July 29, 2022

Fortify Security Team
Jul 29, 2022

Title: Strong Authentication – Robust Identity and Access Management Is a Strategic Choice
Date Published: July 29, 2022

https://securityaffairs.co/wordpress/133807/security/strong-authentication.html

Excerpt: ““Usernames and passwords are insufficient and vulnerable means of authentication on their own; therefore, it is essential to employ strong authentication techniques like multi-factor authentication (MFA) to confirm users’ identities before granting secure access to resources,” Sarah Lefavrais, Product Marketing Manager, Thales states in her recent article. It’s true. Passwords no longer meet the demands of today’s identity and access requirements. Therefore, strong authentication methods are needed to improve security without hindering user convenience.”

Title: Exploitation Is Underway for a Critical Flaw in Atlassian Confluence Server and Data Center
Date Published: July 29, 2022

https://securityaffairs.co/wordpress/133798/hacking/atlassian-cve-2022-26138-actively-exploited.html

Excerpt: “Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers.
Once installed the Questions for Confluence app (versions 2.7.34, 2.7.35, and 3.0.2), a Confluence user account with the username “disabledsystemuser” is created. According to Atlassian, the account allows administrators to migrate data from the app to Confluence Cloud. The bad news is that the account is created with a hard-coded password and is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default.”

Title: Researchers Create Key Tech for Quantum Cryptography Commercialization
Date Published: July 29, 2022

https://www.helpnetsecurity.com/2022/07/29/quantum-cryptography-commercialization/

Excerpt: “In modern cryptosystems, users generate public and private keys that guarantee security based on computational complexity and use them to encrypt and decrypt information. However, recently, modern public-key cryptosystems have faced potential security loopholes against quantum computers with great computational power. As a solution, quantum cryptosystems have been highly noticed. They use quantum keys that guarantee security based on quantum physics rather than computational complexity, thus they are secure even against quantum computers. Therefore, quantum cryptosystems are expected to replace modern cryptosystems. Quantum key distribution (QKD) is the most important technology for realizing quantum cryptosystems. Two main technical issues should be addressed to commercialize QKD. One is the communication distance, and the other is the expansion from one-to-one (1:1) communication to one-to-many (1:N) or many-to-many (N:N) network communication.”

Title: Malicious Npm Packages Steal Discord Users’ Payment Card Info
Date Published: July 28, 2022

https://www.bleepingcomputer.com/news/security/malicious-npm-packages-steal-discord-users-payment-card-info/

Excerpt: “Multiple npm packages are being used in an ongoing malicious campaign to infect Discord users with malware that steals their payment card information. The malware used in these attacks is a variant of the open-source and Python-based Volt Stealer token logger and JavaScript malware dubbed Lofy Stealer, according to Kaspersky security researchers Igor Kuznetsov and Leonid Bezvershenko. “On July 26, using the internal automated system for monitoring open-source repositories, we identified four suspicious packages in the Node Package Manager (npm) repository,” the researchers said. The malware is automatically deployed after installing the small-sm, pern-valids, lifeculer, or proc-title malicious npm modules. Once installed, the Volt Stealer variant collects Discord tokens and system information, including the victims’ IP addresses. Lofy Stealer monitors the victims’ actions, such as Discord logins, attempts to change the credentials, multi-factor authentication (MFA) toggles, or the addition of new payment methods to steal Discord accounts and payment information.”

Title: Microsoft Links Raspberry Robin Malware to Evil Corp Attacks
Date Published: July 29, 2022

https://www.bleepingcomputer.com/news/security/microsoft-links-raspberry-robin-malware-to-evil-corp-attacks/

Excerpt: “Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics. “On July 26, 2022, Microsoft researchers discovered the FakeUpdates malware being delivered via existing Raspberry Robin infections,” Microsoft revealed Thursday. “The DEV-0206-associated FakeUpdates activity on affected systems has since led to follow-on actions resembling DEV-0243 pre-ransomware behavior.” According to a threat intelligence advisory shared with enterprise customers, Microsoft has found Raspberry Robin malware on the networks of hundreds of organizations from a wide range of industry sectors.”

Title: Ransom Payments Fall as Fewer Victims Choose to Pay Hackers
Date Published: July 28, 2022

https://www.bleepingcomputer.com/news/security/ransom-payments-fall-as-fewer-victims-choose-to-pay-hackers/

Excerpt: “Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value, a trend that continues since the last quarter of 2021. Ransomware remediation firm Coveware has published a report today with ransomware data from the second quarter of 2022 showing that although the average payment increased, the median value recorded a significant drop.”

Title: Microsoft SQL Servers Hacked to Steal Bandwidth for Proxy Services
Date Published: July 28, 2022

https://www.bleepingcomputer.com/news/security/microsoft-sql-servers-hacked-to-steal-bandwidth-for-proxy-services/

Excerpt: “Threat actors are generating revenue by using adware bundles, malware, or even hacking into Microsoft SQL servers, to convert devices into proxies that are rented through online proxy services. To steal a device’s bandwidth, the threat actors install software called ‘proxyware’ that allocates a device’s available internet bandwidth as a proxy server that remote users can use for various tasks, like testing, intelligence collection, content distribution, or market research. Botters also love these proxy services as they gain access to residential IP addresses that have not been blacklisted from online retailers.”

Title: Libreoffice Addresses Security Issues With Macros, Passwords
Date Published: July 28, 2022

https://www.bleepingcomputer.com/news/security/libreoffice-addresses-security-issues-with-macros-passwords/

Excerpt: “The LibreOffice suite has been updated to address several security vulnerabilities related to the execution of macros and the protection of passwords for web connections. The developer implemented fixes in the stable release of the product (LibreOffice 7.2) and the unstable branch (7.3). In total, there are fixes for three vulnerabilities. The first one is tracked as CVE-2022-26305 and allows macro code to run on the target device even if the certificate used to sign the macro doesn’t match the entries in the user’s configuration database.”

Title: Cyberspies Use Google Chrome Extension to Steal Emails Undetected
Date Published: July 28, 2022

https://www.bleepingcomputer.com/news/security/cyberspies-use-google-chrome-extension-to-steal-emails-undetected/

Excerpt: “A North Korean-backed threat group tracked as Kimsuky is using a malicious browser extension to steal emails from Google Chrome or Microsoft Edge users reading their webmail. The extension, dubbed SHARPEXT by Volexity researchers who spotted this campaign in September, supports three Chromium-based web browsers (Chrome, Edge, and Whale) and can steal mail from Gmail and AOL accounts. The attackers install the malicious extension after compromising a target’s system using a custom VBS script by replacing the ‘Preferences’ and ‘Secure Preferences’ files with ones downloaded from the malware’s command-and-control server.”

Title: Akamai Blocked Largest Ddos in Europe Against One of Its Customers
Date Published: July 28, 2022

https://www.bleepingcomputer.com/news/security/akamai-blocked-largest-ddos-in-europe-against-one-of-its-customers/

Excerpt: “The largest distributed denial-of-service (DDoS) attack that Europe has ever seen occurred earlier this month and hit an organization in Eastern Europe. The target, a customer of cybersecurity and cloud service company Akamai, has been under constant assault, facing dozens of DDoS rounds over the past 30 days. DDoS incidents have become more frequent since the start of the year as attackers try to deny access to the victim’s digital services by flooding them with requests and traffic to overwhelm resources and render them unavailable.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...