June 8, 2022

Fortify Security Team
Jun 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws

Date Published: June 7, 2022

https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/

Excerpt: “Surfshark announced today they are shutting down its VPN (virtual private network) services in India in response to the new requirements in the country that demand all providers to keep customer logs for 180 days. VPN services aim to provide privacy to internet users by encrypting their network traffic and hiding their actual IP addresses behind those assigned to servers hosted at providers worldwide. This allows customers to select a country of their choice and route their traffic, so it appears as if they are in that country.”

Title: China-linked Threat Actors have Breached Telcos and Network Service Providers

Date Published: June 8, 2022

https://securityaffairs.co/wordpress/132042/apt/us-warns-china-linked-threat-actors.html

Excerpt: “US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers. The nation-state actors exploit publicly known vulnerabilities to compromise the target infrastructure. The attackers also targeted Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices to use them as additional access points to route command and control (C2) traffic and midpoints to carry out attacks on other entities.”

Title: Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw

Date Published: June 7, 2022

https://threatpost.com/public-exploits-atlassian-confluence-flaw/179887/

Excerpt: “Threat actors are using public exploits to pummel a critical zero-day remote code execution (RCE) flaw that affects all versions of a popular collaboration tool used in cloud and hybrid server environments and allows for complete host takeover. Researchers from Volexity uncovered the flaw in Atlassian Confluence Server and Data Center software over the Memorial Day weekend after they detected suspicious activity on two internet-facing web servers belonging to a customer running the software, they said in a blog post published last week.”

Title: Qbot – Known Channel for Ransomware – Delivered via Phishing and Follina Exploit

Date Published: June 8, 2022

https://www.helpnetsecurity.com/2022/06/08/qbot-follina-exploit/

Excerpt: “More than a week has passed since Microsoft acknowledged the existence of the “Follina” vulnerability (CVE-2022-30190), after reports of it being exploited in the wild began to crop up here and there. Since then, other state-backed threat actors have started exploiting it, but now one of the most active Qbot (QakBot) malware affiliates has also been spotted leveraging Follina.”

Title: FBI Seizes ‘SSNDOB’ ID Theft Service for Selling Personal Info of 24 Million People

Date Published: June 7, 2022

https://thehackernews.com/2022/06/fbi-seizes-ssndob-id-theft-service-for.html

Excerpt: “An illicit online marketplace known as SSNDOB was taken down in operation led by U.S. law enforcement agencies, the Department of Justice (DoJ) announced Tuesday. SSNDOB trafficked in personal information such as names, dates of birth, credit card numbers, and Social Security numbers of about 24 million individuals in the U.S., generating its operators $19 million in sales revenue.”

Title: Data for 2 Million Patients Stolen in Largest Healthcare Breach so far of 2022

Date Published: June  7, 2022

https://www.scmagazine.com/analysis/breach/data-for-2-million-patients-stolen-in-largest-healthcare-breach-so-far-of-2022

Excerpt: “Two million patients from nearly 60 healthcare providers were recently informed that their data was stolen after the hack of a third-party vendor, Shields Health Care Group. Shields Health provides MRI, PET/CT, and outpatient surgical services for covered entities. The breach tally makes it the largest healthcare data breach reported so far this year.

Title: An Emerging Threat: Attacking 5G Via Network Slices

Date Published: June  7, 2022

https://www.darkreading.com/threat-intelligence/an-emerging-threat-attacking-5g-via-network-slices

Excerpt: “RSA CONFERENCE — San Francisco — While 5G security is not new as a topic of conversation, emerging attack vectors continue to come to the fore. Deloitte & Touche researchers have uncovered a potential avenue of attack targeting network slices, a fundamental part of 5G’s architecture. The stakes are high: Not just a faster 4G, next-generation 5G networks are expected to serve as the communications infrastructure for an array of mission-critical environments, such as public safety, military services, critical infrastructure, and the Industrial Internet of Things (IIoT). They also play a role in supporting latency-sensitive future applications like automated cars and telesurgery. A cyberattack on that infrastructure could have significant implications for public health and national security, and impact a range of commercial services for individual enterprises.”

Title: New SVCReady Malware Loads from Word Doc Properties

Date Published: June 7, 2022

https://www.bleepingcomputer.com/news/security/new-svcready-malware-loads-from-word-doc-properties/

Excerpt: “A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines. More specifically, it uses VBA macro code to execute shellcode stored in the properties of a document that arrives on the target as an email attachment.”

Title: Black Basta ransomware now Supports Encrypting VMware ESXi Servers

Date Published: June 8, 2022

https://securityaffairs.co/wordpress/132037/hacking/black-basta-ransomware-vmware-esxi.html

Excerpt: “The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers. Researchers from Uptycs first reported the discovery of the new Black Basta ransomware variant that supports encryption of VMWare ESXi servers. The move aims at expanding potential targets, the support for VMware ESXi was already implemented by many ransomware families, including LockBit, HelloKitty, BlackMatter, and REvil.”

Title: Paying Ransomware Paints Bigger Bullseye on Target’s Back

Date Published: June 8, 2022

https://threatpost.com/paying-ransomware-bullseye-back/179915/

Excerpt: “Paying ransomware attackers doesn’t pay off and often paints a bigger target on a victim’s back. Eighty percent of ransomware victims that paid their attackers were hit a second time by the malware scourge. New ransomware numbers come from a Cybereason’s April ransomware survey of 1,456 cybersecurity professionals. According to the gated report (registration required), victims that were successfully extorted were not only targeted a second time, but frequently data encrypted by criminals later became unusable during the decryption process because of corruption issues.”

Recent Posts

June 30, 2022

Title: Google Blocked Dozens of Domains Used by Hack-For-Hire Groups Date Published: June 30, 2022 https://www.bleepingcomputer.com/news/security/google-blocked-dozens-of-domains-used-by-hack-for-hire-groups/ Excerpt: “Google's Threat Analysis Group (TAG) has blocked...

June 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online Date Published: June 28, 2022 https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/ Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found...

June 27, 2022

Title: CafePress Fined $500,000 for Breach Affecting 23 Million Users Date Published: June 24, 2022 https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/ Excerpt: “The U.S. Federal Trade Commission (FTC) has...

June 24, 2022

Title: Scalper Bots out of Control in Israel, Selling State Appointments Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/scalper-bots-out-of-control-in-israel-selling-state-appointments/ Excerpt: “Out-of-control scalper bots have created...

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...