July 1, 2022

Fortify Security Team
Jul 1, 2022

Title: XFiles Info-Stealing Malware Adds Support for Follina Delivery
Date Published: June 30, 2022

https://www.bleepingcomputer.com/news/security/xfiles-info-stealing-malware-adds-support-for-follina-delivery/

Excerpt: “The XFiles info-stealer malware has added a delivery module that exploits CVE-2022-30190, aka Follina, for dropping the payload on target computers. The flaw, discovered as a zero-day at the end of May and fixed with Microsoft’s Windows update on June 14, enables the execution of PowerShell commands simply by opening a Word document. In the case of the XFiles malware, researchers at Cyberint noticed that recent campaigns delivering the malware use Follina to download the payload, execute it, and also create persistence on the target machine.”

Title: Russian Hacktivists Take Down Norway Govt Sites in DDoS Attacks
Date Published: June 30, 2022

https://www.bleepingcomputer.com/news/security/russian-hacktivists-take-down-norway-govt-sites-in-ddos-attacks/

Excerpt: “Norway’s National Security Authority (NSM) published a statement yesterday warning that some of the country’s most important websites and online services are being rendered inaccessible due to distributed denial of service (DDoS) attacks. The statement further explains that a criminal pro-Russian group is believed to be behind the attacks. DDoS attacks are a special type of cyberattack that causes internet servers to be overwhelmed by many requests and garbage traffic, rendering the hosted sites and services inaccessible for legitimate visitors and users.”

Title: Ukraine Targeted by Almost 800 Cyberattacks Since the War Started
Date Published: June 30, 2022

https://www.bleepingcomputer.com/news/security/ukraine-targeted-by-almost-800-cyberattacks-since-the-war-started/

Excerpt: “Ukrainian government and private sector organizations have been the target of 796 cyberattacks since the start of the war on February 24, 2022, when Russia invaded Ukraine. According to Ukraine’s cybersecurity defense and security agency SSSCIP (short for State Service of Special Communications and Information Protection), the country’s networks have been under a constant barrage of hacking attempts since the war started. “Enemy hackers continue to attack Ukraine. The intensity of cyberattacks has not decreased since the beginning of Russia’s full-scale military invasion, although their quality has been declining,” SSSCIP said on Thursday.”

Title: Microsoft Exchange Servers Worldwide Backdoored With New Malware
Date Published: June 30, 2022

https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-worldwide-backdoored-with-new-malware/

Excerpt: “Attackers used a newly discovered malware to backdoor Microsoft Exchange servers belonging to government and military organizations from Europe, the Middle East, Asia, and Africa. The malware, dubbed SessionManager by security researchers at Kaspersky, who first spotted it in early 2022, is a malicious native-code module for Microsoft’s Internet Information Services (IIS) web server software. It has been used in the wild without being detected since at least March 2021, right after the start of last year’s massive wave of ProxyLogon attacks.”

Title: Macmillan Shuts Down Systems After Likely Ransomware Attack
Date Published: June 30, 2022

https://www.bleepingcomputer.com/news/security/macmillan-shuts-down-systems-after-likely-ransomware-attack/

Excerpt: “Publishing giant Macmillan was forced to shut down their network and offices while recovering from a security incident that appears to be a ransomware attack. The attack reportedly occurred over the weekend, on Saturday, June 25th, with the company shutting down all of their IT systems to prevent the spread of the attack. Publishers Weekly first reported on the incident, seeing emails from Macmillan that stated they suffered a “security incident, which involves the encryption of certain files on our network.” The use of encryption in the attack indicates that it was a ransomware attack. Since then, Macmillan editors have been unusually transparent about the security incident, telling agents and clients that they are not being ignored, but have lost access to their systems, emails, and files.”

Title: Toll Fraud Malware Disables Your WiFi to Force Premium Subscriptions
Date Published: June  30, 2022

https://www.bleepingcomputer.com/news/security/toll-fraud-malware-disables-your-wifi-to-force-premium-subscriptions/

Excerpt: “Microsoft is warning that toll fraud malware is one of the most prevalent threats on Android and that it is evolving with features that allow automatic subscription to premium services. Toll fraud is a subset of billing fraud, where the threat actor tricks victims into calling or sending an SMS to a premium number. The difference is that toll fraud does not work over WiFi and forces the devices to connect to the mobile operator’s network.”

