August 10, 2022

Fortify Security Team
Aug 10, 2022

Title: Cisa Warns of Windows and Unrar Flaws Exploited in the Wild

Date Published: August 9, 2022

https://www.bleepingcomputer.com/news/security/cisa-warns-of-windows-and-unrar-flaws-exploited-in-the-wild/

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation. One of them has spent more than two years as a zero-day bug in the Windows Support Diagnostic Tool (MSDT) and it has exploit code publicly available. Both security issues have received a high-severity score and are directory traversal vulnerabilities that could help attackers plant malware on a target system.”

Title: How Hackers Are Stealing Credit Cards From Classifieds Sites

Date Published: August 9, 2022

https://www.bleepingcomputer.com/news/security/how-hackers-are-stealing-credit-cards-from-classifieds-sites/

Excerpt: “A new credit card stealing campaign is underway in Singapore, snatching the payment details of sellers on classifieds sites through an elaborate phishing trick. The scammers also attempt to transfer the funds directly to their accounts using valid one-time passcodes (OTPs) on the bank’s actual platform. Threat analysts at Group-IB, who detected this recent wave in March 2022, believe it’s part of a global operation called “Classicscam,” which they discovered in 2020. Singapore is a new addition to the targeting scope of the criminal operation, which is a bad sign indicating that the scheme is still growing and its reach is expanding.”

Title: Microsoft: Exchange ‘Extended Protection’ Needed to Fully Patch New Bugs

Date Published: August 9, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-extended-protection-needed-to-fully-patch-new-bugs/

Excerpt: “Microsoft says that some of the Exchange Server flaws addressed as part of the August 2022 Patch Tuesday also require admins to manually enable Extended Protection on affected servers to fully block attacks. The company patched 121 flaws today, including the DogWalk Windows zero-day exploited in the wild and several Exchange vulnerabilities (CVE-2022-21980, CVE-2022-24477, and CVE-2022-24516) rated as critical severity and allowing for privilege escalation. Remote attackers can exploit these Exchange bugs to escalate privileges in low-complexity attacks after tricking targets into visiting a malicious server using phishing emails or chat messages.”

Title: Kali Linux 2022.3 Adds 5 New Tools, Updates Linux Kernel, and More

Date Published: August 9, 2022

https://www.bleepingcomputer.com/news/security/kali-linux-20223-adds-5-new-tools-updates-linux-kernel-and-more/

Excerpt: “Offensive Security has released Kali Linux 2022.3, the third version of 2022, with virtual machine improvements, Linux Kernel 5.18.5, new tools to play with, and improved ARM support. Kali Linux is a distribution designed for ethical hackers to perform penetration testing, security audits, and cybersecurity research against networks. With this release, the Kali Linux Team introduces a variety of new features, including Improved virtual machine support, New tools, Kali ARM updates, Kali NetHunter Updates, and Now accepting submissions for the Kali-Tools repository. Offensive Security decided to release Kali Linux 2022.3 in conjunction with the Black Hat, BSides LV, and DefCon security conference as a “nice surprise for everyone to enjoy!” With this release, Kali Linux is using Linux Kernel 5.18.5. However, Raspberry Pi releases are using version 5.15. Offensive Security also announced today that they will be having hour-long voice chat sessions on their ‘Kali Linux & Friends’ Discord server after every Kali release to chat about the new changes.”

Title: Microsoft Patches Windows Dogwalk Zero-Day Exploited in Attacks

Date Published: August 9, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-windows-dogwalk-zero-day-exploited-in-attacks/

Excerpt: “Microsoft has released security updates to address a high severity Windows zero-day vulnerability with publicly available exploit code and abused in attacks. Fixed as part of the August 2022 Patch Tuesday, this security flaw is now tracked CVE-2022-34713 and has been jokingly named DogWalk. It is due to a path traversal weakness in the Windows Support Diagnostic Tool (MSDT) that attackers can exploit to gain remote code execution on compromised systems.”

