July 5, 2022

Fortify Security Team
Jul 5, 2022

Title: AstraLocker Ransomware Shuts Down and Releases Decryptors
Date Published: July 4, 2022

https://www.bleepingcomputer.com/news/security/astralocker-ransomware-shuts-down-and-releases-decryptors/

Excerpt: “The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they’re shutting down the operation and plan to switch to cryptojacking. The ransomware’s developer submitted a ZIP archive with AstraLocker decryptors to the VirusTotal malware analysis platform. BleepingComputer downloaded the archive and confirmed that the decryptors are legitimate and working after testing one of them against files encrypted in a recent AstroLocker campaign.”

Title: Google Patches New Chrome Zero-Day Flaw Exploited in Attacks
Date Published: July 4, 2022

https://www.bleepingcomputer.com/news/security/google-patches-new-chrome-zero-day-flaw-exploited-in-attacks/

Excerpt: “Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022.
“Google is aware that an exploit for CVE-2022-2294 exists in the wild.,” the browser vendor explained in a security advisory published on Monday. The 103.0.5060.114 version is rolling out worldwide in the Stable Desktop channel, with Google saying that it’s a matter of days or weeks until it reaches the entire userbase.”

Title: Django Fixes SQL Injection Vulnerability in New Releases
Date Published: July 4, 2022

https://www.bleepingcomputer.com/news/security/django-fixes-sql-injection-vulnerability-in-new-releases/

Excerpt: “The Django project, an open source Python-based web framework has patched a high severity vulnerability in its latest releases. Tracked as CVE-2022-34265, the potential SQL Injection vulnerability exists in Django’s main branch, and versions 4.1 (currently in beta), 4.0, and 3.2. New releases and patches issued today squash the vulnerability. Tens of thousands of websites, including some popular brands in the U.S. alone choose Django as their Model-Template-View framework, according to some estimates. This is why the need to upgrade or patch your Django instances against bugs like these is crucial.”

Title: Free Smartphone Stalkerware Detection Tool gets Dedicated Hub
Date Published: July 3, 2022

https://www.bleepingcomputer.com/news/security/free-smartphone-stalkerware-detection-tool-gets-dedicated-hub/

Excerpt: “Kaspersky has launched a new information hub to help with their open-source stalkerware detection tool named TinyCheck, created in 2019 to help people detect if their devices are being monitored. Stalkerware is software explicitly created to spy on people via their smartphones by monitoring their whereabouts, communications, photos, browsing history, and more. These tools exploit vulnerabilities in the security of modern mobile operating systems to run stealthily in the background without raising suspicion on the victim.”

Title: Microsoft Defender Adds Network Protection for Android, iOS Devices
Date Published: July 3, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-adds-network-protection-for-android-ios-devices/

Excerpt: “Microsoft has introduced a new Microsoft Defender for Endpoint (MDE) feature in public preview to help organizations detect weaknesses affecting Android and iOS devices in their enterprise networks. After enabling the new Mobile Network Protection feature on Android and iOS devices you want to monitor, the enterprise endpoint security platform will provide protection and notifications when it detects rogue Wi-Fi-related threats and rogue certificates (the primary attack vector for Wi-Fi networks). Threats it can spot include rogue hardware such as Hak5 Wi-Fi Pineapple devices which both pen-testers and cybercriminals can use to capture data shared within the network.”

Title: Rogue HackerOne Employee Steals Bug Reports to Sell on the Side
Date Published: July 2, 2022

https://www.bleepingcomputer.com/news/security/rogue-hackerone-employee-steals-bug-reports-to-sell-on-the-side/

Excerpt: “A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards. The rogue worker had contacted about half a dozen HackerOne customers and collected bounties “in a handful of disclosures,” the company said on Friday. HackerOne is a platform for coordinating vulnerability disclosures and intermediating monetary rewards for the bug hunter submitting the security reports.”

Title: Microsoft finds Raspberry Robin Worm in Hundreds of Windows Networks
Date Published: July 2, 2022

https://www.bleepingcomputer.com/news/security/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks/

Excerpt: “Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors. The malware, dubbed Raspberry Robin, spreads via infected USB devices, and it was first spotted in September 2021 by Red Canary intelligence analysts. Cybersecurity firm Sekoia also observed it using QNAP NAS devices as command and control servers (C2) servers in early November [PDF], while Microsoft said it found malicious artifacts linked to this worm created in 2019.”

Title: UK Army’s Twitter, YouTube Accounts Hacked to Push Crypto Scam
Date Published: July 4, 2022

https://www.bleepingcomputer.com/news/security/uk-army-s-twitter-youtube-accounts-hacked-to-push-crypto-scam/

Excerpt: “British Army’s Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday. Notably, the army’s verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes. The YouTube account was seen airing “Ark Invest” live streams featuring an older Elon Musk clip to mislead users into visiting cryptocurrency scam sites.”

Title: Data of a Billion Chinese Residents Available for Sale on the Dark Web
Date Published: July 4, 2022

https://securityaffairs.co/wordpress/132860/data-breach/chinese-residents-data-dark-web.html

Excerpt: “Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one in the country’s history. The database contained names, addresses, birthplaces, national IDs, phone numbers, and criminal case information of Chinese citizens. The hacker is offering the database on a popular cybercrime forum for 10 bitcoins. The Chief Executive Officer of cryptocurrency exchange Binance, Zhao Changpeng, on July 3rd, announced that the threat intelligence team of his company has detected 1 billion resident records available for sale in the dark web.”

Title: Canadian Cybercriminal Pleads Guilty to “NetWalker” Attacks in US
Date Published: July 4, 2022

https://nakedsecurity.sophos.com/2022/07/04/canadian-cybercriminal-pleads-guilty-to-netwalker-attacks-in-us/

Excerpt: “Simply put, the core gang members create the malware samples, run the darkweb servers that handle the “negotiations” with victims, and collect the extortion payments while the affiliates handle breaking into victims’ networks, mapping them out, and lining up the final attack in which as many computers on the network as possible have their data scrambled at the same time. The “business theory”, if we can call it that, is that by taking 30% of every successful attack, the core criminals become extremely wealthy indeed, but keep a low profile away from the network-cracking limelight. At the same time, by handing 70% to their “affiliates”, they encourage those co-conspirators to make each attack as debilitating as possible, potentially increasing the amount that victims can ultimately be squeezed into paying to get their business running.

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...