July 11, 2022

Fortify Security Team
Jul 11, 2022

Title: Maastricht University Wound Up Earning Money from its Ransom Payment
Date Published: July 10, 2022

https://www.bleepingcomputer.com/news/security/maastricht-university-wound-up-earning-money-from-its-ransom-payment/

Excerpt: “Maastricht University (UM), a Dutch university with more than 22,000 students, said last week that it had recovered the ransom paid after a ransomware attack that hit its network in December 2019. After a thorough investigation of the incident, the attack was linked by cybersecurity company Fox-IT with a financially motivated hacker group tracked as TA505 (or SectorJ04), known for primarily targeting retail and financial organizations since at least Q3 2014. The hackers infiltrated the university’s systems via phishing e-mails in mid-October and deployed Clop ransomware payloads on 267 Windows systems on December 23, after moving laterally through the network. One week later, on December 30, the university decided to pay the ransom to have its files decrypted after deciding that rebuilding all infected systems from scratch or creating a decryptor were not viable options.”

Title: PyPI Mandates 2FA for Critical Projects, Developer Pushes Back
Date Published: July 9, 2022

https://www.bleepingcomputer.com/news/security/pypi-mandates-2fa-for-critical-projects-developer-pushes-back/

Excerpt: “On Friday, the Python Package Index (PyPI), the official repository of third-party open-source Python projects announced plans to mandate two-factor authentication requirements for maintainers of “critical” projects. Although many community members praised the move, the developer of a popular Python project decided to delete his code from PyPI and republish it to invalidate the “critical” status assigned to his project.”

Title: Mangatoon Data Breach Exposes Data from 23 Million Accounts
Date Published: July 9, 2022

https://www.bleepingcomputer.com/news/security/mangatoon-data-breach-exposes-data-from-23-million-accounts/

Excerpt: “Comic reading platform Mangatoon has suffered a data breach that exposed information belonging to 23 million user accounts after a hacker stole it from an unsecured Elasticsearch database. Mangatoon is also a very popular iOS and Android app used by millions of users to read online Manga comics. This week, the data breach notification service Have I Been Pwned (HIBP) added 23 million Mangatoon accounts to their platform.”

Title: New 0mega Ransomware Targets Businesses in Double-Extortion Attacks
Date Published: July 8, 2022

https://www.bleepingcomputer.com/news/security/new-0mega-ransomware-targets-businesses-in-double-extortion-attacks/

Excerpt: “A new ransomware operation named ‘0mega’ targets organizations worldwide in double-extortion attacks and demands millions of dollars in ransoms. 0mega (spelled with a zero) is a new ransomware operation launched in May 2022 and has attacked numerous victims since then.”

Title: BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2.5 Million in Demands
Date Published: July 11, 2022

https://www.helpnetsecurity.com/2022/07/11/blackcat-alphv-ransomware/

Excerpt: “The notorious cybercriminal syndicate competes with Conti and Lockbit 3.0. They introduced an advanced search by stolen victim’s passwords, and confidential documents leaked in the TOR network. Resecurity (USA), a Los Angeles-based cybersecurity company protecting Fortune 500 companies, has detected a significant increase in the value of ransom demand requests by the notorious Blackcat ransomware gang. According to experts, the notorious cybercriminal syndicate actively competes with Conti and the updated Lockbit 3.0, and recently introduced a search by stolen victim’s passwords, and confidential documents leaked in the TOR network. Based on the observed recently compromised victims based in the Nordics region (which haven’t been disclosed by the group yet) the amount to be paid exceeds $2 million. One of the tactics used offers close to 50% discount to the victim in the case they are willing to pay – several ransom demands valued at $14 million were decreased to $7 million, but such amounts are still complicated for enterprises facing cybersecurity incidents. The most common ransom demand practiced by BlackCat jumped up to $2.5 million and it seems its trajectory will only grow.”

Title: Dealing with Threats and Preventing Sensitive Data Loss
Date Published: July 11, 2022

https://www.helpnetsecurity.com/2022/07/11/data-threats/

Excerpt: “Recently, Normalyze, a data-first cloud security platform, came out of stealth with $22.2M in Series A funding. This was the perfect time to catch up with co-founder and CEO Amer Deeba. In this interview with Help Net Security, he talks about the path data security as well as visibility challenges.”

