June 22, 2022

Fortify Security Team
Jun 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage

Date Published: June 22, 2022


Excerpt: “Microsoft has revealed that this week’s Microsoft 365 worldwide outage was caused by an infrastructure power outage that led to traffic management servicing failovers in multiple regions. Starting on Monday, June 20, at 11:00 PM UTC, customers began experiencing and reporting several issues while trying to access and use Microsoft 365 services. According to Microsoft, problems encountered during the incident included delays and failures when accessing some Microsoft 365 services.”

Title: Critical PHP Flaw Exposes QNAP NAS Devices to RCE Attacks

Date Published: June 22, 2022


Excerpt: “QNAP has warned customers today that most of its Network Attached Storage (NAS) devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution. The Taiwanese hardware vendor has already patched the security flaw (CVE-2019-11043) for some operating system versions exposed to attacks (QTS build 20220515 or later and QuTS hero h5.0.0.2069 build 20220614 or later).”

Title: Yodel Parcel Company Confirms Cyberattack is Disrupting Delivery

Date Published: June 21, 2022


Excerpt: “Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online. The company has not published any details about the incident, such as when it occurred or its nature but implies that customer payment information has not been affected since it is neither stored on its systems nor processed by them. According to customers waiting package delivery, Yodel’s tracking and customer services went down over the weekend, some of them claiming that they’ve had no information on packages for at least four days.Cybersecurity researcher Kevin Beaumont today said that there are rumors about Yodel being hit by a ransomware attack, a plausible theory considering that these threat actors typically avoid to encrypt victim computers on weekdays, when the process is more likely to be discovered.”

Title: Russian Govt Hackers Hit Ukraine with Cobalt Strike, CredoMap Malware

Date Published: June 21, 2022


Excerpt: “The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. The APT28 hacking group is believed to be sending emails containing a malicious document name “Nuclear Terrorism A Very Real Threat.rtf.”. The threat actors selected the topic of this email to entice recipients to open it, exploiting the fear that’s spread among Ukrainians about a potential nuclear attack. Threat actors also used a similar tactic in May 2022, when CERT-UA identified the dissemination of malicious documents warning about a chemical attack. The RTF document used in the APT28 campaign attempts to exploit CVE-2022-30190, aka “Follina,” to download and launch the CredoMap malware (docx.exe) on a target’s device.”

Title: Adobe Acrobat May Block Antivirus Tools from Monitoring PDF Files

Date Published: June 21, 2022


Excerpt: “Security researchers found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users. Adobe’s product is checking if components from 30 security products are loaded into its processes and likely blocks them, essentially denying them from monitoring for malicious activity.”

Title: Crooks are Using RIG Exploit Kit to Push Dridex Instead of Raccoon Stealer

Date Published: June  22, 2022


Excerpt: “The switch occurred in February when Raccoon Stealer temporarily halted its activity as one of its developers was killed in the Russian invasion of Ukraine. The Raccoon stealer was first spotted in April 2019, it was designed to steal victims’ credit card data, email credentials, cryptocurrency wallets, and other sensitive data. Raccoon Stealer is offered for sale as a malware-as-a-service (MaaS) that implements an easy-to-use automated backend panel, operators also offer bulletproof hosting and 24/7 customer support in both Russian and English.”

Title: Flagstar Bank Discloses a Data Breach that Impacted 1.5 Million Individuals

Date Published: June  22, 2022


Excerpt: “US-based Flagstar Bank disclosed a data breach that impacted roughly 1.5 million individuals, but the company did not share details about the attack. The security breach took place in early December 2021, and the investigation that was concluded early this month confirmed that actors had access to files containing the personal information of 1.5 million individuals. According to a data breach notification published by the financial institution, the attackers has access to the social security numbers of some of the impacted individuals. The company is notifying the affected individuals.”

Title: Euro Cops Dismantle Multimillion-Dollar Phishing Gang

Date Published: June 22, 2022


Excerpt: “Police across Belgium and the Netherlands are claiming to have dismantled an organized crime group responsible for stealing millions of euros from phishing victims. An action day on June 21 led to the arrests of nine individuals and 24 house searches in the Netherlands. Police also seized firearms, ammunition, jewelry, electronic devices, cash and cryptocurrency, according to Europol.”

Title: NIST SP 800-161r1: What You Need to Know

Date Published: June 21, 2022


Excerpt: “Modern goods and services rely on a supply chain ecosystem, which are interconnected networks of manufacturers, software developers, and other service providers. This ecosystem provides cost savings, interoperability, quick innovation, product feature diversity, and the freedom to pick between rival providers. However, due to the many sources of components and software that often form a final product, supply chains carry inherent cybersecurity risks. Organizations need to be aware of the risks associated with goods and services that may include potentially harmful functionality, counterfeiting, or susceptibility to other vulnerabilities as a result of poor manufacturing and development procedures throughout the supply chain. The National Institute of Standards and Technology (NIST) has revised its Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations publication. The document, found under the heading, Special Publication 800-161r1SP revises the guidelines for recognizing, analyzing, and reacting to cybersecurity threats across the supply chain at all organizational levels. It helps NIST meet its duties under the 2021 Executive Order on Improving the Nation’s Cybersecurity, which tackles the rise of software security vulnerabilities across the supply chain.”

Title: Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture

Date Published: June 22, 2022


Excerpt: “Researchers discovered 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors, most of which they’ve attributed to inherent design flaws in equipment and a lax approach to security and risk management that have been plaguing the industry for decades, they said. The vulnerabilities–found in devices by reputed vendors Honeywell, Emerson, Motorola, Siemens, JTEKT, Bentley Nevada, Phoenix Contact, Omron, Yogogawa as well as an unnamed manufacturer–vary in terms of their characteristics and what they allow threat actors to do, according to the research from Forescout’s Vedere Labs. Among the activities that threat actors can engage in by exploiting the flaws on an affected device include: remote code execution (RCE), with code executed in different specialized processors and different contexts within a processor; denial of service (DoS) that can take a device completely offline or block access to a certain function; file/firmware/configuration manipulation that allows an attacker to change important aspects of a device; credential compromise allowing access to device functions; or authentication bypass that allows an attacker to invoke desired functionality on the target device, researchers said.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...