July 28, 2022

Fortify Security Team
Jul 28, 2022

Title: Malware on IBM Power Systems: What You Need to Know
Date Published: July 28, 2022

https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/malware-on-ibm-power-systems-what-you-need-to-know/

Excerpt: “Malware can come from and in a variety of attack vectors. Besides using ‘traditional’ methods of spreading malware, adversaries can leverage more sophisticated methods to turn your Power System into a ‘malware host’. The key target is your data. Data is valuable, and organisations have paid at least $602 million to ransomware gangs in 2021.  If they are not stealing it to sell on the dark web (social security numbers, credit card numbers, names, and addresses) then it will be held for ransom.”

Title: Senators Introduce Quantum Encryption Preparedness Law
Date Published: July 27, 2022

https://www.infosecurity-magazine.com/news/senators-quantum-encryption-law/

Excerpt: “A bill to help secure US government cryptographic systems against attack from quantum computers has passed the House and has now advanced to the Senate. The Quantum Computing Cybersecurity Preparedness Act introduces requirements for federal agencies to identify systems using cryptography and prioritize them for migration. The Act, co-sponsored by senators Rob Portman (R-OH) and Maggie Hassan (D-NH), calls for every executive agency to create an inventory of all the cryptographic systems in use, along with the IT systems that they will prioritize for migration to post-quantum cryptography. They will also define processes for evaluating the process of that migration. The Office of Management and Budget (OMB) also has a role under the Act. Within 15 months of the law coming into effect, the OMB must create a strategy to manage the risk posed by quantum encryption, along with a report on the funding that executive agencies need to protect themselves.”

Title: European Firm Dsirf Behind the Attacks With Subzero Surveillance Malware
Date Published: July 28, 2022

https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html

Excerpt: “The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. The group targets entities in Europe and Central America with a surveillance tool dubbed Subzero. The DSIRF website states the provide services “to multinational corporations in the technology, retail, energy and financial sectors” and that they have “a set of highly sophisticated techniques in gathering and analyzing information.” They publicly offer several services including “an enhanced due diligence and risk analysis process through providing a deep understanding of individuals and entities” and “highly sophisticated Red Teams to challenge your company’s most critical assets.” Microsoft states that multiple news reports have linked the company to the Subzero malware toolset used to hack a broad range of devices, phones, computers, and network and internet-connected devices. The researchers found evidence that links DSIRF to the Knotweed’s operation, including the C2 infrastructure used by Subzero, and code signing certificate issued to DSIRF that is used to sign an exploit.”

Title: As Microsoft Blocks Office Macros, Hackers Find New Attack Vectors
Date Published: July 28, 2022

https://www.bleepingcomputer.com/news/security/as-microsoft-blocks-office-macros-hackers-find-new-attack-vectors/

Excerpt: “Hackers who normally distributed malware via phishing attachments with malicious macros gradually changed tactics after Microsoft Office began blocking them by default, switching to new file types such as ISO, RAR, and Windows Shortcut (LNK) attachments. VBA and XL4 Macros are small programs created to automate repetitive tasks in Microsoft Office applications, which threat actors abuse for loading, dropping, or installing malware via malicious Microsoft Office document attachments sent in phishing emails. The reason for the switch is Microsoft announcing that they would end the massive abuse of the Office subsystem by automatically blocking macros by default and making it harder to activate them. Although it took Microsoft a little longer to implement this Microsoft Office change, the block finally entered into effect last week. However, the initial announcement alone convinced malware operators to move away from macros and begin experimenting with alternative methods to infect victims.”

Title: Kansas MSP Shuts Down Cloud Services to Fend Off Cyberattack
Date Published: July 27, 2022

https://www.bleepingcomputer.com/news/security/kansas-msp-shuts-down-cloud-services-to-fend-off-cyberattack/

Excerpt: “A US managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint, and CRM services. According to an email sent to MyAppsAnywhere customers shared on Reddit, the company detected signs of a cyberattack on Tuesday morning and quickly shut down cloud services to prevent the attack’s spread. The company says that they have engaged their insurance provider to help identify the source of the attack and bring systems back online.”

