July 26, 2022

Fortify Security Team
Jul 26, 2022

Title: Nist Updates Healthcare Security Guidance

Date Published: July 25, 2022

https://www.infosecurity-magazine.com/news/nist-healthcare-guidance/

Excerpt: “The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for protecting healthcare data. The draft update will provide a more practical guide for healthcare providers to comply with government rules on personal health data security, it claimed. The initial draft of the document is titled ‘Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide, (800-66).’ This draft is the second revision of the document following the first in 2008. The healthcare and security community already had a chance to comment on this revision of the document as work progressed on it last year. This draft version accommodates over 400 responses during that call for comment.”

Title: Flaws in Filewave Mdm Could Have Allowed Hacking +1000 Organizations

Date Published: July 25, 2022

https://securityaffairs.co/wordpress/133649/hacking/filewave-mdm-flaws.html

Excerpt: “Claroty researchers discovered two vulnerabilities in the FileWave MDM product that exposed more than one thousand organizations to cyber attacks. FIleWave MDM is used by organizations to view and manage device configurations, locations, security settings, and other device data. An organization may use the MDM platform to push mandatory software and updates to devices, change device settings, lock, and, when necessary, remotely wipe devices. The now patched vulnerabilities are an authentication bypass issue tracked as CVE-2022-34907 and a hardcoded cryptographic key tracked as CVE-2022-34906. Both issues reside in FileWave MDM before version 14.6.3 and 14.7.x, prior to 14.7.2. FileWave addressed the vulnerabilities in version 14.7.2 earlier this month. A remote attacker can trigger the vulnerabilities to bypass authentication and gain full control over the MDM platform and its managed devices. The authentication bypass vulnerability can allow a remote attacker to achieve “super_user” access and take full control of the MDM install, then use it to manage any device of the target organization.”

Title: Is APT28 Behind the Stiff#Bizon Attacks Attributed to North Korea-Linked APT37?

Date Published: July 24, 2022

https://securityaffairs.co/wordpress/133605/apt/apt37-stiffbizon-campaign.html

Excerpt: “Researchers from the Securonix Threat Research (STR) team have uncovered a new attack campaign, tracked as STIFF#BIZON, targeting high-value organizations in multiple countries, including Czech Republic, and Poland. The researchers attribute this campaign to the North Korea-linked APT37 group, aka Ricochet Chollima. The attackers employed the Konni RAT (remote access trojan), which was first spotted by Cisco Talos researchers in 2017 and has been undetected since 2014 while being employed in highly targeted attacks. The RAT was able to avoid detection due to continuous evolution, it is able of executing arbitrary code on the target systems and stealing data. The Konni RAT has been attributed to North Korea-linked threat actors tracked as Thallium and APT37. The attack chain starts with phishing messages that attempt to trick victims into opening a malicious attachment.”

Title: Targeted Campaign Uses Infostealer to Hijack Facebook Business Accounts

Date Published: July 26, 2022

https://www.helpnetsecurity.com/2022/07/26/infostealer-used-to-hijack-facebook-business-accounts/

Excerpt: “WithSecure researchers have discovered an ongoing operation, dubbed “DUCKTAIL”, that targets individuals and organizations operating on Facebook’s Ads and Business platform. Based upon analysis and gathered data, the company has high confidence that the operation is conducted by a Vietnamese threat actor. The chain of evidence suggests that the threat actor’s motives are financially driven.”

Title: Lockbit Claims Ransomware Attack on Italian Tax Agency

Date Published: July 26, 2022

https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-italian-tax-agency/

Excerpt: “Italian authorities are investigating claims made by the LockBit ransomware gang that they breached the network of the Italian Internal Revenue Service (L’Agenzia delle Entrate). LockBit claims they stole 100 GB of data (including company documents, scans, financial reports, and contracts) that will be leaked online if the Italian tax agency doesn’t pay a ransom demand until August 1st. The Italian revenue agency shared an official statement on its website regarding “the alleged theft of data from the tax information system,” saying that it requested more info from Sogei (Società Generale d’Informatica) SpA, a Ministry of Economy and Finance public company that manages the financial administration’s technological infrastructure.”

Title: LinkedIn Phishing Target Employees Managing Facebook Ad Accounts

Date Published: July 26, 2022

https://www.bleepingcomputer.com/news/security/linkedin-phishing-target-employees-managing-facebook-ad-accounts/

Excerpt: “A new phishing campaign codenamed ‘Ducktail’ is underway, targeting professionals on LinkedIn to take over Facebook business accounts that manage advertising for the company. The operators of Ducktail have a narrow targeting scope and select their victims carefully, trying to find people who have admin privileges on their employer’s social media accounts. The discovery of this campaign comes from researchers at WithSecure, who have been tracking what they believe to be a Vietnamese threat actor since 2021, and collected evidence of activity dating going back to 2018. This means that Ducktail has been underway for at least a year and might have been active for almost four years now.”

