June 14, 2022

Fortify Security Team
Jun 14, 2022

Title: Kaiser Permanente Data Breach Exposes Health Data of 69K People
Date Published: June 13, 2022

https://www.bleepingcomputer.com/news/security/kaiser-permanente-data-breach-exposes-health-data-of-69k-people/

Excerpt: “Kaiser Permanente, one of America’s leading not-for-profit health plans and health care providers, has recently disclosed a data breach that exposed the health information of more than 69,000 individuals. Founded in 1945, Kaiser Permanente provides health care services to over 12.5 million members from 8 U.S. states and Washington, D.C.”

Title: SeaFlower Campaign Distributes Backdoored Versions of Web3 Wallets to Steal Seed Phrases
Date Published: June 14, 2022

https://securityaffairs.co/wordpress/132250/cyber-crime/seaflower-malware-campaign.html

Excerpt: “Researchers from Confiant have uncovered a sophisticated malware campaign, tracked as SeaFlower, targeting Web3 wallet users. Chinese crooks are spreading backdoored versions of iOS and Android Web3 wallets to steal users’ seed phrase. SeaFlower maintains the functionality of the original wallet, but it adds code to exfiltrate the seed phrase.”

Title: Linux Malware Deemed ‘Nearly Impossible’ to Detect
Date Published: June 14, 2022

https://threatpost.com/linux-malware-impossible-detect/179944/

Excerpt: “A new Linux malware that’s “nearly impossible to detect” can harvest credentials and gives attackers remote access and rootkit functionality by acting in a parasitic way to infect targets, researchers said. Researchers from The BlackBerry Research and Intelligence Team have been tracking the malware, the earliest detection of which is from November 2021, security researcher Joakim Kennedy wrote in a blog post on the BlackBerry Threat Vector Blog published last week.”

Title: Strong Passwords Still a Priority Strategy for Enterprises
Date Published: June 14, 2022

https://www.helpnetsecurity.com/2022/06/14/enterprise-password-management-practices/

Excerpt: “Bitwarden announced the results of a global survey of enterprise security decision makers, conducted by 451 Research, which explores enterprise password management practices and intent. Overall, the survey finds that strong passwords remain a priority strategy and are important in shoring up the confidence of enterprise security decision makers. But, while security sentiments fall in line with best practices, implementation often falls short.”

Title: Russia Warns of Military Action If US Attacks Infrastructure
Date Published: June 13, 2022

https://www.bankinfosecurity.com/russia-warns-military-action-if-us-attacks-infrastructure-a-19324

Excerpt: “Russia’s top cyber diplomat warned of retaliation for cyberattacks launched in the wake of Moscow’s invasion of Ukraine, vowing his country “will not leave aggressive actions unanswered.” Comments from Andrei Krutskikh, posted to Russia’s Foreign Ministry website, came days after the Russian government urged the United States to desist from additional cyberspace incursions. U.S. Cyber Command Army Gen. Paul Nakasone, earlier this month revealed that the U.S. has conducted a “full spectrum” set of cyber operations to support Ukraine.”

Title: “Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison
Date Published: June  13, 2022

https://krebsonsecurity.com/2022/06/downthem-ddos-for-hire-boss-gets-2-years-in-prison/

Excerpt: “A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites. Matthew Gatrel of St. Charles, Ill. was found guilty for violations of the Computer Fraud and Abuse Act (CFAA) related to his operation of downthem[.]org and ampnode[.]com, two DDoS-for-hire services that had thousands of customers who paid to launch more than 200,000 attacks.”

Title: Technical Details Released for ‘SynLapse’ RCE Vulnerability Reported in Microsoft Azure
Date Published: June  14, 2022

https://thehackernews.com/2022/06/technical-details-released-for-synlapse.html

Excerpt: “Microsoft has incorporated additional improvements to address the recently disclosed SynLapse security vulnerability in order to meet comprehensive tenant isolation requirements in Azure Data Factory and Azure Synapse Pipelines. The latest safeguards include moving the shared integration runtimes to sandboxed ephemeral instances and using scoped tokens to prevent adversaries from using a client certificate to access other tenants’ information.”

Title: Chinese-Linked APT Adds Governments, Financial Companies to Target List
Date Published: June 13, 2022

https://www.scmagazine.com/analysis/threat-intelligence/chinese-linked-apt-adds-governments-financial-companies-to-target-list

Excerpt: “A suspected Chinese-linked hacking outfit known to target telecommunications infrastructure is expanding its portfolio to target entities in the financial and government sectors using a new piece of malware, according to researchers from Palo Alto Networks Unit 42.”

Title: CISA Recommends Organizations Update to the Latest Version of Google Chrome
Date Published: June 13, 2022

https://www.darkreading.com/vulnerabilities-threats/cisa-encourages-organizations-to-updated-to-latest-chrome-version

Excerpt: “The US Cybersecurity and Infrastructure Agency (CISA) Friday urged users and administrators to update to a new version of Chrome that Google released last week to fix a total of seven vulnerabilities in its browser. In an advisory, Google described four of the flaws — three of which were reported to the company by external researchers — as presenting a high risk for organizations. The company said it had decided to restrict access to bug details until most users have updated to the new version of Chrome (102.0.5005.115).”

Title: Gallium Hackers Backdoor Finance, Govt Orgs Using new PingPull Malware
Date Published: June 13, 2022

https://www.bleepingcomputer.com/news/security/gallium-hackers-backdoor-finance-govt-orgs-using-new-pingpull-malware/

Excerpt: “The Gallium state-sponsored hacking group has been spotted using a new ‘PingPull’ remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa. These entities are based in Australia, Russia, Philippines, Belgium, Vietnam, Malaysia, Cambodia, and Afghanistan. Gallium is believed to originate from China, and its targeting scope of the telecommunications, finance, and government sectors in espionage operations aligns with the country’s interests.”

Recent Posts

July 27, 2022

Title: Phishing Attacks Skyrocket With Microsoft and Facebook as Most Abused Brands Date Published: July 26, 2022 https://threatpost.com/popular-bait-in-phishing-attacks/180281/ Excerpt: “The bloom is back on phishing attacks with criminals doubling down on fake...

July 26, 2022

Title: Nist Updates Healthcare Security Guidance Date Published: July 25, 2022 https://www.infosecurity-magazine.com/news/nist-healthcare-guidance/ Excerpt: “The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for...

July 25, 2022

Title: Lockbit Ransomware Gang Claims to Have Breached the Italian Revenue Agency Date Published: July 25, 2022 https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html Excerpt: “The ransomware gang Lockbit claims to have...

July 22, 2022

Title: Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’ Date Published: July 21, 2022 https://threatpost.com/hackers-cyber-mercenaries/180263/ Excerpt: “A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and...

July 21, 2022

Title: Windows 11 Now Blocks Rdp Brute-Force Attacks by Default Date Published: July 21, 2022 https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/ Excerpt: “Recent Windows 11 builds come with the Account Lockout...

July 20, 2022

Title: New Luna Ransomware Encrypts Windows, Linux, and Esxi Systems Date Published: July 20, 2022 https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/ Excerpt: “A new ransomware family dubbed Luna can be used to...

July 18, 2022

Title: A Massive Cyberattack Hit Albania Date Published: July 18, 2022 https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html Excerpt: “Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A...