July 11, 2022

Fortify Security Team
Jul 11, 2022

Title: Maastricht University Wound Up Earning Money from its Ransom Payment
Date Published: July 10, 2022


Excerpt: “Maastricht University (UM), a Dutch university with more than 22,000 students, said last week that it had recovered the ransom paid after a ransomware attack that hit its network in December 2019. After a thorough investigation of the incident, the attack was linked by cybersecurity company Fox-IT with a financially motivated hacker group tracked as TA505 (or SectorJ04), known for primarily targeting retail and financial organizations since at least Q3 2014. The hackers infiltrated the university’s systems via phishing e-mails in mid-October and deployed Clop ransomware payloads on 267 Windows systems on December 23, after moving laterally through the network. One week later, on December 30, the university decided to pay the ransom to have its files decrypted after deciding that rebuilding all infected systems from scratch or creating a decryptor were not viable options.”

Title: PyPI Mandates 2FA for Critical Projects, Developer Pushes Back
Date Published: July 9, 2022


Excerpt: “On Friday, the Python Package Index (PyPI), the official repository of third-party open-source Python projects announced plans to mandate two-factor authentication requirements for maintainers of “critical” projects. Although many community members praised the move, the developer of a popular Python project decided to delete his code from PyPI and republish it to invalidate the “critical” status assigned to his project.”

Title: Mangatoon Data Breach Exposes Data from 23 Million Accounts
Date Published: July 9, 2022


Excerpt: “Comic reading platform Mangatoon has suffered a data breach that exposed information belonging to 23 million user accounts after a hacker stole it from an unsecured Elasticsearch database. Mangatoon is also a very popular iOS and Android app used by millions of users to read online Manga comics. This week, the data breach notification service Have I Been Pwned (HIBP) added 23 million Mangatoon accounts to their platform.”

Title: New 0mega Ransomware Targets Businesses in Double-Extortion Attacks
Date Published: July 8, 2022


Excerpt: “A new ransomware operation named ‘0mega’ targets organizations worldwide in double-extortion attacks and demands millions of dollars in ransoms. 0mega (spelled with a zero) is a new ransomware operation launched in May 2022 and has attacked numerous victims since then.”

Title: BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2.5 Million in Demands
Date Published: July 11, 2022


Excerpt: “The notorious cybercriminal syndicate competes with Conti and Lockbit 3.0. They introduced an advanced search by stolen victim’s passwords, and confidential documents leaked in the TOR network. Resecurity (USA), a Los Angeles-based cybersecurity company protecting Fortune 500 companies, has detected a significant increase in the value of ransom demand requests by the notorious Blackcat ransomware gang. According to experts, the notorious cybercriminal syndicate actively competes with Conti and the updated Lockbit 3.0, and recently introduced a search by stolen victim’s passwords, and confidential documents leaked in the TOR network. Based on the observed recently compromised victims based in the Nordics region (which haven’t been disclosed by the group yet) the amount to be paid exceeds $2 million. One of the tactics used offers close to 50% discount to the victim in the case they are willing to pay – several ransom demands valued at $14 million were decreased to $7 million, but such amounts are still complicated for enterprises facing cybersecurity incidents. The most common ransom demand practiced by BlackCat jumped up to $2.5 million and it seems its trajectory will only grow.”

Title: Dealing with Threats and Preventing Sensitive Data Loss
Date Published: July 11, 2022


Excerpt: “Recently, Normalyze, a data-first cloud security platform, came out of stealth with $22.2M in Series A funding. This was the perfect time to catch up with co-founder and CEO Amer Deeba. In this interview with Help Net Security, he talks about the path data security as well as visibility challenges.”

Title: Anubis Networks is Back with New C2 Server
Date Published: July 11, 2022


Excerpt: “A large-scale phishing campaign is targeting Internet-end users in Brazil and Portugal since March 2022. Anubis Network is a C2 portal developed to control fake portals and aims to steal credentials to fully access the real systems. This C2 server is controlled by a group of operators that come from the previous analysis in 2022, the various brands being divided among the operators of the group (in a call center modus operandi). This campaign is highlighted by Segurança Informática in 2020, and the high-level diagram of this new campaign can be observed below.”

Title: Experts Demonstrate how to Unlock Several Honda Models via Rolling-PWN Attack
Date Published: July 10, 2022


Excerpt: “A team of security Researchers Kevin2600 and Wesley Li from Star-V Lab independently discovered a flaw in Honda models, named the Rolling-PWN Attack vulnerability (CVE-2021-46145), that can allow unlocking their vehicles. A remote keyless entry system (RKE) allows remotely unlocking or starting a vehicle. The researchers tested a remote keyless entry system (RKE) that allows to remotely unlock or start a vehicle and discovered the Rolling-PWN attack issue. According to the experts, the issue affects all Honda vehicles on the market (From the Year 2012 up to the Year 2022). Successful exploitation of this flaw can allow attackers to permanently open the car door or even start the engine of a vehicle. The issue resides in a version of the rolling codes mechanism implemented in many Honda models to prevent replay attacks.”

Title: French Telephone Operator La Poste Mobile Suffered a Ransomware Attack
Date Published: July 10, 2022


Excerpt: “The ransomware attack hit the virtual mobile telephone operator La Poste Mobile on July 4 and paralyzed administrative and management services. The company pointed out that threat actors may have accessed data of its customers, for this reason it is recommending them to be vigilant. The company highlight the risks of identity theft or phishing attacks in case their data have been compromised.”

Title: China’s Tonto Team APT Ramps Up Spy Operations Against Russia
Date Published: July 11, 2022


Excerpt: “French energy giant EDF has been placed under ‘enhanced attention’ by the UK’s Office for Nuclear Regulation (ONR) after identifying shortfalls in its cybersecurity plans, according to reports this weekend. The ONR is taking action due to the findings of routine inspections over the past 12 months. The Telegraph newspaper quoted the body as saying it had “identified shortfalls in governance, risk and compliance in certain technical controls” during these inspections. EDF owns and runs the UK’s network of nuclear power stations at five locations and is currently building a new nuclear power station at Hinkley Point in Somerset, together with minority Chinese partner CGN. The action takes place against a backdrop of increased awareness of the vulnerability of energy infrastructure around Europe to cyber-attack. ”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...