June 2, 2022

Fortify Security Team
Jun 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks
Date Published: June 2, 2022


Excerpt: “Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. According to messages exchanged between members of the cybercrime syndicate, Conti developers had created proof-of-concept (PoC) code that leveraged Intel’s Management Engine (ME) to overwrite flash and gain SMM (System Management Mode) execution.”

Title: A Critical RCE Flaw in Horde Webmail has yet to be Addressed
Date Published: June 2, 2022


Excerpt: “Researchers from SonarSource discovered a remote code execution vulnerability (CVE-2022-30287) in the open-source Horde Webmail client. Horde Webmail allows users to manage contacts, the flaw could be exploited by an authenticated user of a Horde instance to take over an email server by sending a specially crafted email to a victim.”

Title: Microsoft Office Apps are Vulnerable to IDN Homograph Attacks
Date Published: June 2, 2022


Excerpt: “Microsoft Office apps – including Outlook and Teams – are vulnerable to homograph attacks based on internationalized domain names (IDNs). In practice, this means that users hovering above a link in a phishing email, a Word or Excel document they have received, or a message sent via Teams, can’t tell that it will direct them to a spoofed malicious domain that’s not what it purports to be.”

Title: Scammers Target NFT Discord Channel
Date Published: June 2, 2022


Excerpt: “Discord a public chat application designed for gamers has grown popular among crypto owners all over the world. Attackers are targeting the Discord servers of several popular nonfungible token (NFT) projects. Josh Fraser founder of Origin protocol shared a thread on Twitter earlier this month, revealing the issue and warning the user about the integrity of the Discord private channels. Fraser added that the issue was quickly closed as a “duplicate issue” when responsibly disclosed to the team of Discord.”

Title: Russian Forces Disable South Ukraine Communications – Again
Date Published: June 1, 2022


Excerpt: “”All communications” in the southern Ukrainian city of Kherson has been hit, the State Service of Special Communications and Information Protection of Ukraine said in an alert on Tuesday, as communication solutions providers – internet, landline and mobile phone – have detected disruptions and subsequent shutdowns of their services.”

Title: Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones
Date Published: June  2, 2022


Excerpt: “A critical security flaw has been uncovered in UNISOC’s smartphone chipset that could be potentially weaponized to disrupt a smartphone’s radio communications through a malformed packet. “Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location,” Israeli cybersecurity company Check Point said in a report shared with The Hacker News. “The vulnerability is in the modem firmware, not in the Android OS itself.””

Title: Behavioral Biometrics Reduce Fraud Losses for Oft-Targeted Zelle Payments
Date Published: June  1, 2022


Excerpt: “As peer-to-peer payments services become increasingly popular, fraudsters are following the money here, especially to fast-rising Zelle. Hence, experts claim that stronger authentication, by way of behavioral biometrics, is needed to curb potential losses. Launched five years ago, Zelle is a P2P payment platform developed and owned Early Warning Services LLC, by a group of seven major U.S. banks, including Bank of America, JPMorgan Chase, Capital One, U.S. Bank and Wells Fargo.”

Title: Clipminer Malware Gang Stole $1.7M by Hijacking Crypto Payments
Date Published: June 2, 2022


Excerpt: “Threat analysts have discovered a large operation of a new cryptocurrency mining malware called Clipminer that brought its operators at least $1.7 million from transaction hijacking. According to researchers from Symantec, a Broadcom company, Clipminer is based on the KryptoCibule malware. Both trojans focus on stealing wallets, hijacking transactions, and mining cryptocurrency on infected machines.”

Title: Autonomous Vehicles can be Tricked into Erratic Driving Behavior
Date Published: June 2, 2022


Excerpt: “When a driverless car is in motion, one faulty decision by its collision-avoidance system can lead to disaster, but researchers at the University of California, Irvine have identified another possible risk: Autonomous vehicles can be tricked into an abrupt halt or other undesired driving behavior by the placement of an ordinary object on the side of the road.”

Title: ExpressVPN Removes Servers in India After Refusing to Comply with Government Order
Date Published: June 2, 2022


Excerpt: “Virtual Private Network (VPN) provider ExpressVPN on Thursday announced that it’s removing Indian-based VPN servers in response to a new cybersecurity directive issued by the Indian Computer Emergency Response Team (CERT-In). “Rest assured, our users will still be able to connect to VPN servers that will give them Indian IP addresses and allow them to access the internet as if they were located in India,” the company said. “These ‘virtual’ India servers will instead be physically located in Singapore and the U.K.””

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...