Title: Cosmicstrand Uefi Malware Found in Gigabyte, Asus Motherboards

Date Published: July 25, 2022

https://www.bleepingcomputer.com/news/security/cosmicstrand-uefi-malware-found-in-gigabyte-asus-motherboards/

Excerpt: “Chinese-speaking hackers have been using since at least 2016 malware that lies virtually undetected in the firmware images for some motherboards, one of the most persistent threats commonly known as a UEFI rootkit. Researchers at cybersecurity company Kaspersky called it CosmicStrand but an earlier variant of the threat was discovered by malware analysts at Qihoo360, who named it Spy Shadow Trojan. It is unclear how the threat actor managed to inject the rootkit into the firmware images of the target machines but researchers found the malware on machines with ASUS and Gigabyte motherboards.”

Title: Source Code for Rust-Based Info-Stealer Released on Hacker Forums

Date Published: July 25, 2022

https://www.bleepingcomputer.com/news/security/source-code-for-rust-based-info-stealer-released-on-hacker-forums/

Excerpt: “The source code for an information-stealing malware coded in Rust has been released for free on hacking forums, with security analysts already reporting that the malware is actively used in attacks. The malware, which the author claims to have developed in just six hours, is quite stealthy, with VirusTotal returning a detection rate of around 22%. As the info-stealer is written in Rust, a cross-platform language, it allows threat actors to target multiple operating systems. However, in its current form, the new info-stealer only targets Windows operating systems. ”

Title: Hackers Exploited Prestashop Zero-Day to Breach Online Stores

Date Published: July 25, 2022

https://www.bleepingcomputer.com/news/security/hackers-exploited-prestashop-zero-day-to-breach-online-stores/

Excerpt: “Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers’ payment information. The PrestaShop team issued an urgent warning last Friday, urging the admins of 300,000 shops using its software to review their security stance after cyberattacks were discovered targeting the platform. The attack appears to impact PrestaShop versions 1.6.0.10 or later and versions 1.7.8.2 or later if they run modules vulnerable to SQL injection, such as the Wishlist 2.0.0 to 2.1.0 module. The actively exploited vulnerability is being tracked with the identifier CVE-2022-36408.”

Title: T-Mobile to Cough up $500 Million Over 2021 Data Breach

Date Published: July 25, 2022

https://nakedsecurity.sophos.com/2022/07/25/t-mobile-to-cough-up-500-million-over-2021-data-breach/

Excerpt: “Just under a year ago, the US arm of telecomms giant T-Mobile admitted to a data breach after personal information about its customers was offered for sale on an underground forum. At the time, VICE Magazine claimed to have communicated with the hacker behind the breach via online chat, and to have been offered “T-Mobile USA. Full customer info.” Reuters reports that T-Mobile has agreed, in a US federal court in Missouri, to make $350,000,000 available for what are known in America as class-action settlements. Class actions involve individuals, who would otherwise need to sue individually for impossibly small amounts, banding together with a team of attorneys to bring lawsuits that combine their individual complaints.”

Recent Posts

July 27, 2022

Title: Phishing Attacks Skyrocket With Microsoft and Facebook as Most Abused Brands Date Published: July 26, 2022 https://threatpost.com/popular-bait-in-phishing-attacks/180281/ Excerpt: “The bloom is back on phishing attacks with criminals doubling down on fake...

July 25, 2022

Title: Lockbit Ransomware Gang Claims to Have Breached the Italian Revenue Agency Date Published: July 25, 2022 https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html Excerpt: “The ransomware gang Lockbit claims to have...

July 22, 2022

Title: Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’ Date Published: July 21, 2022 https://threatpost.com/hackers-cyber-mercenaries/180263/ Excerpt: “A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and...

July 21, 2022

Title: Windows 11 Now Blocks Rdp Brute-Force Attacks by Default Date Published: July 21, 2022 https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/ Excerpt: “Recent Windows 11 builds come with the Account Lockout...

July 20, 2022

Title: New Luna Ransomware Encrypts Windows, Linux, and Esxi Systems Date Published: July 20, 2022 https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/ Excerpt: “A new ransomware family dubbed Luna can be used to...

July 18, 2022

Title: A Massive Cyberattack Hit Albania Date Published: July 18, 2022 https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html Excerpt: “Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A...

July 15, 2022

Title: Microsoft Links Holy Ghost Ransomware Operation to North Korean Hackers Date Published: July 14, 2022 https://www.bleepingcomputer.com/news/security/microsoft-links-holy-ghost-ransomware-operation-to-north-korean-hackers/ “For more than a year, North Korean...