August 10, 2022

Fortify Security Team
Aug 10, 2022

Title: Cisa Warns of Windows and Unrar Flaws Exploited in the Wild

Date Published: August 9, 2022

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation. One of them has spent more than two years as a zero-day bug in the Windows Support Diagnostic Tool (MSDT) and it has exploit code publicly available. Both security issues have received a high-severity score and are directory traversal vulnerabilities that could help attackers plant malware on a target system.”

Title: How Hackers Are Stealing Credit Cards From Classifieds Sites

Date Published: August 9, 2022

Excerpt: “A new credit card stealing campaign is underway in Singapore, snatching the payment details of sellers on classifieds sites through an elaborate phishing trick. The scammers also attempt to transfer the funds directly to their accounts using valid one-time passcodes (OTPs) on the bank’s actual platform. Threat analysts at Group-IB, who detected this recent wave in March 2022, believe it’s part of a global operation called “Classicscam,” which they discovered in 2020. Singapore is a new addition to the targeting scope of the criminal operation, which is a bad sign indicating that the scheme is still growing and its reach is expanding.”

Title: Microsoft: Exchange ‘Extended Protection’ Needed to Fully Patch New Bugs

Date Published: August 9, 2022

Excerpt: “Microsoft says that some of the Exchange Server flaws addressed as part of the August 2022 Patch Tuesday also require admins to manually enable Extended Protection on affected servers to fully block attacks. The company patched 121 flaws today, including the DogWalk Windows zero-day exploited in the wild and several Exchange vulnerabilities (CVE-2022-21980, CVE-2022-24477, and CVE-2022-24516) rated as critical severity and allowing for privilege escalation. Remote attackers can exploit these Exchange bugs to escalate privileges in low-complexity attacks after tricking targets into visiting a malicious server using phishing emails or chat messages.”

Title: Kali Linux 2022.3 Adds 5 New Tools, Updates Linux Kernel, and More

Date Published: August 9, 2022

Excerpt: “Offensive Security has released Kali Linux 2022.3, the third version of 2022, with virtual machine improvements, Linux Kernel 5.18.5, new tools to play with, and improved ARM support. Kali Linux is a distribution designed for ethical hackers to perform penetration testing, security audits, and cybersecurity research against networks. With this release, the Kali Linux Team introduces a variety of new features, including Improved virtual machine support, New tools, Kali ARM updates, Kali NetHunter Updates, and Now accepting submissions for the Kali-Tools repository. Offensive Security decided to release Kali Linux 2022.3 in conjunction with the Black Hat, BSides LV, and DefCon security conference as a “nice surprise for everyone to enjoy!” With this release, Kali Linux is using Linux Kernel 5.18.5. However, Raspberry Pi releases are using version 5.15. Offensive Security also announced today that they will be having hour-long voice chat sessions on their ‘Kali Linux & Friends’ Discord server after every Kali release to chat about the new changes.”

Title: Microsoft Patches Windows Dogwalk Zero-Day Exploited in Attacks

Date Published: August 9, 2022

Excerpt: “Microsoft has released security updates to address a high severity Windows zero-day vulnerability with publicly available exploit code and abused in attacks. Fixed as part of the August 2022 Patch Tuesday, this security flaw is now tracked CVE-2022-34713 and has been jokingly named DogWalk. It is due to a path traversal weakness in the Windows Support Diagnostic Tool (MSDT) that attackers can exploit to gain remote code execution on compromised systems.”

Title: Cloudflare Employees Also Hit by Hackers Behind Twilio Breach

Date Published: August 9, 2022

Excerpt: “Cloudflare says some of its employees’ credentials were also stolen in an SMS phishing attack similar to the one that led to Twilio’s network being breached last week. However, although the attackers got their hands on Cloudflare employees’ accounts, they failed to breach its systems after their attempts to log in using them were blocked since they didn’t have access to their victims’ company-issued FIDO2-compliant security keys. “Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees,” Cloudflare explained on Tuesday.”

Title: 10 Malicious Pypi Packages Found Stealing Developer’s Credentials

Date Published: August 9, 2022

Excerpt: “Threat analysts have discovered ten malicious Python packages on the PyPI repository, used to infect developer’s systems with password-stealing malware. The fake packages used typosquatting to impersonate popular software projects and trick PyPI users into downloading them. PyPI (Python Package Index) is a repository of over 350,000 open-source software packages that millions of registered users can easily incorporate into their Python projects and build complex products with minimal effort. Malware operators take advantage of the platform’s open nature and frequently upload malicious or fake packages to compromise developers’ systems. From there, the threat actors target the developers and their assets for supply-chain attacks, steal proprietary source code, or look for potential pivoting points in the software development environment.”

Title: Vmware Warns of Public Exploit for Critical Auth Bypass Vulnerability

Date Published: August 9, 2022

Excerpt: “Proof-of-concept exploit code is now publicly available online for a critical authentication bypass security flaw in multiple VMware products that enables attackers to gain admin privileges. A week ago, VMware released updates to address the vulnerability (CVE-2022-31656) affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. Multiple other flaws were patched the same day, including a high severity SQL injection flaw (CVE-2022-31659) that allows remote attackers to gain remote code execution. Today, VMware “confirmed malicious code that can exploit CVE-2022-31656 and CVE-2022-31659 in impacted products is publicly available” in an update to the original advisory. VNG Security security researcher Petrus Viet, who discovered and reported the flaw, has now released a proof-of-concept (PoC) exploit and detailed technical analysis for this bug today. He announced last week that a CVE-2022-22972 PoC would be made available this week.”

Title: Maui Ransomware Operation Linked to North Korean ‘Andariel’ Hackers

Date Published: August 9, 2022

Excerpt: “The Maui ransomware operation has been linked to the North Korean state-sponsored hacking group ‘Andariel,’ known for using malicious cyber activities to generate revenue and causing discord in South Korea. State-sponsored North Korean hackers are notorious for orchestrating campaigns with financial motives, so running their own ransomware operation matches their overall strategic goals. The link between Maui and Andariel was made by researchers at Kaspersky, who attribute it with medium confidence. Andariel has been linked to ransomware attacks in the recent past, targeting South Korean companies in media, construction, manufacturing, and network services.”

Title: Hackers Install Dracarys Android Malware Using Modified Signal App

Date Published: August 9, 2022

Excerpt: “Researchers have discovered more details on the newly discovered Android spyware ‘Dracarys,’ used by the Bitter APT group in cyberespionage operations targeting users from New Zealand, India, Pakistan, and the United Kingdom. Meta (Facebook) first reported the new Android malware in its Q2 2022 adversarial threat report, where they briefly mentioned its data-stealing, geo-locating, and microphone-activation capabilities.
Today, cyber-intelligence firm Cyble published a technical report on Dracarys, which was shared exclusively with Bleeping Computer, diving deeper into the inner workings of the spyware.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 Excerpt: “The North Korean APT group 'Lazarus' (APT38)...