June 8, 2022

Fortify Security Team
Jun 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws

Date Published: June 7, 2022

https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/

Excerpt: “Surfshark announced today they are shutting down its VPN (virtual private network) services in India in response to the new requirements in the country that demand all providers to keep customer logs for 180 days. VPN services aim to provide privacy to internet users by encrypting their network traffic and hiding their actual IP addresses behind those assigned to servers hosted at providers worldwide. This allows customers to select a country of their choice and route their traffic, so it appears as if they are in that country.”

Title: China-linked Threat Actors have Breached Telcos and Network Service Providers

Date Published: June 8, 2022

https://securityaffairs.co/wordpress/132042/apt/us-warns-china-linked-threat-actors.html

Excerpt: “US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers. The nation-state actors exploit publicly known vulnerabilities to compromise the target infrastructure. The attackers also targeted Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices to use them as additional access points to route command and control (C2) traffic and midpoints to carry out attacks on other entities.”

Title: Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw

Date Published: June 7, 2022

https://threatpost.com/public-exploits-atlassian-confluence-flaw/179887/

Excerpt: “Threat actors are using public exploits to pummel a critical zero-day remote code execution (RCE) flaw that affects all versions of a popular collaboration tool used in cloud and hybrid server environments and allows for complete host takeover. Researchers from Volexity uncovered the flaw in Atlassian Confluence Server and Data Center software over the Memorial Day weekend after they detected suspicious activity on two internet-facing web servers belonging to a customer running the software, they said in a blog post published last week.”

Title: Qbot – Known Channel for Ransomware – Delivered via Phishing and Follina Exploit

Date Published: June 8, 2022

https://www.helpnetsecurity.com/2022/06/08/qbot-follina-exploit/

Excerpt: “More than a week has passed since Microsoft acknowledged the existence of the “Follina” vulnerability (CVE-2022-30190), after reports of it being exploited in the wild began to crop up here and there. Since then, other state-backed threat actors have started exploiting it, but now one of the most active Qbot (QakBot) malware affiliates has also been spotted leveraging Follina.”

Title: FBI Seizes ‘SSNDOB’ ID Theft Service for Selling Personal Info of 24 Million People

Date Published: June 7, 2022

https://thehackernews.com/2022/06/fbi-seizes-ssndob-id-theft-service-for.html

Excerpt: “An illicit online marketplace known as SSNDOB was taken down in operation led by U.S. law enforcement agencies, the Department of Justice (DoJ) announced Tuesday. SSNDOB trafficked in personal information such as names, dates of birth, credit card numbers, and Social Security numbers of about 24 million individuals in the U.S., generating its operators $19 million in sales revenue.”

Title: Data for 2 Million Patients Stolen in Largest Healthcare Breach so far of 2022

Date Published: June  7, 2022

https://www.scmagazine.com/analysis/breach/data-for-2-million-patients-stolen-in-largest-healthcare-breach-so-far-of-2022

Excerpt: “Two million patients from nearly 60 healthcare providers were recently informed that their data was stolen after the hack of a third-party vendor, Shields Health Care Group. Shields Health provides MRI, PET/CT, and outpatient surgical services for covered entities. The breach tally makes it the largest healthcare data breach reported so far this year.

Title: An Emerging Threat: Attacking 5G Via Network Slices

Date Published: June  7, 2022

https://www.darkreading.com/threat-intelligence/an-emerging-threat-attacking-5g-via-network-slices

Excerpt: “RSA CONFERENCE — San Francisco — While 5G security is not new as a topic of conversation, emerging attack vectors continue to come to the fore. Deloitte & Touche researchers have uncovered a potential avenue of attack targeting network slices, a fundamental part of 5G’s architecture. The stakes are high: Not just a faster 4G, next-generation 5G networks are expected to serve as the communications infrastructure for an array of mission-critical environments, such as public safety, military services, critical infrastructure, and the Industrial Internet of Things (IIoT). They also play a role in supporting latency-sensitive future applications like automated cars and telesurgery. A cyberattack on that infrastructure could have significant implications for public health and national security, and impact a range of commercial services for individual enterprises.”

Title: New SVCReady Malware Loads from Word Doc Properties

Date Published: June 7, 2022

https://www.bleepingcomputer.com/news/security/new-svcready-malware-loads-from-word-doc-properties/

Excerpt: “A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines. More specifically, it uses VBA macro code to execute shellcode stored in the properties of a document that arrives on the target as an email attachment.”

Title: Black Basta ransomware now Supports Encrypting VMware ESXi Servers

Date Published: June 8, 2022

https://securityaffairs.co/wordpress/132037/hacking/black-basta-ransomware-vmware-esxi.html

Excerpt: “The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers. Researchers from Uptycs first reported the discovery of the new Black Basta ransomware variant that supports encryption of VMWare ESXi servers. The move aims at expanding potential targets, the support for VMware ESXi was already implemented by many ransomware families, including LockBit, HelloKitty, BlackMatter, and REvil.”

Title: Paying Ransomware Paints Bigger Bullseye on Target’s Back

Date Published: June 8, 2022

https://threatpost.com/paying-ransomware-bullseye-back/179915/

Excerpt: “Paying ransomware attackers doesn’t pay off and often paints a bigger target on a victim’s back. Eighty percent of ransomware victims that paid their attackers were hit a second time by the malware scourge. New ransomware numbers come from a Cybereason’s April ransomware survey of 1,456 cybersecurity professionals. According to the gated report (registration required), victims that were successfully extorted were not only targeted a second time, but frequently data encrypted by criminals later became unusable during the decryption process because of corruption issues.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...