June 15, 2022

Fortify Security Team
Jun 15, 2022

Title: New Go Botnet Panchan Spreading Rapidly in Education Networks
Date Published: June 15, 2022


Excerpt: “A new peer-to-peer botnet named Panchan appeared in the wild around March 2022,  targeting Linux servers in the education sector to mine cryptocurrency. Panchan is empowered with SSH worm functions like dictionary attacks and SSH key abuse to perform rapid lateral movement to available machines in the compromised network.”

Title: A Flaw in Zimbra Email Suite Allows Stealing Login Credentials of the Users
Date Published: June 14, 2022


Excerpt: “Researchers from Sonarsource have discovered a high-severity vulnerability impacting the Zimbra email suite, tracked as CVE-2022-27924 (CVSS score: 7.5), that can be exploited by an unauthenticated attacker to steal login credentials of users without user interaction.”

Title: Ransomware Gang Publishes Stolen Victim Data on the Public Internet
Date Published: June 15, 2022


Excerpt: “The Alphv (aka BlackCat) ransomware group is trying out a new tactic to push companies to pay for their post-breach silence: a clearnet (public Internet) website with sensitive data about the employees and customers stolen from a victim organization. Like some other ransomware gangs before them, they will also probably use the compromised information to directly contact the affected individuals and notify them about their personal, financial and medical information being available online to anyone who knows how to search for it.”

Title: New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs
Date Published: June 15, 2022


Excerpt: “A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. Dubbed Hertzbleed by a group of researchers from the University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, the issue is rooted in dynamic voltage and frequency scaling (DVFS), power and thermal management feature employed to conserve power and reduce the amount of heat generated by a chip.”

Title: New Backdoor Cloning Campaign Sneaks into Mobile Wallets, Steals Cryptocurrency
Date Published: June 14, 2022


Excerpt: “A new malware campaign has just been uncovered that sends fraudulent versions of legitimate sites to mobile wallets, in order to ultimately steal users’ cryptocurrency. Digital advertising security company Confiant reported in a June 12 blog that it found a widespread campaign where “backdoor versions” of Apple iOS and Android Web3 wallets have been breached by cloned ads for real web sites. When the fraudulent links are downloaded by a user, the malware not only compromises the use of the real financial applications, but exfiltrates “seed phrases” that are then used to abscond with cryptocurrency held by the victims, the blog said.”

Title: Google: SBOMs Effective Only if They Map to Known Vulns
Date Published: June  14, 2022


Excerpt: “Software bills of materials (SBOMs) — a detailed list of components, modules, and libraries used to build products — are being endorsed by the National Institute of Standards and Technology (NIST) and US regulators as a way to drive down supply chain cybersecurity risks for consumers.  But Google’s Open Source Security Team points out in a blog post today that SBOM use alone isn’t an effective tool for assessing exposure. Rather, the documentation should be compared with a database of known vulnerabilities to identify any known software flaws.”

Title: Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs
Date Published: June  15, 2022


Excerpt: “For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers’ accounts on GitHub, Amazon Web Services, and Docker Hub. Researchers at Aqua Security discovered that “tens of thousands of user tokens” are exposed through the Travis CI API that offer access to more than 770 million logs with various types of credentials belonging to free tier users.”

Title: Experts Spotted Syslogk, a Linux Rootkit Under Development
Date Published: June 14, 2022


Excerpt: “Researchers from antivirus firm Avast spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses specially crafted “magic packets” to activate a dormant backdoor on the device. The experts reported that the Syslogk rootkit is heavily based on an open-source, well-known kernel rootkit for Linux, dubbed Adore-Ng.”

Title: Travel-related Cybercrime Takes Off as Industry Rebounds
Date Published: June 15, 2022


Excerpt: “Researchers are warning a post-COVID upsurge in travel has painted a bullseye on the travel industry and has spurred related cybercrimes. Criminal activity includes an uptick in adversaries targeting the theft of airline mileage reward points, website credentials for travel websites and travel-related databases breaches, according to a report by Intel 471.”

Title: Microsoft Fixes Follina and 55 other CVEs
Date Published: June 14, 2022


Excerpt: “June 2022 Patch Tuesday has been marked by Microsoft with the release of fixes for 55 new CVEs, as well as security updates that fix Follina (CVE-2022-30190), the Microsoft Windows Support Diagnostic Tool (MSDT) RCE.

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...