July 14, 2022

Fortify Security Team
Jul 14, 2022

Title: Microsoft Published Exploit Code for a MacOS App Sandbox Escape Flaw
Date Published: July 14, 2022

https://securityaffairs.co/wordpress/133211/hacking/macos-sandbox-bypass-exploit.html

Excerpt: “Microsoft publicly disclosed technical details for an access issue vulnerability, tracked as CVE-2022-26706, that resides in the macOS App Sandbox. Microsoft reported the issue to Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) in October 2021. Apple addressed the CVE-2022-26706 flaw on May 16, 2022. “An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.” reads the description of this issue. An attacker can trigger the flaw using a specially crafted Office document containing malicious macro code that allows to bypass sandbox restrictions and execute commands on the system.”

Title: VMware Fixed a Flaw in vCenter Server Discovered Eight Months Ago
Date Published: July 14, 2022

https://securityaffairs.co/wordpress/133204/security/vmware-vcenter-server-flaw-2.html

Excerpt: “VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048 (CVSSv3 base score of 7.1.), in vCenter Server ‘s IWA (Integrated Windows Authentication) mechanism after eight months since its disclosure. The vulnerability can be exploited by an attacker with non-administrative access to vulnerable vCenter Server deployments to elevate privileges to a higher privileged group. The CVE-2021-22048 flaw affects multiple vCenter Server versions, including 6.5, 6.7, and 7.0. VMware addressed the flaw with the release of vCenter Server 7.0 Update 3fm which only addresses the vulnerability for servers running the latest release.”

Title: PayPal-Themed Phishing Kit Allows Complete Identity Theft
Date Published: July 14, 2022

https://www.helpnetsecurity.com/2022/07/14/paypal-themed-phishing-kit/

Excerpt: “Sometimes phishers are just after your username and password, but other times they are after every scrap of sensitive information they can extract from you. To do that, they use tools like the phishing kit recently analyzed by Akamai researchers. By misusing the PayPal logo and general design, the phishing kit leads users through a set of pages and forms aimed at collecting information that can later be used to steal the victims’ identity and perform money laundering, open cryptocurrency accounts, make fraudulent tax return claims, and much more.”

Title: New Retbleed Speculative Execution CPU Attack Bypasses Retpoline Fixes
Date Published: July 14, 2022

https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/

Excerpt: “Security researchers have discovered a new speculative execution attack called Retbleed that affects processors from both Intel and AMD and could be used to extract sensitive information. Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre. The issue impacts Intel Core CPUs from generation 6 (Skylake – 2015) through 8 (Coffee Lake – 2017) and AMD Zen 1, Zen 1+, Zen 2 released between 2017 and 2019.”

Title: New Lilith Ransomware Emerges with Extortion Site, Lists First Victim
Date Published: July 13, 2022

https://www.bleepingcomputer.com/news/security/new-lilith-ransomware-emerges-with-extortion-site-lists-first-victim/

Excerpt: “A new ransomware operation has been launched under the name ‘Lilith,’ and it has already posted its first victim on a data leak site created to support double-extortion attacks. Lilith is a C/C++ console-based ransomware discovered by JAMESWT and designed for 64-bit versions of Windows. Like most ransomware operations launching today, Lilith performs double-extortions attacks, which is when the threat actors steal data before encrypting devices. According to a report by researchers at Cyble who analyzed Lilith, the new family doesn’t introduce any novelties. However, it’s one of the latest threats to watch out for, along with RedAlert and 0mega that also recently emerged.”

Title: Bandai Namco Confirms Hack After ALPHV Ransomware Data Leak Threat
Date Published: July 13, 2022

https://www.bleepingcomputer.com/news/security/bandai-namco-confirms-hack-after-alphv-ransomware-data-leak-threat/

Excerpt: “Game publishing giant Bandai Namco has confirmed that they suffered a cyberattack that may have resulted in the theft of customers’ personal data. Bandai Namco is a Japanese publisher of numerous popular video games, including Elden Ring, Dark Souls, Pac-Man, Tekken, Gundam, Soulcalibur, and many more. This past Monday, the BlackCat ransomware operation (aka AlphV) claimed to have breached Bandai Namco and stolen corporate data during the attack.”

