June 2, 2022

Fortify Security Team
Jun 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks
Date Published: June 2, 2022

https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/

Excerpt: “Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. According to messages exchanged between members of the cybercrime syndicate, Conti developers had created proof-of-concept (PoC) code that leveraged Intel’s Management Engine (ME) to overwrite flash and gain SMM (System Management Mode) execution.”

Title: A Critical RCE Flaw in Horde Webmail has yet to be Addressed
Date Published: June 2, 2022

https://securityaffairs.co/wordpress/131870/hacking/rce-flaw-horde-webmail.html

Excerpt: “Researchers from SonarSource discovered a remote code execution vulnerability (CVE-2022-30287) in the open-source Horde Webmail client. Horde Webmail allows users to manage contacts, the flaw could be exploited by an authenticated user of a Horde instance to take over an email server by sending a specially crafted email to a victim.”

Title: Microsoft Office Apps are Vulnerable to IDN Homograph Attacks
Date Published: June 2, 2022

https://www.helpnetsecurity.com/2022/06/02/microsoft-office-homograph-attacks/

Excerpt: “Microsoft Office apps – including Outlook and Teams – are vulnerable to homograph attacks based on internationalized domain names (IDNs). In practice, this means that users hovering above a link in a phishing email, a Word or Excel document they have received, or a message sent via Teams, can’t tell that it will direct them to a spoofed malicious domain that’s not what it purports to be.”

Title: Scammers Target NFT Discord Channel
Date Published: June 2, 2022

https://threatpost.com/scammers-target-nft-discord-channel/179827/

Excerpt: “Discord a public chat application designed for gamers has grown popular among crypto owners all over the world. Attackers are targeting the Discord servers of several popular nonfungible token (NFT) projects. Josh Fraser founder of Origin protocol shared a thread on Twitter earlier this month, revealing the issue and warning the user about the integrity of the Discord private channels. Fraser added that the issue was quickly closed as a “duplicate issue” when responsibly disclosed to the team of Discord.”

Title: Russian Forces Disable South Ukraine Communications – Again
Date Published: June 1, 2022

https://www.bankinfosecurity.com/russian-forces-disable-south-ukraine-communications-again-a-19178

Excerpt: “”All communications” in the southern Ukrainian city of Kherson has been hit, the State Service of Special Communications and Information Protection of Ukraine said in an alert on Tuesday, as communication solutions providers – internet, landline and mobile phone – have detected disruptions and subsequent shutdowns of their services.”

Title: Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones
Date Published: June  2, 2022

https://thehackernews.com/2022/06/critical-unisoc-chip-vulnerability.html

Excerpt: “A critical security flaw has been uncovered in UNISOC’s smartphone chipset that could be potentially weaponized to disrupt a smartphone’s radio communications through a malformed packet. “Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location,” Israeli cybersecurity company Check Point said in a report shared with The Hacker News. “The vulnerability is in the modem firmware, not in the Android OS itself.””

Title: Behavioral Biometrics Reduce Fraud Losses for Oft-Targeted Zelle Payments
Date Published: June  1, 2022

https://www.scmagazine.com/analysis/identity-and-access/behavioral-biometrics-reduce-fraud-losses-for-oft-targeted-zelle-payments

Excerpt: “As peer-to-peer payments services become increasingly popular, fraudsters are following the money here, especially to fast-rising Zelle. Hence, experts claim that stronger authentication, by way of behavioral biometrics, is needed to curb potential losses. Launched five years ago, Zelle is a P2P payment platform developed and owned Early Warning Services LLC, by a group of seven major U.S. banks, including Bank of America, JPMorgan Chase, Capital One, U.S. Bank and Wells Fargo.”

Title: Clipminer Malware Gang Stole $1.7M by Hijacking Crypto Payments
Date Published: June 2, 2022

https://www.bleepingcomputer.com/news/security/clipminer-malware-gang-stole-17m-by-hijacking-crypto-payments/

Excerpt: “Threat analysts have discovered a large operation of a new cryptocurrency mining malware called Clipminer that brought its operators at least $1.7 million from transaction hijacking. According to researchers from Symantec, a Broadcom company, Clipminer is based on the KryptoCibule malware. Both trojans focus on stealing wallets, hijacking transactions, and mining cryptocurrency on infected machines.”

Title: Autonomous Vehicles can be Tricked into Erratic Driving Behavior
Date Published: June 2, 2022

https://www.helpnetsecurity.com/2022/06/02/autonomous-vehicles-can-be-tricked/

Excerpt: “When a driverless car is in motion, one faulty decision by its collision-avoidance system can lead to disaster, but researchers at the University of California, Irvine have identified another possible risk: Autonomous vehicles can be tricked into an abrupt halt or other undesired driving behavior by the placement of an ordinary object on the side of the road.”

Title: ExpressVPN Removes Servers in India After Refusing to Comply with Government Order
Date Published: June 2, 2022

https://thehackernews.com/2022/06/expressvpn-removes-servers-in-india.html

Excerpt: “Virtual Private Network (VPN) provider ExpressVPN on Thursday announced that it’s removing Indian-based VPN servers in response to a new cybersecurity directive issued by the Indian Computer Emergency Response Team (CERT-In). “Rest assured, our users will still be able to connect to VPN servers that will give them Indian IP addresses and allow them to access the internet as if they were located in India,” the company said. “These ‘virtual’ India servers will instead be physically located in Singapore and the U.K.””

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...