July 27, 2022

Fortify Security Team
Jul 27, 2022

Title: Phishing Attacks Skyrocket With Microsoft and Facebook as Most Abused Brands
Date Published: July 26, 2022


Excerpt: “The bloom is back on phishing attacks with criminals doubling down on fake messages abusing popular brands compared to the year prior. Microsoft, Facebook and French bank Crédit Agricole are the top abused brands in attacks, according to study on phishing released Tuesday. According to the report by researchers at Vade, phishing attacks abusing the Microsoft brand increased 266 percent in the first quarter of 2022, compared to the year prior. Fake Facebook messages are up 177 percent in the second quarter of 2022 within the same timeframe. The study by Vade analyzed unique instances of phishing URLs used by criminals carrying out phishing attacks and not the number of phishing emails associated with the URLs. The report tallied the 25 most commonly targeted companies, along with the most abused industries and days of the week for phishing emails.”

Title: Discord, Telegram Services Hijacked to Launch Array of Cyberattacks
Date Published: July 26, 2022


Excerpt: “Threat actors have figured out how to use the existing functionality and infrastructure of popular messaging apps such as Telegram and Discord to host, launch, and execute a variety of malware, as shown by ongoing, dangerous campaigns. From bots that enable games and content sharing, to robust content delivery networks (CDNs) ideal for hosting malicious files, these platforms are helping fuel a surge of new attacks, according to the security research team at Intel 471. Most often, the malware is used along with easily acquired infostealers to prey on unsuspecting users and steal their credentials, auto-filled data, payment card information, and more.”

Title: The Strange Similarities Between Lockbit 3.0 and Blackmatter Ransomware
Date Published: July 27, 2022


Excerpt: “Cybersecurity researchers have found similarities between the latest version of the LockBit ransomware, LockBit 3.0, and the BlackMatter ransomware. The Lockbit 3.0 ransomware was released in June with important novelties such as a bug bounty program, Zcash payment, and new extortion tactics. The gang has been active since at least 2019 and today it is one of the most active ransomware gangs. The ransomware appends the extension “HLJkNskOq” or “19MqZqZ0s” to filenames of the encrypted files and change their icons to the one for the .ico file. The ransom note references ‘Ilon Musk’ and the European Union’s General Data Protection Regulation (GDPR).”

Title: Fedora Ditches CC0 ‘No Rights Reserved’ Software Over Patent Concerns
Date Published: July 27, 2022


Excerpt: “The Fedora Project has announced that it will no longer permit Creative Commons ‘No Rights Reserved’ aka CC0-licensed code in its Linux distro or the Fedora Registry. Fedora is a Linux distribution, developed and maintained by the Fedora Project, with sponsorship support from Red Hat and other parties. The decision to ditch CC0-licensed open source software stems from the fact it could, in the future, pose patent issues.”

Title: Hackers Scan for Vulnerabilities Within 15 Minutes of Disclosure
Date Published: July 26, 2022


Excerpt: “System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed. According to Palo Alto’s 2022 Unit 42 Incident Response Report, hackers are constantly monitoring software vendor bulletin boards for new vulnerability announcements they can leverage for initial access to a corporate network or to perform remote code execution. However, the speed at which threat actors begin scanning for vulnerabilities puts system administrators in the crosshairs as they race to patch the bugs before they are exploited.”

Title: Microsoft: iis Extensions Increasingly Used as Exchange Backdoors
Date Published: July 26, 2022


Excerpt: “Microsoft says attackers increasingly use malicious Internet Information Services (IIS) web server extensions to backdoor unpatched Exchange servers as they have lower detection rates compared to web shells. Because they’re hidden deep inside the compromised servers and often very hard to detect being installed in the exact location and using the same structure as legitimate modules, they provide attackers’ with a perfect and durable persistence mechanism. “In most cases, the actual backdoor logic is minimal and cannot be considered malicious without a broader understanding of how legitimate IIS extensions work, which also makes it difficult to determine the source of infection,” the Microsoft 365 Defender Research Team said Tuesday.”

Title: New Android Malware Apps Installed 10 Million Times From Google Play
Date Published: July 26, 2022


Excerpt: “A new batch of malicious Android apps filled with adware and malware was found on the Google Play Store that have been installed close to 10 million times on mobile devices. The apps pose as image-editing tools, virtual keyboards, system optimizers, wallpaper changers, and more. However, their underlying functionality is to push intrusive ads, subscribe users to premium services, and steal victims’ social media accounts. The discovery of these malicious apps comes from the Dr. Web antivirus team, who highlighted the new threats in a report published today. Google has removed the vast majority of the presented applications, but at the time of writing this, three applications remain available for download and installation via the Play Store. Also, if you installed any of these apps before their removal from the Play Store, you will still need to uninstall them from your device manually and run an AV scan to clean any remnants.”

Title: Hackers Steal $6 Million From Blockchain Music Platform Audius
Date Published: July 26, 2022


Excerpt: “The decentralized music platform Audius was hacked over the weekend, with threat actors stealing over 18 million AUDIO tokens worth approximately $6 million. Audius is a decentralized streaming platform hosted on the Ethereum blockchain where artists can earn AUDIO tokens by sharing their music, and users can earn tokens by curating and listening to content. After a hacker stole $6 million worth of AUDIO tokens this weekend, the platform responded within minutes by freezing several services until the developers could deploy fixes to prevent further theft of tokens.”

Title: U.S. Doubles Reward for Tips on North Korean-Backed Hackers
Date Published: July 26, 2022


Excerpt: “The U.S. State Department has increased rewards paid to anyone providing information on any North Korean-sponsored threat groups’ members to $10 million. “If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or Lazarus Group) and who are involved in targeting U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act, you may be eligible for a reward,” the Department revealed Tuesday. These increased bounties add to rewards of up to $5 million announced by the State Department in March for info on DPRK-backed threat actors targeting crypto exchanges and financial institutions worldwide to support the North Korean regime’s illicit activities.”

Title: Using Account Lockout Policies to Block Windows Brute Force Attacks
Date Published: July 26, 2022


Excerpt: “A strong account lockout policy is one of the most effective tools for stopping brute force authentication attempts on Windows domains. Once an attacker enters an incorrect password so many times, the account becomes locked. This prevents any additional attempts until an administrator unlocks the account.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...