based on the macOS usernames, source code comments in the backdoor code, and its abuse of Alibaba’s Content Delivery Network (CDN).”

Title: New Vytal Chrome Extension Hides Location info that your VPN Can’t

Date Published: June  12, 2022


Excerpt: “A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN. Many people use VPNs to hide their location or connect from another country while browsing the web. People do this for various reasons, such as bypassing censorship, geographic blocks, or simply having additional privacy on the Internet.”

Title: Using WiFi Connection Probe Requests to Track Users

Date Published: June  13, 2022


Excerpt: “A group of academics at the University of Hamburg (Germany) demonstrated that it is possible to use WiFi connection probe requests to identify and track devices and thereby their users. Mobile devices transmit probe requests to receive information about nearby Wi-Fi networks and establish a Wi-Fi connection. An access point receiving a probe request replies with a probe response, thereby establishing a connection between both devices. However, probe requests can contain identifying information about the device owner depending on the age of the device and its OS. For example, a request can contain the preferred network list (PNL), which includes networks identified by their so-called Service Set Identifier (SSIDs). Experts explained that 23 % of the probe requests contain SSIDs of networks the devices were connected to in the past.”

Title: API Security Warrants its Own Specific Solution

Date Published: June 13, 2022


Excerpt: “Application programming interfaces (APIs) enable developers to quickly and easily roll-out services but they’re also equally attractive to attackers. This is because they can provide ready access to back-end systems and sensitive data sets. What makes these attacks so interesting is how they are executed: unlike a traditional “hack,” an API attack doesn’t hinge on there being something wrong with the API. Rather, attackers can legitimately use the way an API functions against it and can simply find out if it hasn’t been developed securely through standard interaction.”

Title: Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses

Date Published: June 13, 2022


Excerpt: “Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May 2022.”

Title: Russian Hackers Start Targeting Ukraine with Follina Exploits

Date Published: June 13, 2022


Excerpt: “Ukraine’s Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. The security issue can be triggered by either opening or selecting a specially crafted document and threat actors have been exploiting it in attacks since at least April 2022.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...