July 5, 2022

Fortify Security Team
Jul 5, 2022

Title: AstraLocker Ransomware Shuts Down and Releases Decryptors
Date Published: July 4, 2022


Excerpt: “The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they’re shutting down the operation and plan to switch to cryptojacking. The ransomware’s developer submitted a ZIP archive with AstraLocker decryptors to the VirusTotal malware analysis platform. BleepingComputer downloaded the archive and confirmed that the decryptors are legitimate and working after testing one of them against files encrypted in a recent AstroLocker campaign.”

Title: Google Patches New Chrome Zero-Day Flaw Exploited in Attacks
Date Published: July 4, 2022


Excerpt: “Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022.
“Google is aware that an exploit for CVE-2022-2294 exists in the wild.,” the browser vendor explained in a security advisory published on Monday. The 103.0.5060.114 version is rolling out worldwide in the Stable Desktop channel, with Google saying that it’s a matter of days or weeks until it reaches the entire userbase.”

Title: Django Fixes SQL Injection Vulnerability in New Releases
Date Published: July 4, 2022


Excerpt: “The Django project, an open source Python-based web framework has patched a high severity vulnerability in its latest releases. Tracked as CVE-2022-34265, the potential SQL Injection vulnerability exists in Django’s main branch, and versions 4.1 (currently in beta), 4.0, and 3.2. New releases and patches issued today squash the vulnerability. Tens of thousands of websites, including some popular brands in the U.S. alone choose Django as their Model-Template-View framework, according to some estimates. This is why the need to upgrade or patch your Django instances against bugs like these is crucial.”

Title: Free Smartphone Stalkerware Detection Tool gets Dedicated Hub
Date Published: July 3, 2022


Excerpt: “Kaspersky has launched a new information hub to help with their open-source stalkerware detection tool named TinyCheck, created in 2019 to help people detect if their devices are being monitored. Stalkerware is software explicitly created to spy on people via their smartphones by monitoring their whereabouts, communications, photos, browsing history, and more. These tools exploit vulnerabilities in the security of modern mobile operating systems to run stealthily in the background without raising suspicion on the victim.”

Title: Microsoft Defender Adds Network Protection for Android, iOS Devices
Date Published: July 3, 2022


Excerpt: “Microsoft has introduced a new Microsoft Defender for Endpoint (MDE) feature in public preview to help organizations detect weaknesses affecting Android and iOS devices in their enterprise networks. After enabling the new Mobile Network Protection feature on Android and iOS devices you want to monitor, the enterprise endpoint security platform will provide protection and notifications when it detects rogue Wi-Fi-related threats and rogue certificates (the primary attack vector for Wi-Fi networks). Threats it can spot include rogue hardware such as Hak5 Wi-Fi Pineapple devices which both pen-testers and cybercriminals can use to capture data shared within the network.”

Title: Rogue HackerOne Employee Steals Bug Reports to Sell on the Side
Date Published: July 2, 2022


Excerpt: “A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards. The rogue worker had contacted about half a dozen HackerOne customers and collected bounties “in a handful of disclosures,” the company said on Friday. HackerOne is a platform for coordinating vulnerability disclosures and intermediating monetary rewards for the bug hunter submitting the security reports.”

Title: Microsoft finds Raspberry Robin Worm in Hundreds of Windows Networks
Date Published: July 2, 2022


Excerpt: “Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors. The malware, dubbed Raspberry Robin, spreads via infected USB devices, and it was first spotted in September 2021 by Red Canary intelligence analysts. Cybersecurity firm Sekoia also observed it using QNAP NAS devices as command and control servers (C2) servers in early November [PDF], while Microsoft said it found malicious artifacts linked to this worm created in 2019.”

Title: UK Army’s Twitter, YouTube Accounts Hacked to Push Crypto Scam
Date Published: July 4, 2022


Excerpt: “British Army’s Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday. Notably, the army’s verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes. The YouTube account was seen airing “Ark Invest” live streams featuring an older Elon Musk clip to mislead users into visiting cryptocurrency scam sites.”

Title: Data of a Billion Chinese Residents Available for Sale on the Dark Web
Date Published: July 4, 2022


Excerpt: “Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one in the country’s history. The database contained names, addresses, birthplaces, national IDs, phone numbers, and criminal case information of Chinese citizens. The hacker is offering the database on a popular cybercrime forum for 10 bitcoins. The Chief Executive Officer of cryptocurrency exchange Binance, Zhao Changpeng, on July 3rd, announced that the threat intelligence team of his company has detected 1 billion resident records available for sale in the dark web.”

Title: Canadian Cybercriminal Pleads Guilty to “NetWalker” Attacks in US
Date Published: July 4, 2022


Excerpt: “Simply put, the core gang members create the malware samples, run the darkweb servers that handle the “negotiations” with victims, and collect the extortion payments while the affiliates handle breaking into victims’ networks, mapping them out, and lining up the final attack in which as many computers on the network as possible have their data scrambled at the same time. The “business theory”, if we can call it that, is that by taking 30% of every successful attack, the core criminals become extremely wealthy indeed, but keep a low profile away from the network-cracking limelight. At the same time, by handing 70% to their “affiliates”, they encourage those co-conspirators to make each attack as debilitating as possible, potentially increasing the amount that victims can ultimately be squeezed into paying to get their business running.

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...