July 22, 2022

Fortify Security Team
Jul 22, 2022

Title: Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’
Date Published: July 21, 2022


Excerpt: “A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks that are part of larger criminal campaigns. Dubbed Atlas Intelligence Group (A.I.G.), the cybergang has been spotted by security researchers recruiting independent black-hat hackers to execute specific aspects of its own campaigns. A.I.G., also known as Atlantis Cyber-Army, functions as a cyber-threats-as-a-service criminal enterprise. The threat group markets services that include data leaks, distributed denial of service (DDoS), remote desktop protocol (RDP) hijacking and additional network penetration services, according to a Thursday report by threat intelligence firm Cyberint.”

Title: Critical Vulnerability in Popular Gps Tracker Lets Hackers Remotely Control Vehicles
Date Published: July 21, 2022


Excerpt: “Cybersecurity startup BitSight has identified six flaws in the GPS tracker MV720 manufactured by China-based MiCODUS. According to the IT security researchers at BitSight the critical security vulnerabilities were present in MV720 GPS trackers, used primarily for tracking vehicle fleets. The vulnerabilities can allow hackers to track, stop, and control vehicles remotely. For your information, MV720 is a hardwired GPS tracker worth around $20. The Shenzhen-based MiCODUS electronics maker claims that 1.5 million of its GPS trackers are currently in use by over 420,000 customers across 169 countries. Furthermore, its clients include several Fortune 50 companies, shipping, aerospace, government, military, critical infrastructure, law enforcement agencies, and a nuclear power plant operator.”

Title: PayPal Used to Send Malicious “Double Spear” Invoices
Date Published: July 22, 2022


Excerpt: “Security experts are warning users not to fall for a new threat campaign using PayPal to send out phishing invoices. PayPal domains are usually “allow-listed” by organizations’ email filters. So cyber-criminals are registering accounts and composing malicious invoices on the platform, explained Avanan researcher, Jeremy Fuchs. In it, they spoof the Norton brand, but add their own contact details to the invoice requesting payment. This is done in an attempt to get a double pay-out from the attack. Bemused users might call the number, only to be put through to a malicious call center operative who will then attempt to harvest their details, including phone number, and persuade them to pay up. That’s what Avanan calls a “double spear” – forcing payment and stealing user information which can be used in future attacks.”

Title: Threat Actors Target Software Firm in Ukraine Using Gomet Backdoor
Date Published: July 21, 2022


Excerpt: “Researchers from Cisco Talos discovered an uncommon piece of malware that was employed in an attack against a large Ukrainian software development company. The software development company produces software that is used by various state organizations in Ukraine. Researchers believe that the attackers could be linked to Russia and targeted the firm in an attempt to conduct a supply chain attack. At this time it is not clear if the attack was successful. The analysis of the malicious code revealed that it is a slightly modified version of the “GoMet” open-source backdoor.”

Title: TA4563 Group Leverages Evilnum Malware to Target European Financial and Investment Entities
Date Published: July 22, 2022


Excerpt: “A threat actor, tracked as TA4563, leverages the EvilNum malware to target European financial and investment entities, Proofpoint reported. The group focuses on entities with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The EvilNum is a backdoor that can allow attackers to steal data and load additional payloads, it implements multiple components to evade detection. The TA4563 group is targeting various entities in Europe since late 2021. Proofpoint researchers state their analysis has some overlap with EvilNum activity publicly reported by Zscaler in June 2022.”

Title: How Kitemarks Are Kicking Off Iot Regulation
Date Published: July 22, 2022


Excerpt: “Regulation of the Internet of Things (IoT) has always been a contentious subject. Those against claim it stymies growth of a nascent industry, while those advocating for it argue it sees the adoption of industry best practices and helps establish standards. In an effort to straddle the divide, the Department for Digital, Culture, Media and Sport (DCMS) launched its Code of Practice back in 2018. Enshrined in this were 13 “Secure by Design” principles aimed at helping manufacturers put in place security controls and offer a base level of customer care. The Code of Practice was voluntary and without any repercussions, so therefore toothless, which is why many believe its adoption was lackluster. Yet a lot has happened since 2018. The EU, via ETSI, introduced EN303 645, the first globally-applicable industry standard on internet-connected consumer devices in 2020 based on the Code of Practice. This sees manufacturers or an appointed third party provide documentation on the device under test (DUT), an Implementation Conformance Statement (ICS) and Implementation Extra Information for Testing (IXIT). The DUT is then assessed under ETSI TS 103 701 guidelines which detail the tests and methodology to be used for assessing devices against EN303 645. This took us that much closer to a real de facto standard for the IoT.”

Title: Hackers Breach Ukrainian Radio Network to Spread Fake News About Zelenskiy
Date Published: July 22, 2022


Excerpt: “On Thursday, Ukrainian media group TAVR Media confirmed that it was hacked to spread fake news about President Zelenskiy being in critical condition and under intensive care. According to the State Service of Special Communications and Information Protection of Ukraine (SSCIP), the network operates nine major Ukrainian radio stations, including Hit FM, Radio ROKS, KISS FM, Radio RELAX, Melody FM, Nashe Radio, Radio JAZZ, Classic Radio, and Radio Bayraktar. “Today, a cyber attack was carried out on the servers and networks of TAVR Media radio stations,” the company said in an official statement.”

Title: Chrome Zero-Day Used to Infect Journalists With Candiru Spyware
Date Published: July 21, 2022


Excerpt: “The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the ‘DevilsTongue’ spyware. The flaw tracked as CVE-2022-2294 is a high-severity heap-based buffer overflow in WebRTC, which, if successfully exploited, may lead to code execution on the target device. When Google patched the zero-day on July 4th, it disclosed that the flaw was under active exploitation but provided no further details. In a report published earlier today, Avast’s threat researchers, who discovered the vulnerability and reported it to Google, reveal that they unearthed it after investigating spyware attacks on their clients.”

Title: Google Blocks Site of Largest Computing Society for Being ‘Harmful’
Date Published: July 21, 2022


Excerpt: “Google Search and Drive are erroneously flagging links to Association for Computing Machinery (ACM) research papers and websites as malware. BleepingComputer has successfully reproduced the issue, first reported by researcher Maximilian Golla. Founded in 1947 and headquartered in NYC as a non-profit, The Association for Computing Machinery (ACM) is the world’s largest scientific and educational computing society. As of 2019, ACM’s membership comprises nearly 100,000 students and professionals involved in the field of computing.”

Title: How Conti Ransomware Hacked and Encrypted the Costa Rican Government
Date Published: July 21, 2022


Excerpt: “Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack’s precision and the speed of moving from initial access to the final stage of encrypting devices. This is the last attack from the Conti ransomware operation before the group transitioned to a different form of organization that relies on multiple cells working with other gangs.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...