July 22, 2022

Fortify Security Team
Jul 22, 2022

Title: Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’
Date Published: July 21, 2022

https://threatpost.com/hackers-cyber-mercenaries/180263/

Excerpt: “A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks that are part of larger criminal campaigns. Dubbed Atlas Intelligence Group (A.I.G.), the cybergang has been spotted by security researchers recruiting independent black-hat hackers to execute specific aspects of its own campaigns. A.I.G., also known as Atlantis Cyber-Army, functions as a cyber-threats-as-a-service criminal enterprise. The threat group markets services that include data leaks, distributed denial of service (DDoS), remote desktop protocol (RDP) hijacking and additional network penetration services, according to a Thursday report by threat intelligence firm Cyberint.”

Title: Critical Vulnerability in Popular Gps Tracker Lets Hackers Remotely Control Vehicles
Date Published: July 21, 2022

https://www.hackread.com/vulnerability-gps-tracker-hackers-remotely-control-vehicles/

Excerpt: “Cybersecurity startup BitSight has identified six flaws in the GPS tracker MV720 manufactured by China-based MiCODUS. According to the IT security researchers at BitSight the critical security vulnerabilities were present in MV720 GPS trackers, used primarily for tracking vehicle fleets. The vulnerabilities can allow hackers to track, stop, and control vehicles remotely. For your information, MV720 is a hardwired GPS tracker worth around $20. The Shenzhen-based MiCODUS electronics maker claims that 1.5 million of its GPS trackers are currently in use by over 420,000 customers across 169 countries. Furthermore, its clients include several Fortune 50 companies, shipping, aerospace, government, military, critical infrastructure, law enforcement agencies, and a nuclear power plant operator.”

Title: PayPal Used to Send Malicious “Double Spear” Invoices
Date Published: July 22, 2022

https://www.infosecurity-magazine.com/news/paypal-used-send-malicious-double/

Excerpt: “Security experts are warning users not to fall for a new threat campaign using PayPal to send out phishing invoices. PayPal domains are usually “allow-listed” by organizations’ email filters. So cyber-criminals are registering accounts and composing malicious invoices on the platform, explained Avanan researcher, Jeremy Fuchs. In it, they spoof the Norton brand, but add their own contact details to the invoice requesting payment. This is done in an attempt to get a double pay-out from the attack. Bemused users might call the number, only to be put through to a malicious call center operative who will then attempt to harvest their details, including phone number, and persuade them to pay up. That’s what Avanan calls a “double spear” – forcing payment and stealing user information which can be used in future attacks.”

Title: Threat Actors Target Software Firm in Ukraine Using Gomet Backdoor
Date Published: July 21, 2022

https://securityaffairs.co/wordpress/133520/malware/attackers-target-software-firm-ukraine-gomet.html

Excerpt: “Researchers from Cisco Talos discovered an uncommon piece of malware that was employed in an attack against a large Ukrainian software development company. The software development company produces software that is used by various state organizations in Ukraine. Researchers believe that the attackers could be linked to Russia and targeted the firm in an attempt to conduct a supply chain attack. At this time it is not clear if the attack was successful. The analysis of the malicious code revealed that it is a slightly modified version of the “GoMet” open-source backdoor.”

Title: TA4563 Group Leverages Evilnum Malware to Target European Financial and Investment Entities
Date Published: July 22, 2022

https://securityaffairs.co/wordpress/133535/apt/ta4563-group-evilnum-malware.html

Excerpt: “A threat actor, tracked as TA4563, leverages the EvilNum malware to target European financial and investment entities, Proofpoint reported. The group focuses on entities with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The EvilNum is a backdoor that can allow attackers to steal data and load additional payloads, it implements multiple components to evade detection. The TA4563 group is targeting various entities in Europe since late 2021. Proofpoint researchers state their analysis has some overlap with EvilNum activity publicly reported by Zscaler in June 2022.”

Title: How Kitemarks Are Kicking Off Iot Regulation
Date Published: July 22, 2022

https://www.helpnetsecurity.com/2022/07/22/how-kitemarks-are-kicking-off-iot-regulation/

Excerpt: “Regulation of the Internet of Things (IoT) has always been a contentious subject. Those against claim it stymies growth of a nascent industry, while those advocating for it argue it sees the adoption of industry best practices and helps establish standards. In an effort to straddle the divide, the Department for Digital, Culture, Media and Sport (DCMS) launched its Code of Practice back in 2018. Enshrined in this were 13 “Secure by Design” principles aimed at helping manufacturers put in place security controls and offer a base level of customer care. The Code of Practice was voluntary and without any repercussions, so therefore toothless, which is why many believe its adoption was lackluster. Yet a lot has happened since 2018. The EU, via ETSI, introduced EN303 645, the first globally-applicable industry standard on internet-connected consumer devices in 2020 based on the Code of Practice. This sees manufacturers or an appointed third party provide documentation on the device under test (DUT), an Implementation Conformance Statement (ICS) and Implementation Extra Information for Testing (IXIT). The DUT is then assessed under ETSI TS 103 701 guidelines which detail the tests and methodology to be used for assessing devices against EN303 645. This took us that much closer to a real de facto standard for the IoT.”

