July 1, 2022

Fortify Security Team
Jul 1, 2022

Title: XFiles Info-Stealing Malware Adds Support for Follina Delivery
Date Published: June 30, 2022

https://www.bleepingcomputer.com/news/security/xfiles-info-stealing-malware-adds-support-for-follina-delivery/

Excerpt: “The XFiles info-stealer malware has added a delivery module that exploits CVE-2022-30190, aka Follina, for dropping the payload on target computers. The flaw, discovered as a zero-day at the end of May and fixed with Microsoft’s Windows update on June 14, enables the execution of PowerShell commands simply by opening a Word document. In the case of the XFiles malware, researchers at Cyberint noticed that recent campaigns delivering the malware use Follina to download the payload, execute it, and also create persistence on the target machine.”

Title: Russian Hacktivists Take Down Norway Govt Sites in DDoS Attacks
Date Published: June 30, 2022

https://www.bleepingcomputer.com/news/security/russian-hacktivists-take-down-norway-govt-sites-in-ddos-attacks/

Excerpt: “Norway’s National Security Authority (NSM) published a statement yesterday warning that some of the country’s most important websites and online services are being rendered inaccessible due to distributed denial of service (DDoS) attacks. The statement further explains that a criminal pro-Russian group is believed to be behind the attacks. DDoS attacks are a special type of cyberattack that causes internet servers to be overwhelmed by many requests and garbage traffic, rendering the hosted sites and services inaccessible for legitimate visitors and users.”

Title: Ukraine Targeted by Almost 800 Cyberattacks Since the War Started
Date Published: June 30, 2022

https://www.bleepingcomputer.com/news/security/ukraine-targeted-by-almost-800-cyberattacks-since-the-war-started/

Excerpt: “Ukrainian government and private sector organizations have been the target of 796 cyberattacks since the start of the war on February 24, 2022, when Russia invaded Ukraine. According to Ukraine’s cybersecurity defense and security agency SSSCIP (short for State Service of Special Communications and Information Protection), the country’s networks have been under a constant barrage of hacking attempts since the war started. “Enemy hackers continue to attack Ukraine. The intensity of cyberattacks has not decreased since the beginning of Russia’s full-scale military invasion, although their quality has been declining,” SSSCIP said on Thursday.”

Title: Microsoft Exchange Servers Worldwide Backdoored With New Malware
Date Published: June 30, 2022

https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-worldwide-backdoored-with-new-malware/

Excerpt: “Attackers used a newly discovered malware to backdoor Microsoft Exchange servers belonging to government and military organizations from Europe, the Middle East, Asia, and Africa. The malware, dubbed SessionManager by security researchers at Kaspersky, who first spotted it in early 2022, is a malicious native-code module for Microsoft’s Internet Information Services (IIS) web server software. It has been used in the wild without being detected since at least March 2021, right after the start of last year’s massive wave of ProxyLogon attacks.”

Title: Macmillan Shuts Down Systems After Likely Ransomware Attack
Date Published: June 30, 2022

https://www.bleepingcomputer.com/news/security/macmillan-shuts-down-systems-after-likely-ransomware-attack/

Excerpt: “Publishing giant Macmillan was forced to shut down their network and offices while recovering from a security incident that appears to be a ransomware attack. The attack reportedly occurred over the weekend, on Saturday, June 25th, with the company shutting down all of their IT systems to prevent the spread of the attack. Publishers Weekly first reported on the incident, seeing emails from Macmillan that stated they suffered a “security incident, which involves the encryption of certain files on our network.” The use of encryption in the attack indicates that it was a ransomware attack. Since then, Macmillan editors have been unusually transparent about the security incident, telling agents and clients that they are not being ignored, but have lost access to their systems, emails, and files.”

Title: Toll Fraud Malware Disables Your WiFi to Force Premium Subscriptions
Date Published: June  30, 2022

https://www.bleepingcomputer.com/news/security/toll-fraud-malware-disables-your-wifi-to-force-premium-subscriptions/

Excerpt: “Microsoft is warning that toll fraud malware is one of the most prevalent threats on Android and that it is evolving with features that allow automatic subscription to premium services. Toll fraud is a subset of billing fraud, where the threat actor tricks victims into calling or sending an SMS to a premium number. The difference is that toll fraud does not work over WiFi and forces the devices to connect to the mobile operator’s network.”

Title: Jenkins Discloses Dozens of Zero-Day Bugs in Multiple Plugins
Date Published: July 1, 2022

https://www.bleepingcomputer.com/news/security/jenkins-discloses-dozens-of-zero-day-bugs-in-multiple-plugins/

Excerpt: “On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched. Jenkins is a highly popular platform (with support for over 1,700 plugins) used by enterprises worldwide for building, testing, and deploying software. The zero-days’ CVSS base scores range from low to high severity, and, according to Jenkins’ stats, the impacted plugins have a total of more than 22,000 installs.”

Title: Product showcase: Group-IB Unified Risk Platform
Date Published: June 30, 2022

https://www.helpnetsecurity.com/2022/07/01/product-showcase-group-ib-unified-risk-platform/

Excerpt: “The cyber threat landscape has intensified. Threat actors are organized and professionalized, with ransomware gangs outsourcing the first step of their operations to Initial Access Brokers. This alliance has proven profitable for both sides, as the illegal sale of initial access to organizations grew 204% and ransom demand soared by 45% last year. The pace of cybercrime is accelerating, making it harder for businesses to manage their cyber risks. Security teams are faced with the increasing challenge of identifying the specific threats they face, how to defend against them, and how to respond immediately in case of an incident. Inaccurate or out-of-date information will result in misplaced defenses, suboptimal prioritization of vulnerability management, false positives overwhelming operations teams, and slow response times to real security incidents. To address these challenges, Group-IB has developed the Unified Risk Platform, a comprehensive set of solutions that understands each organization’s threat profile and configures defenses, and responds to threats in real-time. At the heart of the Unified Risk Platform is Group-IB’s Single Data Lake, which contains the industry’s richest body of adversary intelligence. Every product and service in Group-IB’s now consolidated security suite is enriched with intelligence from the data lake, enabling them to overcome the attacks targeting an organization and reduce organizational risk.”

Title: Korean Cybersecurity Agency Released a Free Decryptor for Hive Ransomware
Date Published: June 30, 2022

https://securityaffairs.co/wordpress/132770/malware/hive-ransomware-decryptor.html

Excerpt: “Good news for the victims of the Hive ransomware, the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4. “The Korea Internet & Security Agency (KISA) is distributing the Hive ransomware integrated recovery tool. This recovery tool can recover Hive ransomware version 1 to version 4.” reads the announcement published by the KISA agency. The agency released an executable along with a user manual that provides step-by-step instructions to recover encrypted data for free.”

Title: Experts Blame North Korea-Linked Lazarus APT for the Harmony Hack
Date Published: June 30, 2022

https://securityaffairs.co/wordpress/132759/hacking/harmony-hack-lazarus-apt.html

Excerpt: “Recently, threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms. Harmony’s Horizon Bridge allows users to transfer their crypto assets from one blockchain to another, the company immediately halted the bridge to prevent further transactions and notified other exchanges. The company also offers a $1 million bounty in exchange for the return of the funds.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...