Title: Microsoft Releases Tweet-Size Exploit for MacOS Sandbox Escape Bug
Date Published: July 13, 2022

https://www.bleepingcomputer.com/news/security/microsoft-releases-tweet-size-exploit-for-macos-sandbox-escape-bug/

Excerpt: “Microsoft has published the exploit code for a vulnerability in macOS that could help an attacker bypass sandbox restrictions and run code on the system. The company released the technical details for the security issue, which is currently identified as CVE-2022-26706, and explained how the macOS App Sandbox rules could be avoided to allow malicious macro code in Word documents to execute commands on the machine. Abusing macros in Office documents to deploy malware has long been an efficient and popular technique to compromise Windows systems. The same could be achieved on macOS machines lacking the proper security updates, Microsoft warns in a report today.”

Title: New UEFI Firmware Flaws Impact over 70 Lenovo Laptop Models
Date Published: July 13, 2022

https://www.bleepingcomputer.com/news/security/new-uefi-firmware-flaws-impact-over-70-lenovo-laptop-models/

Excerpt: “The UEFI firmware used in several laptops made by Lenovo is vulnerable to three buffer overflow vulnerabilities that could enable attackers to hijack the startup routine of Windows installations. Lenovo has issued a security advisory disclosing three medium severity vulnerabilities tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892. The first is an issue in the ReadyBootDxe driver used in some Lenovo notebook products, while the last two are buffer overflow bugs in the SystemLoadDefaultDxe driver. This second driver is used in the Yoga, IdeaPad, Flex, ThinkBook, V14, V15, V130, Slim, S145, S540, and S940 Lenovo lines, affecting over 70 individual models.”

Title: New Android Malware on Google Play Installed 3 Million Times
Date Published: July 13, 2022

https://www.bleepingcomputer.com/news/security/new-android-malware-on-google-play-installed-3-million-times/

Excerpt: “A new Android malware family on the Google Play Store that secretly subscribes users to premium services was downloaded over 3,000,000 times. The malware, named ‘Autolycos,’ was discovered by Evina’s security researcher Maxime Ingrao to be in at least eight Android applications, two of which are still available on the Google Play Store at the time of this writing. The two apps still available are named ‘Funny Camera’ by KellyTech, which has over 500,000 installations, and ‘Razer Keyboard & Theme’ by rxcheldiolola, which counts over 50,000 installs on the Play Store.”

Title: $8 Million Stolen in Large-Scale Uniswap Airdrop Phishing Attack
Date Published: July 13, 2022

https://www.bleepingcomputer.com/news/security/8-million-stolen-in-large-scale-uniswap-airdrop-phishing-attack/

Excerpt: “Uniswap, a popular decentralized cryptocurrency exchange, lost close to $8 million worth of Ethereum in a sophisticated phishing attack yesterday. While the protocol hasn’t been compromised by exploiting a vulnerability as initially suspected, the cyberattack has impacted many investors in digital assets. The threat actors used the lure of free UNI tokens (airdrops) to trick victims into granting a transactions that gave hackers full access to wallets. The trap was a masked “setApprovalForAll” function that assigns or revokes full approval rights to the operator, essentially allowing the attacker to redeem all Uniswap v3 LP tokens for ETH in the victim wallet. In total, the threat actors siphoned 7,574 ETH to a wallet address under their control and quickly moved 7,500 to the Tornado Cash service for mixing (laundering).”

Recent Posts

July 27, 2022

Title: Phishing Attacks Skyrocket With Microsoft and Facebook as Most Abused Brands Date Published: July 26, 2022 https://threatpost.com/popular-bait-in-phishing-attacks/180281/ Excerpt: “The bloom is back on phishing attacks with criminals doubling down on fake...

July 26, 2022

Title: Nist Updates Healthcare Security Guidance Date Published: July 25, 2022 https://www.infosecurity-magazine.com/news/nist-healthcare-guidance/ Excerpt: “The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for...

July 25, 2022

Title: Lockbit Ransomware Gang Claims to Have Breached the Italian Revenue Agency Date Published: July 25, 2022 https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html Excerpt: “The ransomware gang Lockbit claims to have...

July 22, 2022

Title: Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’ Date Published: July 21, 2022 https://threatpost.com/hackers-cyber-mercenaries/180263/ Excerpt: “A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and...

July 21, 2022

Title: Windows 11 Now Blocks Rdp Brute-Force Attacks by Default Date Published: July 21, 2022 https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/ Excerpt: “Recent Windows 11 builds come with the Account Lockout...

July 20, 2022

Title: New Luna Ransomware Encrypts Windows, Linux, and Esxi Systems Date Published: July 20, 2022 https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/ Excerpt: “A new ransomware family dubbed Luna can be used to...

July 18, 2022

Title: A Massive Cyberattack Hit Albania Date Published: July 18, 2022 https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html Excerpt: “Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A...