Title: Hackers Breach Ukrainian Radio Network to Spread Fake News About Zelenskiy
Date Published: July 22, 2022

https://www.bleepingcomputer.com/news/security/hackers-breach-ukrainian-radio-network-to-spread-fake-news-about-zelenskiy/

Excerpt: “On Thursday, Ukrainian media group TAVR Media confirmed that it was hacked to spread fake news about President Zelenskiy being in critical condition and under intensive care. According to the State Service of Special Communications and Information Protection of Ukraine (SSCIP), the network operates nine major Ukrainian radio stations, including Hit FM, Radio ROKS, KISS FM, Radio RELAX, Melody FM, Nashe Radio, Radio JAZZ, Classic Radio, and Radio Bayraktar. “Today, a cyber attack was carried out on the servers and networks of TAVR Media radio stations,” the company said in an official statement.”

Title: Chrome Zero-Day Used to Infect Journalists With Candiru Spyware
Date Published: July 21, 2022

https://www.bleepingcomputer.com/news/security/chrome-zero-day-used-to-infect-journalists-with-candiru-spyware/

Excerpt: “The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the ‘DevilsTongue’ spyware. The flaw tracked as CVE-2022-2294 is a high-severity heap-based buffer overflow in WebRTC, which, if successfully exploited, may lead to code execution on the target device. When Google patched the zero-day on July 4th, it disclosed that the flaw was under active exploitation but provided no further details. In a report published earlier today, Avast’s threat researchers, who discovered the vulnerability and reported it to Google, reveal that they unearthed it after investigating spyware attacks on their clients.”

Title: Google Blocks Site of Largest Computing Society for Being ‘Harmful’
Date Published: July 21, 2022

https://www.bleepingcomputer.com/news/security/google-blocks-site-of-largest-computing-society-for-being-harmful-/

Excerpt: “Google Search and Drive are erroneously flagging links to Association for Computing Machinery (ACM) research papers and websites as malware. BleepingComputer has successfully reproduced the issue, first reported by researcher Maximilian Golla. Founded in 1947 and headquartered in NYC as a non-profit, The Association for Computing Machinery (ACM) is the world’s largest scientific and educational computing society. As of 2019, ACM’s membership comprises nearly 100,000 students and professionals involved in the field of computing.”

Title: How Conti Ransomware Hacked and Encrypted the Costa Rican Government
Date Published: July 21, 2022

https://www.bleepingcomputer.com/news/security/how-conti-ransomware-hacked-and-encrypted-the-costa-rican-government/

Excerpt: “Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack’s precision and the speed of moving from initial access to the final stage of encrypting devices. This is the last attack from the Conti ransomware operation before the group transitioned to a different form of organization that relies on multiple cells working with other gangs.”

Recent Posts

July 27, 2022

Title: Phishing Attacks Skyrocket With Microsoft and Facebook as Most Abused Brands Date Published: July 26, 2022 https://threatpost.com/popular-bait-in-phishing-attacks/180281/ Excerpt: “The bloom is back on phishing attacks with criminals doubling down on fake...

July 26, 2022

Title: Nist Updates Healthcare Security Guidance Date Published: July 25, 2022 https://www.infosecurity-magazine.com/news/nist-healthcare-guidance/ Excerpt: “The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for...

July 25, 2022

Title: Lockbit Ransomware Gang Claims to Have Breached the Italian Revenue Agency Date Published: July 25, 2022 https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html Excerpt: “The ransomware gang Lockbit claims to have...

July 21, 2022

Title: Windows 11 Now Blocks Rdp Brute-Force Attacks by Default Date Published: July 21, 2022 https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/ Excerpt: “Recent Windows 11 builds come with the Account Lockout...

July 20, 2022

Title: New Luna Ransomware Encrypts Windows, Linux, and Esxi Systems Date Published: July 20, 2022 https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/ Excerpt: “A new ransomware family dubbed Luna can be used to...

July 18, 2022

Title: A Massive Cyberattack Hit Albania Date Published: July 18, 2022 https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html Excerpt: “Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A...

July 15, 2022

Title: Microsoft Links Holy Ghost Ransomware Operation to North Korean Hackers Date Published: July 14, 2022 https://www.bleepingcomputer.com/news/security/microsoft-links-holy-ghost-ransomware-operation-to-north-korean-hackers/ “For more than a year, North Korean...