July 29, 2022

Fortify Security Team
Jul 29, 2022

Title: Strong Authentication – Robust Identity and Access Management Is a Strategic Choice
Date Published: July 29, 2022


Excerpt: ““Usernames and passwords are insufficient and vulnerable means of authentication on their own; therefore, it is essential to employ strong authentication techniques like multi-factor authentication (MFA) to confirm users’ identities before granting secure access to resources,” Sarah Lefavrais, Product Marketing Manager, Thales states in her recent article. It’s true. Passwords no longer meet the demands of today’s identity and access requirements. Therefore, strong authentication methods are needed to improve security without hindering user convenience.”

Title: Exploitation Is Underway for a Critical Flaw in Atlassian Confluence Server and Data Center
Date Published: July 29, 2022


Excerpt: “Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers.
Once installed the Questions for Confluence app (versions 2.7.34, 2.7.35, and 3.0.2), a Confluence user account with the username “disabledsystemuser” is created. According to Atlassian, the account allows administrators to migrate data from the app to Confluence Cloud. The bad news is that the account is created with a hard-coded password and is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default.”

Title: Researchers Create Key Tech for Quantum Cryptography Commercialization
Date Published: July 29, 2022


Excerpt: “In modern cryptosystems, users generate public and private keys that guarantee security based on computational complexity and use them to encrypt and decrypt information. However, recently, modern public-key cryptosystems have faced potential security loopholes against quantum computers with great computational power. As a solution, quantum cryptosystems have been highly noticed. They use quantum keys that guarantee security based on quantum physics rather than computational complexity, thus they are secure even against quantum computers. Therefore, quantum cryptosystems are expected to replace modern cryptosystems. Quantum key distribution (QKD) is the most important technology for realizing quantum cryptosystems. Two main technical issues should be addressed to commercialize QKD. One is the communication distance, and the other is the expansion from one-to-one (1:1) communication to one-to-many (1:N) or many-to-many (N:N) network communication.”

Title: Malicious Npm Packages Steal Discord Users’ Payment Card Info
Date Published: July 28, 2022


Excerpt: “Multiple npm packages are being used in an ongoing malicious campaign to infect Discord users with malware that steals their payment card information. The malware used in these attacks is a variant of the open-source and Python-based Volt Stealer token logger and JavaScript malware dubbed Lofy Stealer, according to Kaspersky security researchers Igor Kuznetsov and Leonid Bezvershenko. “On July 26, using the internal automated system for monitoring open-source repositories, we identified four suspicious packages in the Node Package Manager (npm) repository,” the researchers said. The malware is automatically deployed after installing the small-sm, pern-valids, lifeculer, or proc-title malicious npm modules. Once installed, the Volt Stealer variant collects Discord tokens and system information, including the victims’ IP addresses. Lofy Stealer monitors the victims’ actions, such as Discord logins, attempts to change the credentials, multi-factor authentication (MFA) toggles, or the addition of new payment methods to steal Discord accounts and payment information.”

Title: Microsoft Links Raspberry Robin Malware to Evil Corp Attacks
Date Published: July 29, 2022


Excerpt: “Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics. “On July 26, 2022, Microsoft researchers discovered the FakeUpdates malware being delivered via existing Raspberry Robin infections,” Microsoft revealed Thursday. “The DEV-0206-associated FakeUpdates activity on affected systems has since led to follow-on actions resembling DEV-0243 pre-ransomware behavior.” According to a threat intelligence advisory shared with enterprise customers, Microsoft has found Raspberry Robin malware on the networks of hundreds of organizations from a wide range of industry sectors.”

Title: Ransom Payments Fall as Fewer Victims Choose to Pay Hackers
Date Published: July 28, 2022


Excerpt: “Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value, a trend that continues since the last quarter of 2021. Ransomware remediation firm Coveware has published a report today with ransomware data from the second quarter of 2022 showing that although the average payment increased, the median value recorded a significant drop.”

Title: Microsoft SQL Servers Hacked to Steal Bandwidth for Proxy Services
Date Published: July 28, 2022


Excerpt: “Threat actors are generating revenue by using adware bundles, malware, or even hacking into Microsoft SQL servers, to convert devices into proxies that are rented through online proxy services. To steal a device’s bandwidth, the threat actors install software called ‘proxyware’ that allocates a device’s available internet bandwidth as a proxy server that remote users can use for various tasks, like testing, intelligence collection, content distribution, or market research. Botters also love these proxy services as they gain access to residential IP addresses that have not been blacklisted from online retailers.”

Title: Libreoffice Addresses Security Issues With Macros, Passwords
Date Published: July 28, 2022


Excerpt: “The LibreOffice suite has been updated to address several security vulnerabilities related to the execution of macros and the protection of passwords for web connections. The developer implemented fixes in the stable release of the product (LibreOffice 7.2) and the unstable branch (7.3). In total, there are fixes for three vulnerabilities. The first one is tracked as CVE-2022-26305 and allows macro code to run on the target device even if the certificate used to sign the macro doesn’t match the entries in the user’s configuration database.”

Title: Cyberspies Use Google Chrome Extension to Steal Emails Undetected
Date Published: July 28, 2022


Excerpt: “A North Korean-backed threat group tracked as Kimsuky is using a malicious browser extension to steal emails from Google Chrome or Microsoft Edge users reading their webmail. The extension, dubbed SHARPEXT by Volexity researchers who spotted this campaign in September, supports three Chromium-based web browsers (Chrome, Edge, and Whale) and can steal mail from Gmail and AOL accounts. The attackers install the malicious extension after compromising a target’s system using a custom VBS script by replacing the ‘Preferences’ and ‘Secure Preferences’ files with ones downloaded from the malware’s command-and-control server.”

Title: Akamai Blocked Largest Ddos in Europe Against One of Its Customers
Date Published: July 28, 2022


Excerpt: “The largest distributed denial-of-service (DDoS) attack that Europe has ever seen occurred earlier this month and hit an organization in Eastern Europe. The target, a customer of cybersecurity and cloud service company Akamai, has been under constant assault, facing dozens of DDoS rounds over the past 30 days. DDoS incidents have become more frequent since the start of the year as attackers try to deny access to the victim’s digital services by flooding them with requests and traffic to overwhelm resources and render them unavailable.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...