Title: Cloudflare Employees Also Hit by Hackers Behind Twilio Breach

Date Published: August 9, 2022

https://www.bleepingcomputer.com/news/security/cloudflare-employees-also-hit-by-hackers-behind-twilio-breach/

Excerpt: “Cloudflare says some of its employees’ credentials were also stolen in an SMS phishing attack similar to the one that led to Twilio’s network being breached last week. However, although the attackers got their hands on Cloudflare employees’ accounts, they failed to breach its systems after their attempts to log in using them were blocked since they didn’t have access to their victims’ company-issued FIDO2-compliant security keys. “Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees,” Cloudflare explained on Tuesday.”

Title: 10 Malicious Pypi Packages Found Stealing Developer’s Credentials

Date Published: August 9, 2022

https://www.bleepingcomputer.com/news/security/10-malicious-pypi-packages-found-stealing-developers-credentials/

Excerpt: “Threat analysts have discovered ten malicious Python packages on the PyPI repository, used to infect developer’s systems with password-stealing malware. The fake packages used typosquatting to impersonate popular software projects and trick PyPI users into downloading them. PyPI (Python Package Index) is a repository of over 350,000 open-source software packages that millions of registered users can easily incorporate into their Python projects and build complex products with minimal effort. Malware operators take advantage of the platform’s open nature and frequently upload malicious or fake packages to compromise developers’ systems. From there, the threat actors target the developers and their assets for supply-chain attacks, steal proprietary source code, or look for potential pivoting points in the software development environment.”

Title: Vmware Warns of Public Exploit for Critical Auth Bypass Vulnerability

Date Published: August 9, 2022

https://www.bleepingcomputer.com/news/security/vmware-warns-of-public-exploit-for-critical-auth-bypass-vulnerability/

Excerpt: “Proof-of-concept exploit code is now publicly available online for a critical authentication bypass security flaw in multiple VMware products that enables attackers to gain admin privileges. A week ago, VMware released updates to address the vulnerability (CVE-2022-31656) affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. Multiple other flaws were patched the same day, including a high severity SQL injection flaw (CVE-2022-31659) that allows remote attackers to gain remote code execution. Today, VMware “confirmed malicious code that can exploit CVE-2022-31656 and CVE-2022-31659 in impacted products is publicly available” in an update to the original advisory. VNG Security security researcher Petrus Viet, who discovered and reported the flaw, has now released a proof-of-concept (PoC) exploit and detailed technical analysis for this bug today. He announced last week that a CVE-2022-22972 PoC would be made available this week.”

Title: Maui Ransomware Operation Linked to North Korean ‘Andariel’ Hackers

Date Published: August 9, 2022

https://www.bleepingcomputer.com/news/security/maui-ransomware-operation-linked-to-north-korean-andariel-hackers/

Excerpt: “The Maui ransomware operation has been linked to the North Korean state-sponsored hacking group ‘Andariel,’ known for using malicious cyber activities to generate revenue and causing discord in South Korea. State-sponsored North Korean hackers are notorious for orchestrating campaigns with financial motives, so running their own ransomware operation matches their overall strategic goals. The link between Maui and Andariel was made by researchers at Kaspersky, who attribute it with medium confidence. Andariel has been linked to ransomware attacks in the recent past, targeting South Korean companies in media, construction, manufacturing, and network services.”

Title: Hackers Install Dracarys Android Malware Using Modified Signal App

Date Published: August 9, 2022

https://www.bleepingcomputer.com/news/security/hackers-install-dracarys-android-malware-using-modified-signal-app/

Excerpt: “Researchers have discovered more details on the newly discovered Android spyware ‘Dracarys,’ used by the Bitter APT group in cyberespionage operations targeting users from New Zealand, India, Pakistan, and the United Kingdom. Meta (Facebook) first reported the new Android malware in its Q2 2022 adversarial threat report, where they briefly mentioned its data-stealing, geo-locating, and microphone-activation capabilities.
Today, cyber-intelligence firm Cyble published a technical report on Dracarys, which was shared exclusively with Bleeping Computer, diving deeper into the inner workings of the spyware.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...