July 18, 2022

Fortify Security Team
Jul 18, 2022

Title: A Massive Cyberattack Hit Albania
Date Published: July 18, 2022


Excerpt: “Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A synchronized criminal attack from abroad hit the servers of the National Agency for Information Society (AKSHI), which handles many government services. Government services were all down on Monday after the cyber attack. Most of the desk services for the population were interrupted, and only several important services, such as online tax filing, are still working because they are provided by servers not targeted in the attack.”

Title: Watch Out for the CVE-2022-30136 Windows NFS Remote Code Execution Flaw
Date Published: July 18, 2022


Excerpt: “Trend Micro Research has published an analysis of the recently patched Windows vulnerability CVE-2022-30136 that impacts the Network File System. CVE-2022-30136 is a remote code execution vulnerability that resides in the Windows Network File System, it is due to improper handling of NFSv4 requests. A remote attacker can exploit this vulnerability by sending malicious RPC calls to a target server to achieve arbitrary code execution in the context of SYSTEM. Experts pointed out that the unsuccessful exploitation of this issue may trigger a crash of the impacted system.”

Title: Crooks Stole $375k From Premint NFT, it is One of the Biggest NFT Hacks Ever
Date Published: July 17, 2022


Excerpt: “The popular NFT platform, Premint NFT, was hacked, the threat actors compromised its official website and stole 314 NFTs. According to the experts from blockchain security firm CertiK, this is one of the biggest NFT hacks on record. The analysis of the experts revealed that the threat actors planted a malicious JavaScript code to premint.xyz. The script was designed to instruct users to “set approvals for all” when connecting their wallets to the site, this trick allowed the attacker to access their crypto assets. The attack began at 07:25 AM UTC, when attackers transferred the first stolen NFTs to wallets under their control. The hack involved six EOAs, the good news is that two of these have been caught early and victims get their funds back by calling ‘revoke.cash.’ Users are urged to avoid signing transactions that say ‘set approvals for all.’”

Title: Google is Going to Remove App Permissions List From the Play Store
Date Published: July 17, 2022


Excerpt: “As part of the “Data safety” initiative for the Android app on the Play Store, Google plans to remove the app permissions list from both the mobile app and the web. In April, Google rolled out the new “Data safety” section for Android apps on the Play Store, the move aims at increasing transparency on the type of data being collected and shared with third parties and the purpose of their collection. Developers are required to complete the Data safety section in Google Play section for their apps by July 20th.”

Title: The First Formal Verification of a Prototype of Arm CCA Firmware
Date Published: July 18, 2022


Excerpt: “As our personal data is increasingly used in many applications from advertising to finance to healthcare, protecting sensitive information has become an essential feature for computing architectures. Applications that process such data must trust the system software they rely on, such as operating systems and hypervisors, but such system software is complex and often has vulnerabilities that can risk data confidentiality and integrity. Over the past two years, researchers at Columbia Engineering have been working with Arm, a semiconductor IP and software design company, to address these vulnerabilities. The team has now unveiled key verification technologies for the Arm Confidential Compute Architecture (Arm CCA), a new feature of the Armv9-A architecture. The paper, presented at the 16th USENIX Symposium on Operating Systems Design and Implementation, demonstrates the first formal verification of a prototype of Arm CCA firmware.”

Title: The Matrix Messaging Network now Counts More than 60 Million Users
Date Published: July 17, 2022


Excerpt: “The Matrix open network for decentralized communication has announced a record growth of 79% in the past 12 months, now counting more than 60 million users. This is an important milestone for a project driven by a small team of developers and volunteers working to provide a secure and private alternative to modern messaging and collaboration options.”

Title: Hackers Pose as Journalists to Breach News Media Org’s Networks 
Date Published: July 16, 2022


Excerpt: “Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. The adversaries are either masquerading or attacking these targets because they have unique access to non-public information that could help expand a cyberespionage operation.”

Title: Elastix VoIP Systems Hacked in Massive Campaign to Install PHP Web Shells
Date Published: July 16, 2022


Excerpt: “Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. Elastix is a server software for unified communications (Internet Protocol Private Branch Exchange [IP PBX], email, instant messaging, faxing) that is used in the Digium phones module for FreePBX. The attackers may have exploited a remote code execution (RCE) vulnerability identified as CVE-2021-45461, with a critical severity rating of 9.8 out of 10. Adversaries have been exploiting this vulnerability since December 2021 and the recent campaign appears to be connected to the security issue. Security researchers at Palo Alto Networks’ Unit 42 say that the attackers’ goal was to plant a PHP web shell that could run arbitrary commands on the compromised communications server.”

Title: Password Recovery Tool Infects Industrial Systems With Sality Malware
Date Published: July 15, 2022


Excerpt: “A threat actor is infecting industrial control systems (ICS) to create a botnet through password “cracking” software for programmable logic controllers (PLCs). Advertised on various social media platforms, the password recovery tools promise to unlock PLC and HMI (human-machine interface) terminals from Automation Direct, Omron, Siemens, Fuji Electric, Mitsubishi, LG, Vigor, Pro-Face, Allen Bradley, Weintek, ABB, and Panasonic. Security researchers at industrial cybersecurity company Dragos analyzed one incident impacting DirectLogic PLCs from Automation Direct and discovered that the “cracking” software was exploiting a known vulnerability in the device to extract the password.”

Title: Tor Browser now Bypasses Internet Censorship Automatically
Date Published: July 15, 2022


Excerpt: “The Tor Project team has announced the release of Tor Browser 11.5, a major release that brings new features to help users fight censorship easier. The Tor Browser has been created specifically for accessing sites through The Onion Router (Tor) network to offer users anonymity and privacy when accessing information on the internet. It achieves this by routing traffic through nodes on the network and encrypting it at every step. The connection reaches the destination through an exit node that is used to relay the information back to the user.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...