June 24, 2022

Fortify Security Team
Jun 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments
Date Published: June 23, 2022


Excerpt: “Out-of-control scalper bots have created havoc in Israel by registering public service appointments for various government services and then offering to sell them to disgruntled citizens.
The bot’s operators attempted to sell appointments for a range of government agencies for over $100, including passport renewal, the Israeli Ministry of Interior, the Ministry of Transport, National Insurance, Israel Post, and the Israeli state Electricity Company.”

Title: CISA: Log4Shell Exploits Still Being Used to Hack VMware Servers
Date Published: June 23, 2022


Excerpt: “CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability. Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data. After its disclosure in December 2021, multiple threat actors began scanning for and exploiting unpatched systems, including state-backed hacking groups from China, Iran, North Korea, and Turkey, as well as several access brokers commonly used by ransomware gangs.”

Title: Spyware Vendor Works With ISPs to Infect iOS and Android Users
Date Published: June 23, 2022


Excerpt: “Google’s Threat Analysis Group (TAG) revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools. RCS Labs is just one of more than 30 spyware vendors whose activity is currently tracked by Google, according to Google TAG analysts Benoit Sevens and Clement Lecigne. During attacks that used drive-by-downloads to infect multiple victims, the targets were prompted to install malicious apps (camouflaged as legitimate mobile carrier apps) to get back online after their Internet connection was cut with the help of their ISP.”

Title: Lithuania Warns of Rise in DDoS Attacks Against Government Sites
Date Published: June 23, 2022


Excerpt: “The National Cyber Security Center (NKSC) of Lithuania has issued a public warning about a steep increase in distributed denial of service (DDoS) attacks directed against public authorities in the country. DDoS is a special type of cyberattack that causes internet servers to be overwhelmed by a large number of requests and garbage traffic, rendering the hosted sites and services inaccessible for legitimate visitors and users. According to NKSC, due to these cyberattacks, Lithuania’s transportation agencies, financial institutions, and other large entities have experienced temporary service disruptions.”

Title: Malicious Windows ‘LNK’ Attacks Made Easy with New Quantum Builder
Date Published: June 23, 2022


Excerpt: “Malware researchers have noticed a new tool that helps cybercriminals build malicious .LNK files to deliver payloads for the initial stages of an attack. LNKs are Windows shortcut files that can contain malicious code to abuse legitimate tools on the system, the so-called living-off-the-land binaries (LOLBins), such as PowerShell or the MSHTA that is used to execute Microsoft HTML Application (HTA) files. Due to this, LNKs are extensively used for malware distribution, especially in phishing campaigns, with some notable malware families currently using them being Emotet, Bumblebee, Qbot, and IcedID.”

Title: June Windows Preview Updates Fix VPN, RDP, RRAS, and Wi-Fi Issues
Date Published: June  24, 2022


Excerpt: “The optional Windows update previews released by Microsoft this week come with more than the regular performance improvements and bug fixes. Redmond published three cumulative updates as part of its scheduled June 2022 monthly “C” updates to allow customers to test upcoming fixes: KB5014668 (Windows 11), KB5014665 (Windows Server 2022), and KB5014669 (Windows 10, version 1809). However, as the company revealed on Thursday in the Windows health dashboard [1, 2, 3], the updates also address connectivity issues when using Wi-Fi hotspots after installing Windows updates released as part of the June 2022 Patch Tuesday.”

Title: How Companies are Prioritizing Infosec and Compliance
Date Published: June  24, 2022


Excerpt: “New research conducted by Enterprise Management Associates (EMA), examines the impact of the compliance budget on security strategy and priorities. It describes areas for which companies prioritize information security and compliance, which leaders control information security spending, how compliance has shifted the overall security strategy of the organization, and the solutions and tools on which organizations are focusing their technology spending. The findings cover three critical areas of an organization’s security and compliance posture: information security and IT audit and compliance, data security and data privacy, and security and compliance spending.”

Title: Chinese Tropic Trooper APT Spreads a Hacking Tool Laced with a Backdoor
Date Published: June 23, 2022


Excerpt: “Check Point Research uncovered an activity cluster with ties to China-linked APT Tropic Trooper (aka Earth Centaur, KeyBoy, and Pirate Panda) which involved the use of a previously undescribed loader (dubbed “Nimbda”) written in Nim language. The Tropic Trooper APT has been active at least since 2012, it was first spotted by security experts at Trend Micro in 2015, when the threat actors targeted government ministries and heavy industries in Taiwan and the military in the Philippines. Nimbda works by injecting a piece of code into a launched notepad.exe process, it allows operators to to start a three-tier infection chain. The final payload encoded in the image is TClient, which is a backdoor that was used by the Tropic Trooper APT group in past campaigns.”

Title: NSO Group Told Lawmakers that Pegasus Spyware was Used by at Least 5 European Countries
Date Published: June 23, 2022


Excerpt: “The controversial Israeli surveillance vendor NSO Group told the European Union lawmakers that its Pegasus spyware was used by at least five countries in the region. NSO Group’s General Counsel Chaim Gelfand admitted that the company had “made mistakes,” but that after the abuses of its software made the headlines it has canceled several contracts. In April, the Parliament set up a new inquiry committee investigating the use of Pegaus spyware and equivalent surveillance software used to spy of phones belonging to politicians, diplomats, and civil society members. The spyware was used to target several European leaders, including Spain’s Prime Minister Pedro Sánchez, and Spanish political groups, Hungary, and Poland.”

Title: Russia Steps Up Cyber-Espionage Against Ukraine Allies
Date Published: June 23, 2022


Excerpt: “Russian state-backed hackers have conducted network penetration and espionage activities against 128 organizations in 42 countries allied to Ukraine since the start of the war, according to Microsoft. Aside from the US, which is Russia’s number one target, campaigns have also focused on Poland, which is where much military and humanitarian assistance is being coordinated, according to the tech giant’s president, Brad Smith. The Baltic countries as well as Denmark, Norway, Finland, Sweden, and Turkey have also been targets, with governments and foreign ministries in particular singled out, he claimed.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...