Title: New ‘Robin Banks’ Phishing Service Targets BOFA, Citi, and Wells Fargo
Date Published: July 27, 2022

https://www.bleepingcomputer.com/news/security/new-robin-banks-phishing-service-targets-bofa-citi-and-wells-fargo/

Excerpt: “A new phishing as a service (PhaaS) platform named ‘Robin Banks’ has been launched, offering ready-made phishing kits targeting the customers of well-known banks and online services. The targeted entities include Citibank, Bank of America, Capital One, Wells Fargo, PNC, U.S. Bank, Lloyds Bank, the Commonwealth Bank in Australia, and Santander. Additionally, Robin Banks offers templates to steal Microsoft, Google, Netflix, and T-Mobile accounts. According to a report by IronNet, whose analysts discovered the new phishing platform, Robin Banks is already being deployed in large-scale campaigns that started in mid-June, targeting victims via SMS and email.”

Title: Spain Arrests Suspected Hackers Who Sabotaged Radiation Alert System
Date Published: July 27, 2022

https://www.bleepingcomputer.com/news/security/spain-arrests-suspected-hackers-who-sabotaged-radiation-alert-system/

Excerpt: “The Spanish police have announced the arrest of two hackers believed to be responsible for cyberattacks on the country’s radioactivity alert network (RAR), which took place between March and June 2021. The two arrested individuals are former workers of a company contracted by the General Directorate of Civil Protection and Emergencies (DGPGE) to maintain the RAR system, so they had a deep knowledge of its operation and how to deliver an effective cyberattack. The two arrested individuals gained illegitimate access to DGPGE’s network and attempted to delete the RAR management web application in the control center. In parallel, the duo launched individual attacks against sensors, taking down 300 out of 800 spread across Spain, essentially breaking their link to the control center and disrupting the data exchange.”

Title: Microsoft: Windows, Adobe Zero-Days Used to Deploy Subzero Malware
Date Published: July 27, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-adobe-zero-days-used-to-deploy-subzero-malware/

Excerpt: “Microsoft has linked a threat group known as Knotweed to an Austrian spyware vendor also operating as a cyber mercenary outfit named DSIRF that targets European and Central American entities using a malware toolset dubbed Subzero. On its website, DSIRF promotes itself as a company that provides information research, forensics, and data-driven intelligence services to corporations. However, it has been linked to the development of the Subzero malware that its customers can use to hack targets’ phones, computers, and network and internet-connected devices.”

Title: Github Introduces 2FA and Quality of Life Improvements for Npm
Date Published: July 27, 2022

https://www.bleepingcomputer.com/news/security/github-introduces-2fa-and-quality-of-life-improvements-for-npm/

Excerpt: “GitHub has announced the general availability of three significant improvements to npm (Node Package Manager), aiming to make using the software more secure and manageable. In summary, the new features include a more streamlined login and publishing experience, the ability to link Twitter and GitHub accounts to npm, and a new package signature verification system. At the same time, GitHub announced that the two-factor authentication program introduced in May 2022 is ready to exit beta and become available to all npm users. The npm platform is a subsidiary of GitHub and is a package manager and repository (registry) for JavaScript coders, used by developers’ projects to download five billion packages daily. It recently suffered large-scale security incidents that impacted hundreds of apps and websites, forcing GitHub to develop and urgently implement a security-boosting plan.”

Title: Ddos Attack Trends in 2022: Ultrashort, Powerful, Multivector Attacks
Date Published: July 27, 2022

https://www.bleepingcomputer.com/news/security/ddos-attack-trends-in-2022-ultrashort-powerful-multivector-attacks/

Excerpt: “The political situation in Europe and the rest of the world has degraded dramatically in 2022. This has affected the nature, intensity, and geography of DDoS attacks, which have become actively used for political purposes.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...