June 27, 2022

Fortify Security Team
Jun 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users
Date Published: June 24, 2022

https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/

Excerpt: “The U.S. Federal Trade Commission (FTC) has ordered Residual Pumpkin Entity, the former owner of the CafePress t-shirt and merchandise site, to pay a $500,000 fine for covering up a data breach impacting more than 23 million customers and failing to protect their data. As the consumer protection watchdog explained in a complaint from March 2022, Residual Pumpkin Entity stored its customers’ Social Security numbers and password reset answers in plain text and longer than necessary. The company also failed to apply available protections and respond to security incidents. After its servers were breached multiple times, it tried to cover up the major data breach resulting from its sloppy security practices.”

Title: Mitel Zero-Day Used by Hackers in Suspected Ransomware Attack
Date Published: June 24, 2022

https://www.bleepingcomputer.com/news/security/mitel-zero-day-used-by-hackers-in-suspected-ransomware-attack/

Excerpt: “Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack. Mitel VOIP devices are used by critical organizations in various sectors for telephony services and were recently exploited by threat actors for high-volume DDoS amplification attacks. In a new report by CrowdStrike, the company says that a zero-day remote code execution flaw, now tracked as CVE-2022-29499 (CVSS v3 score: 9.8 – critical), was used to gain initial access to the network.”

Title: The Week in Ransomware – June 24th 2022 – Splinter Cells
Date Published: June 24, 2022

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-24th-2022-splinter-cells/

Excerpt: “The Conti ransomware gang has finally ended their charade and turned off their Tor data leak and negotiation sites, effectively shutting down the operation. Since May, a lone Conti member has been posting data from older victims to make the gang appear alive, but in reality, Conti shut down last month. The members are now long spread out in smaller cells among different operations, making it more challenging to target the crime syndicate.”

Title: PyPi Python Packages Caught Sending Stolen AWS Keys to Unsecured Sites
Date Published: June 25, 2022

https://www.bleepingcomputer.com/news/security/pypi-python-packages-caught-sending-stolen-aws-keys-to-unsecured-sites/

Excerpt: “Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by anyone. PyPI is a repository of open-source packages that software developers use to pick the building blocks of their Python-based projects or share their work with the community. While PyPI is usually quick to respond to reports of malicious packages on the platform, there’s no real vetting before submission, so dangerous packages may lurk there for a while.”

Title: Clever Phishing Method Bypasses MFA Using Microsoft WebView2 Apps
Date Published: June 26, 2022

https://www.bleepingcomputer.com/news/security/clever-phishing-method-bypasses-mfa-using-microsoft-webview2-apps/

Excerpt: “A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. With the large number of data breaches, remote access trojan attacks, and phishing campaigns, stolen login credentials have become abundant. However, the increasing adoption of multi-factor authentication (MFA) has made it difficult to use these stolen credentials unless the threat actor also has access to the target’s one-time MFA passcodes or security keys.”

Title: Fake Copyright Infringement Emails Install LockBit Ransomware
Date Published: June  26, 2022

https://www.bleepingcomputer.com/news/security/fake-copyright-infringement-emails-install-lockbit-ransomware/

Excerpt: “LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims. The recipients of these emails are warned about a copyright violation, allegedly having used media files without the creator’s license. These emails demand that the recipient remove the infringing content from their websites, or they will face legal action. The emails, spotted by analysts at AhnLab, Korea, do not determine which files were unfairly used in the body and instead tell the recipient to download and open the attached file to see the infringement content.”

Title: Cybercriminals use Azure Front Door in Phishing Attacks
Date Published: June  27, 2022

https://www.helpnetsecurity.com/2022/06/27/azure-front-door-phishing-attacks/

Excerpt: “Resecurity, Inc. (USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. The identified resources in one of the malicious campaigns impersonated various services appearing to be legitimately created on the “azurefd.net” domain. This allows the bad actors to trick users and spread phishing content to intercept credentials from business applications and e-mail accounts. Notably, most phishing resources were designed to target SendGrid, Docusign and Amazon customers, along with several other major Japanese and Middle East online-service providers and corporations. According to experts, such tactics confirm how the bad actors are continuously looking to enhance their tactics and procedures to avoid phishing detection using world-known cloud services. Based on the analyzed phishing templates, the attackers are likely using an automated way to generate their phishing letters, by doing so they’re able to scale their campaigns to ultimately target a broader number of customers globally.”

