July 18, 2022

Fortify Security Team
Jul 18, 2022

Title: A Massive Cyberattack Hit Albania
Date Published: July 18, 2022

https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html

Excerpt: “Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A synchronized criminal attack from abroad hit the servers of the National Agency for Information Society (AKSHI), which handles many government services. Government services were all down on Monday after the cyber attack. Most of the desk services for the population were interrupted, and only several important services, such as online tax filing, are still working because they are provided by servers not targeted in the attack.”

Title: Watch Out for the CVE-2022-30136 Windows NFS Remote Code Execution Flaw
Date Published: July 18, 2022

https://securityaffairs.co/wordpress/133355/security/cve-2022-30136-windows-nfs-rce.html

Excerpt: “Trend Micro Research has published an analysis of the recently patched Windows vulnerability CVE-2022-30136 that impacts the Network File System. CVE-2022-30136 is a remote code execution vulnerability that resides in the Windows Network File System, it is due to improper handling of NFSv4 requests. A remote attacker can exploit this vulnerability by sending malicious RPC calls to a target server to achieve arbitrary code execution in the context of SYSTEM. Experts pointed out that the unsuccessful exploitation of this issue may trigger a crash of the impacted system.”

Title: Crooks Stole $375k From Premint NFT, it is One of the Biggest NFT Hacks Ever
Date Published: July 17, 2022

https://securityaffairs.co/wordpress/133339/cyber-crime/crooks-stole-375k-from-premint-nft-it-is-one-of-the-biggest-nft-hacks-ever.html

Excerpt: “The popular NFT platform, Premint NFT, was hacked, the threat actors compromised its official website and stole 314 NFTs. According to the experts from blockchain security firm CertiK, this is one of the biggest NFT hacks on record. The analysis of the experts revealed that the threat actors planted a malicious JavaScript code to premint.xyz. The script was designed to instruct users to “set approvals for all” when connecting their wallets to the site, this trick allowed the attacker to access their crypto assets. The attack began at 07:25 AM UTC, when attackers transferred the first stolen NFTs to wallets under their control. The hack involved six EOAs, the good news is that two of these have been caught early and victims get their funds back by calling ‘revoke.cash.’ Users are urged to avoid signing transactions that say ‘set approvals for all.’”

Title: Google is Going to Remove App Permissions List From the Play Store
Date Published: July 17, 2022

https://securityaffairs.co/wordpress/133334/mobile-2/google-removes-app-permissions-list-play-store.html

Excerpt: “As part of the “Data safety” initiative for the Android app on the Play Store, Google plans to remove the app permissions list from both the mobile app and the web. In April, Google rolled out the new “Data safety” section for Android apps on the Play Store, the move aims at increasing transparency on the type of data being collected and shared with third parties and the purpose of their collection. Developers are required to complete the Data safety section in Google Play section for their apps by July 20th.”

Title: The First Formal Verification of a Prototype of Arm CCA Firmware
Date Published: July 18, 2022

https://www.bleepingcomputer.com/news/security/new-lilith-ransomware-emerges-with-extortion-site-lists-first-victim/

Excerpt: “As our personal data is increasingly used in many applications from advertising to finance to healthcare, protecting sensitive information has become an essential feature for computing architectures. Applications that process such data must trust the system software they rely on, such as operating systems and hypervisors, but such system software is complex and often has vulnerabilities that can risk data confidentiality and integrity. Over the past two years, researchers at Columbia Engineering have been working with Arm, a semiconductor IP and software design company, to address these vulnerabilities. The team has now unveiled key verification technologies for the Arm Confidential Compute Architecture (Arm CCA), a new feature of the Armv9-A architecture. The paper, presented at the 16th USENIX Symposium on Operating Systems Design and Implementation, demonstrates the first formal verification of a prototype of Arm CCA firmware.”

Title: The Matrix Messaging Network now Counts More than 60 Million Users
Date Published: July 17, 2022

https://www.bleepingcomputer.com/news/security/the-matrix-messaging-network-now-counts-more-than-60-million-users/

Excerpt: “The Matrix open network for decentralized communication has announced a record growth of 79% in the past 12 months, now counting more than 60 million users. This is an important milestone for a project driven by a small team of developers and volunteers working to provide a secure and private alternative to modern messaging and collaboration options.”

