June 3, 2022

Fortify Security Team
Jun 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack
Date Published: June 2, 2022

https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/

Excerpt: “Hackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells, with no fix available at this time. Today, Atlassian released a security advisory disclosing that CVE-2022-26134 is a critical unauthenticated, remote code execution vulnerability tracked in both Confluence Server and Data Center.”

Title: Microsoft Blocked Polonium Attacks Against Israeli Organizations
Date Published: June 3, 2022

https://securityaffairs.co/wordpress/131902/hacking/microsoft-blocked-polonium-attacks.html

Excerpt: “Microsoft announced to have blocked a series of attacks targeting Israeli organizations that have been conducted by a previously unknown Lebanon-based hacking group tracked as POLONIUM. POLONIUM has targeted or compromised more than 20 Israeli organizations and one intergovernmental organization with operations in Lebanon over the past three months. Since February, the attacks targeted organizations in critical manufacturing, IT, and Israel’s defense industry.”

Title: Evil Corp Pivots LockBit to Dodge U.S. Sanctions
Date Published: June 3, 2022

https://threatpost.com/evil-corp-pivots-to-lockbit-to-dodge-u-s-sanctions/179858/

Excerpt: “Evil Corp has shifted tactics once again, this time pivoting to LockBit ransomware after U.S. sanctions have made it difficult for the cybercriminal group to reap financial gain from its activity, researchers have found. Researchers from Mandiant Intelligence have been tracking a “financially motivated threat cluster” they’re calling UNC2165 that has numerous overlaps with Evil Corp and is highly likely the latest incarnation of the group.”

Title: US Confirms It Has Provided Cybersecurity Support to Ukraine
Date Published: June 2, 2022

https://www.bankinfosecurity.com/us-confirms-has-provided-cybersecurity-support-to-ukraine-a-19189

Excerpt: “The U.S. has conducted offensive cyber activities in support of Ukraine, Cyber Command Director Gen. Paul Nakasone reportedly said on Wednesday. He made the comments at the ongoing annual NATO Cooperative Cyber Defense Center of Excellence conference – CyCon.”

Title: Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network
Date Published: June 3, 2022

https://thehackernews.com/2022/06/researchers-uncover-malware-controlling.html

Excerpt: “The Parrot traffic direction system (TDS) that came to light earlier this year has had a larger impact than previously thought, according to new research. Sucuri, which has been tracking the same campaign since February 2019 under the name “NDSW/NDSX,” said that “the malware was one of the top infections” detected in 2021, accounting for more than 61,000 websites.”

Title: HHS Alerts to Ongoing Emotet Threat to the Healthcare Sector
Date Published: June  2, 2022

https://www.scmagazine.com/analysis/malware/hhs-alerts-to-ongoing-emotet-threat-to-the-healthcare-sector

Excerpt: “Trojans are the most common malware impacting computer systems in the healthcare sector, the most common of which is Emotet, according to a Department of Health and Human Services Cybersecurity Coordination Center alert containing mitigation strategies for the sector.”

Title: Phishers Having a Field Day on WhatsApp, Telegraph
Date Published: June  2, 2022

https://www.darkreading.com/application-security/phishers-field-day-whatsapp-telegraph

Excerpt: “Within just a few days of each other, researchers sounded the alarm about phishing campaigns against two popular, global messaging platforms, Telegraph and WhatsApp. Last week, Rahul Sasi, founder and CEO of CloudSEK, posted a warning on LinkedIn that WhatsApp accounts were being targeted by phishing attacks trying to trick users into placing a call to the number “**67*< 10 digit number > or *405* <10 digit number >”. Just a few minutes later, the device would log out of WhatsApp and the attacker would have full control of the account, Sasi added.”

Title: Top 10 Android Banking Trojans Target Apps with 1 Billion Downloads
Date Published: June 2, 2022

https://www.bleepingcomputer.com/news/security/top-10-android-banking-trojans-target-apps-with-1-billion-downloads/

Excerpt: “The ten most prolific Android mobile banking trojans target 639 financial applications that collectively have over one billion downloads on the Google Play Store. Mobile banking trojans hide behind seemingly benign apps like productivity tools and games and commonly sneak into the Google Play Store, Android’s official app store.”

Title: LockBit Ransomware Attack Impacted Production in a Mexican Foxconn Plant
Date Published: June 2, 2022

https://securityaffairs.co/wordpress/131891/cyber-crime/lockbit-ransomware-foxconn-plant-mexico.html

Excerpt: “The electronics manufacturing giant Foxconn confirmed that its production plant in Tijuana (Mexico) has been impacted by a ransomware attack in late May. The LockBit ransomware gang claimed responsibility for an attack and announced that it will release the stolen data by 11 June, 2022 18:01:00 if the company will not pay the ransom.”

Title: Language-based BEC Attacks Rising
Date Published: June 2, 2022

https://www.helpnetsecurity.com/2022/06/02/email-language-based-attacks/

Excerpt: “Armorblox released a report which highlights the use of language-based attacks that bypass existing email security controls. The report uncovers how the continued increase in remote work has made critical business workflows even more vulnerable to new forms of email-based attacks, often resulting in financial fraud or credential theft.”

Recent Posts

June 30, 2022

Title: Google Blocked Dozens of Domains Used by Hack-For-Hire Groups Date Published: June 30, 2022 https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/ Excerpt: “Google's Threat Analysis Group (TAG) has blocked...

June 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online Date Published: June 28, 2022 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found...

June 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users Date Published: June 24, 2022 https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/ Excerpt: “The U.S. Federal Trade Commission (FTC) has...

June 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/ Excerpt: “Out-of-control scalper bots have created...

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...