June 6, 2022

Fortify Security Team
Jun 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack

Date Published: June 6, 2022

https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/

Excerpt: “The municipality of Palermo in Southern Italy suffered a cyberattack on Friday, which appears to have had a massive impact on a broad range of operations and services to both citizens and visiting tourists. Palermo is home to about 1.3 million people, the fifth most populous city in Italy. The area is visited by another 2.3 million tourists every year.”

Title: Another Nation-State Actor Exploits Microsoft Follina to Attack European and US Entities

Date Published: June 6, 2022

https://securityaffairs.co/wordpress/131992/apt/nation-state-actors-follina-exploits.html

Excerpt: “An alleged nation-state actor is attempting to exploit the recently disclosed Microsoft Office Follina vulnerability in attacks aimed at government entities in Europe and the U.S. On May 31, Microsoft released workarounds for a recently discovered zero-day vulnerability, dubbed Follina and tracked as CVE-2022-30190 (CVSS score 7.8), in the Microsoft Office productivity suite.”

Title: The Costs and Damages of DNS attacks

Date Published: June 6, 2022

https://www.helpnetsecurity.com/2022/06/06/dns-attacks-impact/

Excerpt: “EfficientIP has announced the findings of its eighth annual 2022 Global DNS Threat Report, conducted by IDC, which reveals the damaging impact Domain Name System (DNS) attacks have had on global organizations’ operations over the past 12 months. The report uncovers how despite 73% of organizations knowing that DNS security is critical to their business, cyber criminals are still infiltrating the network and causing significant business disruption, resulting in the shutdown of cloud and on-premise applications and theft of data.”

Title: Atlassian Issues Patch for Critical Confluence Zero-Day

Date Published: June 4, 2022

https://www.bankinfosecurity.com/atlassian-issues-patch-for-critical-confluence-zero-day-a-19199

Excerpt: “Atlassian has issued a patch for its Confluence workspace collaboration tool, which is being targeted in the wild with a zero-day vulnerability that gives attackers unauthenticated remote code execution privileges. The vulnerability, tracked as CVE-2022-26134, has a CVSS score of 10 out of 10 for criticality.”

Title: Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers

Date Published: June 6, 2022

https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html

Excerpt: “Microsoft’s Digital Crimes Unit (DCU) last week disclosed that it had taken legal proceedings against an Iranian threat actor dubbed Bohrium in connection with a spear-phishing operation. The adversarial collective is said to have targeted entities in tech, transportation, government, and education sectors located in the U.S., Middle East, and India.”

Title: FDA Urges Patch of Illumina Devices with Three Critical Flaws Ranked 10 in Severity

Date Published: June  3, 2022

https://www.scmagazine.com/analysis/device-security/fda-urges-immediate-patch-of-critical-flaws-in-illumina-devices-over-patient-safety-risk

Excerpt: “Providers should “immediately download and install” a patch for certain Illumina devices, which the manufacturer issued last month. The software update fixes critical flaws in a range of devices that could put patient safety at risk, according to an FDA letter to the healthcare sector.”

Title: Evasive Phishing Mixes Reverse Tunnels and URL Shortening Services

Date Published: June  5, 2022

https://www.bleepingcomputer.com/news/security/evasive-phishing-mixes-reverse-tunnels-and-url-shortening-services/

Excerpt: “Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop. This practice deviates from the more common method of registering domains with hosting providers, who are likely to respond to complaints and take down the phishing sites.”

Title: Red TIM Research Discovers a Command Injection with a 9,8 score on Resi

Date Published: June 6, 2022

https://securityaffairs.co/wordpress/131985/security/resi-critical-command-injection.html

Excerpt: “It’s been detected an OS Command Injection, which has been identified from NIST as a Critical one, its score is 9,8.  This vulnerability comes from a failure to check the parameters sent as inputs into the system before they are processed by the server.  Due to the lack of user input validation, an attacker can ignore the syntax provided by the software and inject arbitrary system commands with the user privileges of the application.”

Title: Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor

Date Published: June 3, 2022

https://thehackernews.com/2022/06/chinese-luoyu-hackers-using-man-on-side.html

Excerpt: “An “extremely sophisticated” Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that’s delivered by means of man-on-the-side attacks. “This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads,” Russian cybersecurity company Kaspersky said in a new report. “Such attacks are especially dangerous and devastating because they do not require any interaction with the target to lead to a successful infection.””

Title: Bored Ape Yacht Club, Otherside NFTs Stolen in Discord Server Hack

Date Published: June 4, 2022

https://www.bleepingcomputer.com/news/security/bored-ape-yacht-club-otherside-nfts-stolen-in-discord-server-hack/

Excerpt: “Hackers reportedly stole over $257,000 in Ethereum and thirty-two NFTs after the Yuga Lab’s Bored Ape Yacht Club and Otherside Metaverse Discord servers were compromised to post a phishing scam. Earlier this morning, the Discord account for a Yuga Labs community manager was allegedly hacked to post a phishing scam on the company’s Discord servers.”

Recent Posts

June 30, 2022

Title: Google Blocked Dozens of Domains Used by Hack-For-Hire Groups Date Published: June 30, 2022 https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/ Excerpt: “Google's Threat Analysis Group (TAG) has blocked...

June 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online Date Published: June 28, 2022 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found...

June 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users Date Published: June 24, 2022 https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/ Excerpt: “The U.S. Federal Trade Commission (FTC) has...

June 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/ Excerpt: “Out-of-control scalper bots have created...

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...