June 15, 2022

Fortify Security Team
Jun 15, 2022

Title: New Go Botnet Panchan Spreading Rapidly in Education Networks
Date Published: June 15, 2022

https://www.bleepingcomputer.com/news/security/new-go-botnet-panchan-spreading-rapidly-in-education-networks/

Excerpt: “A new peer-to-peer botnet named Panchan appeared in the wild around March 2022,  targeting Linux servers in the education sector to mine cryptocurrency. Panchan is empowered with SSH worm functions like dictionary attacks and SSH key abuse to perform rapid lateral movement to available machines in the compromised network.”

Title: A Flaw in Zimbra Email Suite Allows Stealing Login Credentials of the Users
Date Published: June 14, 2022

https://securityaffairs.co/wordpress/132269/hacking/zimbra-email-suite-flaw.html

Excerpt: “Researchers from Sonarsource have discovered a high-severity vulnerability impacting the Zimbra email suite, tracked as CVE-2022-27924 (CVSS score: 7.5), that can be exploited by an unauthenticated attacker to steal login credentials of users without user interaction.”

Title: Ransomware Gang Publishes Stolen Victim Data on the Public Internet
Date Published: June 15, 2022

https://www.helpnetsecurity.com/2022/06/15/ransomware-victim-data-internet/

Excerpt: “The Alphv (aka BlackCat) ransomware group is trying out a new tactic to push companies to pay for their post-breach silence: a clearnet (public Internet) website with sensitive data about the employees and customers stolen from a victim organization. Like some other ransomware gangs before them, they will also probably use the compromised information to directly contact the affected individuals and notify them about their personal, financial and medical information being available online to anyone who knows how to search for it.”

Title: New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs
Date Published: June 15, 2022

https://thehackernews.com/2022/06/new-hertzbleed-side-channel-attack.html

Excerpt: “A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. Dubbed Hertzbleed by a group of researchers from the University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, the issue is rooted in dynamic voltage and frequency scaling (DVFS), power and thermal management feature employed to conserve power and reduce the amount of heat generated by a chip.”

Title: New Backdoor Cloning Campaign Sneaks into Mobile Wallets, Steals Cryptocurrency
Date Published: June 14, 2022

https://www.scmagazine.com/analysis/malware/new-backdoor-cloning-campaign-sneaks-into-mobile-wallets-steals-cryptocurrency

Excerpt: “A new malware campaign has just been uncovered that sends fraudulent versions of legitimate sites to mobile wallets, in order to ultimately steal users’ cryptocurrency. Digital advertising security company Confiant reported in a June 12 blog that it found a widespread campaign where “backdoor versions” of Apple iOS and Android Web3 wallets have been breached by cloned ads for real web sites. When the fraudulent links are downloaded by a user, the malware not only compromises the use of the real financial applications, but exfiltrates “seed phrases” that are then used to abscond with cryptocurrency held by the victims, the blog said.”

Title: Google: SBOMs Effective Only if They Map to Known Vulns
Date Published: June  14, 2022

https://www.darkreading.com/vulnerabilities-threats/sboms-only-effective-if-they-map-to-known-flaws

Excerpt: “Software bills of materials (SBOMs) — a detailed list of components, modules, and libraries used to build products — are being endorsed by the National Institute of Standards and Technology (NIST) and US regulators as a way to drive down supply chain cybersecurity risks for consumers.  But Google’s Open Source Security Team points out in a blog post today that SBOM use alone isn’t an effective tool for assessing exposure. Rather, the documentation should be compared with a database of known vulnerabilities to identify any known software flaws.”

Title: Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs
Date Published: June  15, 2022

https://www.bleepingcomputer.com/news/security/thousands-of-github-aws-docker-tokens-exposed-in-travis-ci-logs/

Excerpt: “For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers’ accounts on GitHub, Amazon Web Services, and Docker Hub. Researchers at Aqua Security discovered that “tens of thousands of user tokens” are exposed through the Travis CI API that offer access to more than 770 million logs with various types of credentials belonging to free tier users.”

Title: Experts Spotted Syslogk, a Linux Rootkit Under Development
Date Published: June 14, 2022

https://securityaffairs.co/wordpress/132232/malware/syslogk-linux-rootkit.html

Excerpt: “Researchers from antivirus firm Avast spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses specially crafted “magic packets” to activate a dormant backdoor on the device. The experts reported that the Syslogk rootkit is heavily based on an open-source, well-known kernel rootkit for Linux, dubbed Adore-Ng.”

Title: Travel-related Cybercrime Takes Off as Industry Rebounds
Date Published: June 15, 2022

https://threatpost.com/travel-related-cybercrime-takes-off/179962/

Excerpt: “Researchers are warning a post-COVID upsurge in travel has painted a bullseye on the travel industry and has spurred related cybercrimes. Criminal activity includes an uptick in adversaries targeting the theft of airline mileage reward points, website credentials for travel websites and travel-related databases breaches, according to a report by Intel 471.”

Title: Microsoft Fixes Follina and 55 other CVEs
Date Published: June 14, 2022

https://www.helpnetsecurity.com/2022/06/14/microsoft-fixes-follina-and-55-other-cves/

Excerpt: “June 2022 Patch Tuesday has been marked by Microsoft with the release of fixes for 55 new CVEs, as well as security updates that fix Follina (CVE-2022-30190), the Microsoft Windows Support Diagnostic Tool (MSDT) RCE.

Recent Posts

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...

September 7, 2022

Title: Ransomware Gang's Cobalt Strike Servers DDoSed with Anti-Russia Messages Date Published: September 7, 2022 https://www.bleepingcomputer.com/news/security/ransomware-gangs-cobalt-strike-servers-ddosed-with-anti-russia-messages/ Excerpt: “Someone is flooding...

September 7, 2022

Title: Ransomware Gang's Cobalt Strike Servers DDoSed with Anti-Russia Messages Date Published: September 7, 2022 https://www.bleepingcomputer.com/news/security/ransomware-gangs-cobalt-strike-servers-ddosed-with-anti-russia-messages/ Excerpt: “Someone is flooding...

September 6, 2022

Title: New Worok Cyber-espionage Group Targets Governments, High-profile Firms Date Published: September 6, 2022 https://www.bleepingcomputer.com/news/security/new-worok-cyber-espionage-group-targets-governments-high-profile-firms/ Excerpt: “A newly discovered...

September 2, 2022

Title: New Ransomware Hits Windows, Linux Servers of Chile Govt Agency Date Published: September 1, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-hits-windows-linux-servers-of-chile-govt-agency/ Excerpt: “Chile's national computer security and...