Title: Ukrainian Telecommunications Operators Hit by DarkCrystal RAT Malware
Date Published: June 27, 2022

https://securityaffairs.co/wordpress/132651/malware/cert-ua-darkcrystal-rat-attacks.html

Excerpt: “The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The malspam messages have the topic “Free primary legal aid” use a password-protected attachment “Algorithm of actions of members of the family of a missing serviceman LegalAid.rar.” The RAR archive analyzed by the Ukrainian CERT-UA contains the document “Algorithm_LegalAid.xlsm.” Upon opening the document and enabling the macro, a PowerShell command will be executed. The script will download and run the .NET bootloader “MSCommondll.exe,” which in turn will download and run the malware DarkCrystal RAT.”

Title: Cyberattack Halted the Production at the Iranian State-Owned Khuzestan Steel Company
Date Published: June 27, 2022

https://securityaffairs.co/wordpress/132658/cyber-warfare-2/iran-khuzestan-steel-company-cyberattack.html

Excerpt: “The Khuzestan Steel Company is one of the major steel companies owned by the Iranian government. The company was forced to halt production due to a cyberattack. According to the Associated Press, Khuzestan Steel Company has a monopoly on steel production in Iran along with two other major state-owned firms. The website of the company is still down at the time of this writing. The company was forced to halt production to avoid damage to the production lines and impact on the supply chains it belongs to. The Iranian news channel Jamaran reported that the attack failed because at the time of the attack an electricity outage had interrupted the operations at the plant.”

Title: Global Police Crack Down on Online Sexual Exploitation
Date Published: June 27, 2022

https://www.infosecurity-magazine.com/news/police-crack-online-sexual/

Excerpt: “Police from Europe and South America have teamed up to take action against an organized crime group involved in human trafficking for sexual exploitation. Between 20-23 June, they swooped on 14 locations, arrested 10 and interviewed eight victims. Among items seized in the searches were vehicles, electronic equipment, hard drives, over 40 mobile phones, SIM cards, documents, payment cards and about €20,000 in cash. Europol supported the French Border Police, the Spanish National Police, the Portuguese Judicial Police and the Brazilian Federal Police during the operation, which saw coordinated raids in France, Spain and Portugal.”

Recent Posts

July 27, 2022

Title: Phishing Attacks Skyrocket With Microsoft and Facebook as Most Abused Brands Date Published: July 26, 2022 https://threatpost.com/popular-bait-in-phishing-attacks/180281/ Excerpt: “The bloom is back on phishing attacks with criminals doubling down on fake...

July 26, 2022

Title: Nist Updates Healthcare Security Guidance Date Published: July 25, 2022 https://www.infosecurity-magazine.com/news/nist-healthcare-guidance/ Excerpt: “The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for...

July 25, 2022

Title: Lockbit Ransomware Gang Claims to Have Breached the Italian Revenue Agency Date Published: July 25, 2022 https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html Excerpt: “The ransomware gang Lockbit claims to have...

July 22, 2022

Title: Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’ Date Published: July 21, 2022 https://threatpost.com/hackers-cyber-mercenaries/180263/ Excerpt: “A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and...

July 21, 2022

Title: Windows 11 Now Blocks Rdp Brute-Force Attacks by Default Date Published: July 21, 2022 https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/ Excerpt: “Recent Windows 11 builds come with the Account Lockout...

July 20, 2022

Title: New Luna Ransomware Encrypts Windows, Linux, and Esxi Systems Date Published: July 20, 2022 https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/ Excerpt: “A new ransomware family dubbed Luna can be used to...

July 18, 2022

Title: A Massive Cyberattack Hit Albania Date Published: July 18, 2022 https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html Excerpt: “Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A...