Title: Hackers Pose as Journalists to Breach News Media Org’s Networks 
Date Published: July 16, 2022

https://www.bleepingcomputer.com/news/security/hackers-pose-as-journalists-to-breach-news-media-org-s-networks/

Excerpt: “Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. The adversaries are either masquerading or attacking these targets because they have unique access to non-public information that could help expand a cyberespionage operation.”

Title: Elastix VoIP Systems Hacked in Massive Campaign to Install PHP Web Shells
Date Published: July 16, 2022

https://www.bleepingcomputer.com/news/security/elastix-voip-systems-hacked-in-massive-campaign-to-install-php-web-shells/

Excerpt: “Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. Elastix is a server software for unified communications (Internet Protocol Private Branch Exchange [IP PBX], email, instant messaging, faxing) that is used in the Digium phones module for FreePBX. The attackers may have exploited a remote code execution (RCE) vulnerability identified as CVE-2021-45461, with a critical severity rating of 9.8 out of 10. Adversaries have been exploiting this vulnerability since December 2021 and the recent campaign appears to be connected to the security issue. Security researchers at Palo Alto Networks’ Unit 42 say that the attackers’ goal was to plant a PHP web shell that could run arbitrary commands on the compromised communications server.”

Title: Password Recovery Tool Infects Industrial Systems With Sality Malware
Date Published: July 15, 2022

https://www.bleepingcomputer.com/news/security/password-recovery-tool-infects-industrial-systems-with-sality-malware/

Excerpt: “A threat actor is infecting industrial control systems (ICS) to create a botnet through password “cracking” software for programmable logic controllers (PLCs). Advertised on various social media platforms, the password recovery tools promise to unlock PLC and HMI (human-machine interface) terminals from Automation Direct, Omron, Siemens, Fuji Electric, Mitsubishi, LG, Vigor, Pro-Face, Allen Bradley, Weintek, ABB, and Panasonic. Security researchers at industrial cybersecurity company Dragos analyzed one incident impacting DirectLogic PLCs from Automation Direct and discovered that the “cracking” software was exploiting a known vulnerability in the device to extract the password.”

Title: Tor Browser now Bypasses Internet Censorship Automatically
Date Published: July 15, 2022

https://www.bleepingcomputer.com/news/security/tor-browser-now-bypasses-internet-censorship-automatically/

Excerpt: “The Tor Project team has announced the release of Tor Browser 11.5, a major release that brings new features to help users fight censorship easier. The Tor Browser has been created specifically for accessing sites through The Onion Router (Tor) network to offer users anonymity and privacy when accessing information on the internet. It achieves this by routing traffic through nodes on the network and encrypting it at every step. The connection reaches the destination through an exit node that is used to relay the information back to the user.”

Recent Posts

July 27, 2022

Title: Phishing Attacks Skyrocket With Microsoft and Facebook as Most Abused Brands Date Published: July 26, 2022 https://threatpost.com/popular-bait-in-phishing-attacks/180281/ Excerpt: “The bloom is back on phishing attacks with criminals doubling down on fake...

July 26, 2022

Title: Nist Updates Healthcare Security Guidance Date Published: July 25, 2022 https://www.infosecurity-magazine.com/news/nist-healthcare-guidance/ Excerpt: “The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for...

July 25, 2022

Title: Lockbit Ransomware Gang Claims to Have Breached the Italian Revenue Agency Date Published: July 25, 2022 https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html Excerpt: “The ransomware gang Lockbit claims to have...

July 22, 2022

Title: Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’ Date Published: July 21, 2022 https://threatpost.com/hackers-cyber-mercenaries/180263/ Excerpt: “A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and...

July 21, 2022

Title: Windows 11 Now Blocks Rdp Brute-Force Attacks by Default Date Published: July 21, 2022 https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/ Excerpt: “Recent Windows 11 builds come with the Account Lockout...

July 20, 2022

Title: New Luna Ransomware Encrypts Windows, Linux, and Esxi Systems Date Published: July 20, 2022 https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/ Excerpt: “A new ransomware family dubbed Luna can be used to...

July 15, 2022

Title: Microsoft Links Holy Ghost Ransomware Operation to North Korean Hackers Date Published: July 14, 2022 https://www.bleepingcomputer.com/news/security/microsoft-links-holy-ghost-ransomware-operation-to-north-korean-hackers/ “For more than a year, North Korean...