Title: Anubis Networks is Back with New C2 Server
Date Published: July 11, 2022

https://securityaffairs.co/wordpress/133115/hacking/anubis-networks-new-c2.html

Excerpt: “A large-scale phishing campaign is targeting Internet-end users in Brazil and Portugal since March 2022. Anubis Network is a C2 portal developed to control fake portals and aims to steal credentials to fully access the real systems. This C2 server is controlled by a group of operators that come from the previous analysis in 2022, the various brands being divided among the operators of the group (in a call center modus operandi). This campaign is highlighted by Segurança Informática in 2020, and the high-level diagram of this new campaign can be observed below.”

Title: Experts Demonstrate how to Unlock Several Honda Models via Rolling-PWN Attack
Date Published: July 10, 2022

https://securityaffairs.co/wordpress/133090/hacking/honda-rolling-pwn-attack.html

Excerpt: “A team of security Researchers Kevin2600 and Wesley Li from Star-V Lab independently discovered a flaw in Honda models, named the Rolling-PWN Attack vulnerability (CVE-2021-46145), that can allow unlocking their vehicles. A remote keyless entry system (RKE) allows remotely unlocking or starting a vehicle. The researchers tested a remote keyless entry system (RKE) that allows to remotely unlock or start a vehicle and discovered the Rolling-PWN attack issue. According to the experts, the issue affects all Honda vehicles on the market (From the Year 2012 up to the Year 2022). Successful exploitation of this flaw can allow attackers to permanently open the car door or even start the engine of a vehicle. The issue resides in a version of the rolling codes mechanism implemented in many Honda models to prevent replay attacks.”

Title: French Telephone Operator La Poste Mobile Suffered a Ransomware Attack
Date Published: July 10, 2022

https://securityaffairs.co/wordpress/133080/cyber-crime/la-poste-mobile-ransomware.html

Excerpt: “The ransomware attack hit the virtual mobile telephone operator La Poste Mobile on July 4 and paralyzed administrative and management services. The company pointed out that threat actors may have accessed data of its customers, for this reason it is recommending them to be vigilant. The company highlight the risks of identity theft or phishing attacks in case their data have been compromised.”

Title: China’s Tonto Team APT Ramps Up Spy Operations Against Russia
Date Published: July 11, 2022

https://www.infosecurity-magazine.com/news/edf-scrutiny-cybersecurity-record/

Excerpt: “French energy giant EDF has been placed under ‘enhanced attention’ by the UK’s Office for Nuclear Regulation (ONR) after identifying shortfalls in its cybersecurity plans, according to reports this weekend. The ONR is taking action due to the findings of routine inspections over the past 12 months. The Telegraph newspaper quoted the body as saying it had “identified shortfalls in governance, risk and compliance in certain technical controls” during these inspections. EDF owns and runs the UK’s network of nuclear power stations at five locations and is currently building a new nuclear power station at Hinkley Point in Somerset, together with minority Chinese partner CGN. The action takes place against a backdrop of increased awareness of the vulnerability of energy infrastructure around Europe to cyber-attack. ”

Recent Posts

July 27, 2022

Title: Phishing Attacks Skyrocket With Microsoft and Facebook as Most Abused Brands Date Published: July 26, 2022 https://threatpost.com/popular-bait-in-phishing-attacks/180281/ Excerpt: “The bloom is back on phishing attacks with criminals doubling down on fake...

July 26, 2022

Title: Nist Updates Healthcare Security Guidance Date Published: July 25, 2022 https://www.infosecurity-magazine.com/news/nist-healthcare-guidance/ Excerpt: “The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for...

July 25, 2022

Title: Lockbit Ransomware Gang Claims to Have Breached the Italian Revenue Agency Date Published: July 25, 2022 https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html Excerpt: “The ransomware gang Lockbit claims to have...

July 22, 2022

Title: Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’ Date Published: July 21, 2022 https://threatpost.com/hackers-cyber-mercenaries/180263/ Excerpt: “A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and...

July 21, 2022

Title: Windows 11 Now Blocks Rdp Brute-Force Attacks by Default Date Published: July 21, 2022 https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/ Excerpt: “Recent Windows 11 builds come with the Account Lockout...

July 20, 2022

Title: New Luna Ransomware Encrypts Windows, Linux, and Esxi Systems Date Published: July 20, 2022 https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/ Excerpt: “A new ransomware family dubbed Luna can be used to...

July 18, 2022

Title: A Massive Cyberattack Hit Albania Date Published: July 18, 2022 https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html Excerpt: “Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A...