June 9, 2022

Fortify Security Team
Jun 9, 2022
Title: New Symbiote Malware Infects all Running Processes on Linux Systems

Date Published: June 9, 2022

https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/

Excerpt: “A newly discovered Linux malware known as Symbiote infects all running processes on compromised systems, steals account credentials, and gives its operators backdoor access. After injecting itself into all running processes, the malware acts as a system-wide parasite, leaving no identifiable signs of infection even during meticulous in-depth inspections.”

Title: New Emotet Variant uses a Module to Steal Data from Google Chrome

Date Published: June 9, 2022

https://securityaffairs.co/wordpress/132090/cyber-crime/emotet-google-chrome-info-stealer.html

Excerpt: “Proofpoint researchers reported a new wave of Emotet infections, in particular, a new variant is using a new info-stealing module used to siphon credit card information stored in the Chrome browser.
Once the card data were gathered, the module exfiltrates it to C2 servers that are different from the loader module.”

Title: Healthcare is Most Likely to Pay the Ransom

Date Published: June 9, 2022

https://www.helpnetsecurity.com/2022/06/09/ransomware-attacks-healthcare-sector/

Excerpt: “Sophos has published a sectoral survey report which reveals a 94% increase in ransomware attacks on the organizations surveyed in the healthcare sector. In 2021, 66% of healthcare organizations were hit; 34% were hit the previous year. The silver lining, however, is that healthcare organizations are getting better at dealing with the aftermath of ransomware attacks, according to the survey data. The report shows that 99% of those healthcare organizations hit by ransomware got at least some their data back after cybercriminals encrypted it during the attacks.”

Title: Even the Most Advanced Threats Rely on Unpatched Systems

Date Published: June 9, 2022

https://thehackernews.com/2022/06/even-most-advanced-threats-rely-on.html

Excerpt: “Common cybercriminals are a menace, there’s no doubt about it – from bedroom hackers through to ransomware groups, cybercriminals are causing a lot of damage. But both the tools used and the threat posed by common cybercriminals pale in comparison to the tools used by more professional groups such as the famous hacking groups and state-sponsored groups.”

Title: NSA Cyber Chief says There has Been ‘Enormous’ Amount of Hacking in Ukraine War

Date Published: June 8, 2022

https://www.scmagazine.com/analysis/rsac/nsa-cyber-chief-says-there-has-been-enormous-amount-of-hacking-in-ukraine-war

Excerpt: “From the outset of the Russia-Ukraine war, the global cybersecurity community has debated why we haven’t seen the sort of regular, spectacular cyberattacks that many were predicting. The possible explanations were numerous. Some have cited the maturity of Ukraine’s cybersecurity. Others have offered reminders that public visibility around such attacks is always poor in the immediate aftermath, particularly in the midst of a war zone, or attempted to tie the lack of observable activity to more general criticisms of Russian military incompetence.”

Title: Dark Web Sites Selling Western Weapons Allegedly Sent to Ukraine

Date Published: June  9, 2022

https://www.bleepingcomputer.com/news/security/dark-web-sites-selling-western-weapons-allegedly-sent-to-ukraine/

Excerpt: “Several weapon marketplaces on the dark web have listed military-grade firearms allegedly coming from Western countries that sent them to support the Ukrainian army in its fight against the Russian invaders. Supposedly, these weapons were somehow put aside from the received supplies and are now being made available to terrorists looking to buy rocket launchers and other high-impact attack systems.”

Title: Tainted CCleaner Pro Cracker Spreads via Black Seo Campaign

Date Published: June  9, 2022

https://securityaffairs.co/wordpress/132076/cyber-crime/ccleaner-black-seo-malware-fakecrack.html

Excerpt: “Researchers from Avast have uncovered a malware campaign, tracked as FakeCrack, spreading through the search results for a pirated copy of the CCleaner Pro Windows optimization program. The researchers pointed out that operators behind the campaign used a large infrastructure to deliver an info-stealing malware and harvest sensitive data, including crypto assets, from the victims. Avast revealed to have prevented the infection of roughly 10,000 users daily, most of them located in Brazil, India, Indonesia, and France.”

Title: Barely One-Third of IT Pros can Vet Code for Tampering

Date Published: June 8, 2022

https://www.helpnetsecurity.com/2022/06/08/software-supply-chain-attacks/

Excerpt: “Global research commissioned by ReversingLabs and conducted by Dimensional Research, revealed that software development teams are increasingly concerned about supply chain attacks and tampering, but barely a third said they can effectively vet the security of developed and published code for tampering.”

Title: A Decade-Long Chinese Espionage Campaign Targets Southeast Asia and Australia

Date Published: June 9, 2022

https://thehackernews.com/2022/06/a-decade-long-chinese-espionage.html

Excerpt: “A previously undocumented Chinese-speaking advanced persistent threat (APT) actor dubbed Aoqin Dragon has been linked to a string of espionage-oriented attacks aimed at government, education, and telecom entities chiefly in Southeast Asia and Australia dating as far back as 2013.”

Title: Massive Facebook Messenger Phishing Operation Generates Millions

Date Published: June 8, 2022

https://www.bleepingcomputer.com/news/security/massive-facebook-messenger-phishing-operation-generates-millions/

Excerpt: “Researchers have uncovered a large-scale phishing operation that abused Facebook and Messenger to lure millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements. The campaign operators used these stolen accounts to send further phishing messages to their friends, generating significant revenue via online advertising commissions.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...