June 22, 2022

Fortify Security Team
Jun 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage

Date Published: June 22, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/

Excerpt: “Microsoft has revealed that this week’s Microsoft 365 worldwide outage was caused by an infrastructure power outage that led to traffic management servicing failovers in multiple regions. Starting on Monday, June 20, at 11:00 PM UTC, customers began experiencing and reporting several issues while trying to access and use Microsoft 365 services. According to Microsoft, problems encountered during the incident included delays and failures when accessing some Microsoft 365 services.”

Title: Critical PHP Flaw Exposes QNAP NAS Devices to RCE Attacks

Date Published: June 22, 2022

https://www.bleepingcomputer.com/news/security/critical-php-flaw-exposes-qnap-nas-devices-to-rce-attacks/

Excerpt: “QNAP has warned customers today that most of its Network Attached Storage (NAS) devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution. The Taiwanese hardware vendor has already patched the security flaw (CVE-2019-11043) for some operating system versions exposed to attacks (QTS 5.0.1.2034 build 20220515 or later and QuTS hero h5.0.0.2069 build 20220614 or later).”

Title: Yodel Parcel Company Confirms Cyberattack is Disrupting Delivery

Date Published: June 21, 2022

https://www.bleepingcomputer.com/news/security/yodel-parcel-company-confirms-cyberattack-is-disrupting-delivery/

Excerpt: “Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online. The company has not published any details about the incident, such as when it occurred or its nature but implies that customer payment information has not been affected since it is neither stored on its systems nor processed by them. According to customers waiting package delivery, Yodel’s tracking and customer services went down over the weekend, some of them claiming that they’ve had no information on packages for at least four days.Cybersecurity researcher Kevin Beaumont today said that there are rumors about Yodel being hit by a ransomware attack, a plausible theory considering that these threat actors typically avoid to encrypt victim computers on weekdays, when the process is more likely to be discovered.”

Title: Russian Govt Hackers Hit Ukraine with Cobalt Strike, CredoMap Malware

Date Published: June 21, 2022

https://www.bleepingcomputer.com/news/security/russian-govt-hackers-hit-ukraine-with-cobalt-strike-credomap-malware/

Excerpt: “The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. The APT28 hacking group is believed to be sending emails containing a malicious document name “Nuclear Terrorism A Very Real Threat.rtf.”. The threat actors selected the topic of this email to entice recipients to open it, exploiting the fear that’s spread among Ukrainians about a potential nuclear attack. Threat actors also used a similar tactic in May 2022, when CERT-UA identified the dissemination of malicious documents warning about a chemical attack. The RTF document used in the APT28 campaign attempts to exploit CVE-2022-30190, aka “Follina,” to download and launch the CredoMap malware (docx.exe) on a target’s device.”

Title: Adobe Acrobat May Block Antivirus Tools from Monitoring PDF Files

Date Published: June 21, 2022

https://www.bleepingcomputer.com/news/security/adobe-acrobat-may-block-antivirus-tools-from-monitoring-pdf-files/

Excerpt: “Security researchers found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users. Adobe’s product is checking if components from 30 security products are loaded into its processes and likely blocks them, essentially denying them from monitoring for malicious activity.”

Title: Crooks are Using RIG Exploit Kit to Push Dridex Instead of Raccoon Stealer

Date Published: June  22, 2022

https://securityaffairs.co/wordpress/132498/malware/rig-exploit-kit-dridex.html

Excerpt: “The switch occurred in February when Raccoon Stealer temporarily halted its activity as one of its developers was killed in the Russian invasion of Ukraine. The Raccoon stealer was first spotted in April 2019, it was designed to steal victims’ credit card data, email credentials, cryptocurrency wallets, and other sensitive data. Raccoon Stealer is offered for sale as a malware-as-a-service (MaaS) that implements an easy-to-use automated backend panel, operators also offer bulletproof hosting and 24/7 customer support in both Russian and English.”

Title: Flagstar Bank Discloses a Data Breach that Impacted 1.5 Million Individuals

Date Published: June  22, 2022

https://securityaffairs.co/wordpress/132490/data-breach/flagstar-bank-data-breach.html

Excerpt: “US-based Flagstar Bank disclosed a data breach that impacted roughly 1.5 million individuals, but the company did not share details about the attack. The security breach took place in early December 2021, and the investigation that was concluded early this month confirmed that actors had access to files containing the personal information of 1.5 million individuals. According to a data breach notification published by the financial institution, the attackers has access to the social security numbers of some of the impacted individuals. The company is notifying the affected individuals.”

Title: Euro Cops Dismantle Multimillion-Dollar Phishing Gang

Date Published: June 22, 2022

https://www.infosecurity-magazine.com/news/cops-dismantle-phishing-gang/

Excerpt: “Police across Belgium and the Netherlands are claiming to have dismantled an organized crime group responsible for stealing millions of euros from phishing victims. An action day on June 21 led to the arrests of nine individuals and 24 house searches in the Netherlands. Police also seized firearms, ammunition, jewelry, electronic devices, cash and cryptocurrency, according to Europol.”

Title: NIST SP 800-161r1: What You Need to Know

Date Published: June 21, 2022

https://www.tripwire.com/state-of-security/regulatory-compliance/nist-sp-800-161r1-what-you-need-to-know/

Excerpt: “Modern goods and services rely on a supply chain ecosystem, which are interconnected networks of manufacturers, software developers, and other service providers. This ecosystem provides cost savings, interoperability, quick innovation, product feature diversity, and the freedom to pick between rival providers. However, due to the many sources of components and software that often form a final product, supply chains carry inherent cybersecurity risks. Organizations need to be aware of the risks associated with goods and services that may include potentially harmful functionality, counterfeiting, or susceptibility to other vulnerabilities as a result of poor manufacturing and development procedures throughout the supply chain. The National Institute of Standards and Technology (NIST) has revised its Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations publication. The document, found under the heading, Special Publication 800-161r1SP revises the guidelines for recognizing, analyzing, and reacting to cybersecurity threats across the supply chain at all organizational levels. It helps NIST meet its duties under the 2021 Executive Order on Improving the Nation’s Cybersecurity, which tackles the rise of software security vulnerabilities across the supply chain.”

Title: Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture

Date Published: June 22, 2022

https://threatpost.com/discovery-of-56-ot-device-flaws-blamed-on-lackluster-security-culture/180035/

Excerpt: “Researchers discovered 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors, most of which they’ve attributed to inherent design flaws in equipment and a lax approach to security and risk management that have been plaguing the industry for decades, they said. The vulnerabilities–found in devices by reputed vendors Honeywell, Emerson, Motorola, Siemens, JTEKT, Bentley Nevada, Phoenix Contact, Omron, Yogogawa as well as an unnamed manufacturer–vary in terms of their characteristics and what they allow threat actors to do, according to the research from Forescout’s Vedere Labs. Among the activities that threat actors can engage in by exploiting the flaws on an affected device include: remote code execution (RCE), with code executed in different specialized processors and different contexts within a processor; denial of service (DoS) that can take a device completely offline or block access to a certain function; file/firmware/configuration manipulation that allows an attacker to change important aspects of a device; credential compromise allowing access to device functions; or authentication bypass that allows an attacker to invoke desired functionality on the target device, researchers said.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...