June 6, 2022

Fortify Security Team
Jun 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack

Date Published: June 6, 2022

https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/

Excerpt: “The municipality of Palermo in Southern Italy suffered a cyberattack on Friday, which appears to have had a massive impact on a broad range of operations and services to both citizens and visiting tourists. Palermo is home to about 1.3 million people, the fifth most populous city in Italy. The area is visited by another 2.3 million tourists every year.”

Title: Another Nation-State Actor Exploits Microsoft Follina to Attack European and US Entities

Date Published: June 6, 2022

https://securityaffairs.co/wordpress/131992/apt/nation-state-actors-follina-exploits.html

Excerpt: “An alleged nation-state actor is attempting to exploit the recently disclosed Microsoft Office Follina vulnerability in attacks aimed at government entities in Europe and the U.S. On May 31, Microsoft released workarounds for a recently discovered zero-day vulnerability, dubbed Follina and tracked as CVE-2022-30190 (CVSS score 7.8), in the Microsoft Office productivity suite.”

Title: The Costs and Damages of DNS attacks

Date Published: June 6, 2022

https://www.helpnetsecurity.com/2022/06/06/dns-attacks-impact/

Excerpt: “EfficientIP has announced the findings of its eighth annual 2022 Global DNS Threat Report, conducted by IDC, which reveals the damaging impact Domain Name System (DNS) attacks have had on global organizations’ operations over the past 12 months. The report uncovers how despite 73% of organizations knowing that DNS security is critical to their business, cyber criminals are still infiltrating the network and causing significant business disruption, resulting in the shutdown of cloud and on-premise applications and theft of data.”

Title: Atlassian Issues Patch for Critical Confluence Zero-Day

Date Published: June 4, 2022

https://www.bankinfosecurity.com/atlassian-issues-patch-for-critical-confluence-zero-day-a-19199

Excerpt: “Atlassian has issued a patch for its Confluence workspace collaboration tool, which is being targeted in the wild with a zero-day vulnerability that gives attackers unauthenticated remote code execution privileges. The vulnerability, tracked as CVE-2022-26134, has a CVSS score of 10 out of 10 for criticality.”

Title: Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers

Date Published: June 6, 2022

https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html

Excerpt: “Microsoft’s Digital Crimes Unit (DCU) last week disclosed that it had taken legal proceedings against an Iranian threat actor dubbed Bohrium in connection with a spear-phishing operation. The adversarial collective is said to have targeted entities in tech, transportation, government, and education sectors located in the U.S., Middle East, and India.”

Title: FDA Urges Patch of Illumina Devices with Three Critical Flaws Ranked 10 in Severity

Date Published: June  3, 2022

https://www.scmagazine.com/analysis/device-security/fda-urges-immediate-patch-of-critical-flaws-in-illumina-devices-over-patient-safety-risk

Excerpt: “Providers should “immediately download and install” a patch for certain Illumina devices, which the manufacturer issued last month. The software update fixes critical flaws in a range of devices that could put patient safety at risk, according to an FDA letter to the healthcare sector.”

Title: Evasive Phishing Mixes Reverse Tunnels and URL Shortening Services

Date Published: June  5, 2022

https://www.bleepingcomputer.com/news/security/evasive-phishing-mixes-reverse-tunnels-and-url-shortening-services/

Excerpt: “Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop. This practice deviates from the more common method of registering domains with hosting providers, who are likely to respond to complaints and take down the phishing sites.”

Title: Red TIM Research Discovers a Command Injection with a 9,8 score on Resi

Date Published: June 6, 2022

https://securityaffairs.co/wordpress/131985/security/resi-critical-command-injection.html

Excerpt: “It’s been detected an OS Command Injection, which has been identified from NIST as a Critical one, its score is 9,8.  This vulnerability comes from a failure to check the parameters sent as inputs into the system before they are processed by the server.  Due to the lack of user input validation, an attacker can ignore the syntax provided by the software and inject arbitrary system commands with the user privileges of the application.”

Title: Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor

Date Published: June 3, 2022

https://thehackernews.com/2022/06/chinese-luoyu-hackers-using-man-on-side.html

Excerpt: “An “extremely sophisticated” Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that’s delivered by means of man-on-the-side attacks. “This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads,” Russian cybersecurity company Kaspersky said in a new report. “Such attacks are especially dangerous and devastating because they do not require any interaction with the target to lead to a successful infection.””

Title: Bored Ape Yacht Club, Otherside NFTs Stolen in Discord Server Hack

Date Published: June 4, 2022

https://www.bleepingcomputer.com/news/security/bored-ape-yacht-club-otherside-nfts-stolen-in-discord-server-hack/

Excerpt: “Hackers reportedly stole over $257,000 in Ethereum and thirty-two NFTs after the Yuga Lab’s Bored Ape Yacht Club and Otherside Metaverse Discord servers were compromised to post a phishing scam. Earlier this morning, the Discord account for a Yuga Labs community manager was allegedly hacked to post a phishing scam on the company’s Discord servers.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...