Title: Jenkins Discloses Dozens of Zero-Day Bugs in Multiple Plugins
Date Published: July 1, 2022

https://www.bleepingcomputer.com/news/security/jenkins-discloses-dozens-of-zero-day-bugs-in-multiple-plugins/

Excerpt: “On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched. Jenkins is a highly popular platform (with support for over 1,700 plugins) used by enterprises worldwide for building, testing, and deploying software. The zero-days’ CVSS base scores range from low to high severity, and, according to Jenkins’ stats, the impacted plugins have a total of more than 22,000 installs.”

Title: Product showcase: Group-IB Unified Risk Platform
Date Published: June 30, 2022

https://www.helpnetsecurity.com/2022/07/01/product-showcase-group-ib-unified-risk-platform/

Excerpt: “The cyber threat landscape has intensified. Threat actors are organized and professionalized, with ransomware gangs outsourcing the first step of their operations to Initial Access Brokers. This alliance has proven profitable for both sides, as the illegal sale of initial access to organizations grew 204% and ransom demand soared by 45% last year. The pace of cybercrime is accelerating, making it harder for businesses to manage their cyber risks. Security teams are faced with the increasing challenge of identifying the specific threats they face, how to defend against them, and how to respond immediately in case of an incident. Inaccurate or out-of-date information will result in misplaced defenses, suboptimal prioritization of vulnerability management, false positives overwhelming operations teams, and slow response times to real security incidents. To address these challenges, Group-IB has developed the Unified Risk Platform, a comprehensive set of solutions that understands each organization’s threat profile and configures defenses, and responds to threats in real-time. At the heart of the Unified Risk Platform is Group-IB’s Single Data Lake, which contains the industry’s richest body of adversary intelligence. Every product and service in Group-IB’s now consolidated security suite is enriched with intelligence from the data lake, enabling them to overcome the attacks targeting an organization and reduce organizational risk.”

Title: Korean Cybersecurity Agency Released a Free Decryptor for Hive Ransomware
Date Published: June 30, 2022

https://securityaffairs.co/wordpress/132770/malware/hive-ransomware-decryptor.html

Excerpt: “Good news for the victims of the Hive ransomware, the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4. “The Korea Internet & Security Agency (KISA) is distributing the Hive ransomware integrated recovery tool. This recovery tool can recover Hive ransomware version 1 to version 4.” reads the announcement published by the KISA agency. The agency released an executable along with a user manual that provides step-by-step instructions to recover encrypted data for free.”

Title: Experts Blame North Korea-Linked Lazarus APT for the Harmony Hack
Date Published: June 30, 2022

https://securityaffairs.co/wordpress/132759/hacking/harmony-hack-lazarus-apt.html

Excerpt: “Recently, threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms. Harmony’s Horizon Bridge allows users to transfer their crypto assets from one blockchain to another, the company immediately halted the bridge to prevent further transactions and notified other exchanges. The company also offers a $1 million bounty in exchange for the return of the funds.”

Recent Posts

July 27, 2022

Title: Phishing Attacks Skyrocket With Microsoft and Facebook as Most Abused Brands Date Published: July 26, 2022 https://threatpost.com/popular-bait-in-phishing-attacks/180281/ Excerpt: “The bloom is back on phishing attacks with criminals doubling down on fake...

July 26, 2022

Title: Nist Updates Healthcare Security Guidance Date Published: July 25, 2022 https://www.infosecurity-magazine.com/news/nist-healthcare-guidance/ Excerpt: “The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for...

July 25, 2022

Title: Lockbit Ransomware Gang Claims to Have Breached the Italian Revenue Agency Date Published: July 25, 2022 https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html Excerpt: “The ransomware gang Lockbit claims to have...

July 22, 2022

Title: Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’ Date Published: July 21, 2022 https://threatpost.com/hackers-cyber-mercenaries/180263/ Excerpt: “A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and...

July 21, 2022

Title: Windows 11 Now Blocks Rdp Brute-Force Attacks by Default Date Published: July 21, 2022 https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/ Excerpt: “Recent Windows 11 builds come with the Account Lockout...

July 20, 2022

Title: New Luna Ransomware Encrypts Windows, Linux, and Esxi Systems Date Published: July 20, 2022 https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/ Excerpt: “A new ransomware family dubbed Luna can be used to...

July 18, 2022

Title: A Massive Cyberattack Hit Albania Date Published: July 18, 2022 https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html Excerpt: “Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A...