June 14, 2022

Fortify Security Team
Jun 14, 2022

Title: Kaiser Permanente Data Breach Exposes Health Data of 69K People
Date Published: June 13, 2022

https://www.bleepingcomputer.com/news/security/kaiser-permanente-data-breach-exposes-health-data-of-69k-people/

Excerpt: “Kaiser Permanente, one of America’s leading not-for-profit health plans and health care providers, has recently disclosed a data breach that exposed the health information of more than 69,000 individuals. Founded in 1945, Kaiser Permanente provides health care services to over 12.5 million members from 8 U.S. states and Washington, D.C.”

Title: SeaFlower Campaign Distributes Backdoored Versions of Web3 Wallets to Steal Seed Phrases
Date Published: June 14, 2022

https://securityaffairs.co/wordpress/132250/cyber-crime/seaflower-malware-campaign.html

Excerpt: “Researchers from Confiant have uncovered a sophisticated malware campaign, tracked as SeaFlower, targeting Web3 wallet users. Chinese crooks are spreading backdoored versions of iOS and Android Web3 wallets to steal users’ seed phrase. SeaFlower maintains the functionality of the original wallet, but it adds code to exfiltrate the seed phrase.”

Title: Linux Malware Deemed ‘Nearly Impossible’ to Detect
Date Published: June 14, 2022

https://threatpost.com/linux-malware-impossible-detect/179944/

Excerpt: “A new Linux malware that’s “nearly impossible to detect” can harvest credentials and gives attackers remote access and rootkit functionality by acting in a parasitic way to infect targets, researchers said. Researchers from The BlackBerry Research and Intelligence Team have been tracking the malware, the earliest detection of which is from November 2021, security researcher Joakim Kennedy wrote in a blog post on the BlackBerry Threat Vector Blog published last week.”

Title: Strong Passwords Still a Priority Strategy for Enterprises
Date Published: June 14, 2022

https://www.helpnetsecurity.com/2022/06/14/enterprise-password-management-practices/

Excerpt: “Bitwarden announced the results of a global survey of enterprise security decision makers, conducted by 451 Research, which explores enterprise password management practices and intent. Overall, the survey finds that strong passwords remain a priority strategy and are important in shoring up the confidence of enterprise security decision makers. But, while security sentiments fall in line with best practices, implementation often falls short.”

Title: Russia Warns of Military Action If US Attacks Infrastructure
Date Published: June 13, 2022

https://www.bankinfosecurity.com/russia-warns-military-action-if-us-attacks-infrastructure-a-19324

Excerpt: “Russia’s top cyber diplomat warned of retaliation for cyberattacks launched in the wake of Moscow’s invasion of Ukraine, vowing his country “will not leave aggressive actions unanswered.” Comments from Andrei Krutskikh, posted to Russia’s Foreign Ministry website, came days after the Russian government urged the United States to desist from additional cyberspace incursions. U.S. Cyber Command Army Gen. Paul Nakasone, earlier this month revealed that the U.S. has conducted a “full spectrum” set of cyber operations to support Ukraine.”

Title: “Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison
Date Published: June  13, 2022

https://krebsonsecurity.com/2022/06/downthem-ddos-for-hire-boss-gets-2-years-in-prison/

Excerpt: “A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites. Matthew Gatrel of St. Charles, Ill. was found guilty for violations of the Computer Fraud and Abuse Act (CFAA) related to his operation of downthem[.]org and ampnode[.]com, two DDoS-for-hire services that had thousands of customers who paid to launch more than 200,000 attacks.”

Title: Technical Details Released for ‘SynLapse’ RCE Vulnerability Reported in Microsoft Azure
Date Published: June  14, 2022

https://thehackernews.com/2022/06/technical-details-released-for-synlapse.html

Excerpt: “Microsoft has incorporated additional improvements to address the recently disclosed SynLapse security vulnerability in order to meet comprehensive tenant isolation requirements in Azure Data Factory and Azure Synapse Pipelines. The latest safeguards include moving the shared integration runtimes to sandboxed ephemeral instances and using scoped tokens to prevent adversaries from using a client certificate to access other tenants’ information.”

Title: Chinese-Linked APT Adds Governments, Financial Companies to Target List
Date Published: June 13, 2022

https://www.scmagazine.com/analysis/threat-intelligence/chinese-linked-apt-adds-governments-financial-companies-to-target-list

Excerpt: “A suspected Chinese-linked hacking outfit known to target telecommunications infrastructure is expanding its portfolio to target entities in the financial and government sectors using a new piece of malware, according to researchers from Palo Alto Networks Unit 42.”

Title: CISA Recommends Organizations Update to the Latest Version of Google Chrome
Date Published: June 13, 2022

https://www.darkreading.com/vulnerabilities-threats/cisa-encourages-organizations-to-updated-to-latest-chrome-version

Excerpt: “The US Cybersecurity and Infrastructure Agency (CISA) Friday urged users and administrators to update to a new version of Chrome that Google released last week to fix a total of seven vulnerabilities in its browser. In an advisory, Google described four of the flaws — three of which were reported to the company by external researchers — as presenting a high risk for organizations. The company said it had decided to restrict access to bug details until most users have updated to the new version of Chrome (102.0.5005.115).”

Title: Gallium Hackers Backdoor Finance, Govt Orgs Using new PingPull Malware
Date Published: June 13, 2022

https://www.bleepingcomputer.com/news/security/gallium-hackers-backdoor-finance-govt-orgs-using-new-pingpull-malware/

Excerpt: “The Gallium state-sponsored hacking group has been spotted using a new ‘PingPull’ remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa. These entities are based in Australia, Russia, Philippines, Belgium, Vietnam, Malaysia, Cambodia, and Afghanistan. Gallium is believed to originate from China, and its targeting scope of the telecommunications, finance, and government sectors in espionage operations aligns with the country’s interests.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...