August 12, 2022

Fortify Security Team
Aug 12, 2022

Title: Bazarcall Attacks Have Revolutionized Ransomware Operations
Date Published: August 12, 2022

https://securityaffairs.co/wordpress/134302/cyber-crime/bazarcall-revolutionized-ransomware-operations.html

Excerpt: “BazarCall attack, aka call back phishing, is an attack vector that utilizes targeted phishing methodology and was first used by the Ryuk ransomware gang in 2020/2021. The BazarCall attack chain is composed of the following stages:

  • Stage One. Attackers send a mail to the victims that notify them that they have subscribed to a service for which payment is automatic. The email includes a phone number to call to cancel the subscription.
  • Stage Two. The victim is tricked into contacting a special call center. When operators receive a call, they use a variety of social engineering tactics, to convince victims to give remote desktop control, to help them cancel their subscription service.
  • Stage Three. Once accessed the victim’s desktop, the attacker silently extended a foothold in the user’s network, weaponizing legitimate tools that are known to be in Conti’s arsenal. The initial operator remains on the line with the victim, pretending to assist them with the remote desktop access by continuing to utilize social engineering tactics.
  • Stage Four. The initiated malware session yields the adversary access as an initial point of entry into the victim’s network.”

Title: Palo Alto Networks Warns of Reflected Amplification Dos Issue in PAN-OS
Date Published: August 11, 2022

https://securityaffairs.co/wordpress/134295/security/palo-alto-networks-pan-os-dos.html

Excerpt: “Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 (CVSS score of 8.6), in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service (DoS) attacks. The vendor has learned that firewalls from multiple vendors are abused to conduct distributed denial-of-service (DDoS) attacks, but it did not disclose the name of the impacted companies. The root cause of the issue affecting the Palo Alto Network devices is a misconfiguration in the PAN-OS URL filtering policy that allows a network-based attacker to conduct reflected and amplified TCP DoS attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against a target chosen by the attackers.”

Title: Ex Twitter Employee Found Guilty of Spying for Saudi Arabian Government
Date Published: August 11, 2022

https://securityaffairs.co/wordpress/134266/intelligence/ex-twitter-employee-guilty.html

Excerpt: “A former Twitter employee, Ahmad Abouammo (44), was found guilty of gathering private information of certain Twitter users and passing them to Saudi Arabia. The man faces from 10 up to 20 years in prison when he’s sentenced. In November 2019, the former Twitter employees Abouammo and the Saudi citizen Ali Alzabarah have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government. The two former Twitter employees operated for the Saudi Arabian government with the intent of unmasking dissidents using the social network.”

Title: The Impact of Exploitable Misconfigurations on Network Security
Date Published: August 12, 2022

https://www.helpnetsecurity.com/2022/08/12/impact-exploitable-misconfigurations-network-security/

Excerpt: “Network professionals feel confident with their security and compliance practices but data suggests that they also leave their organizations open to risk, which is costing a significant amount of revenue, according to Titania. In addition, some businesses are not minimizing their attack surface effectively. Companies are prioritizing firewall security and chronicle a fast time to respond to misconfigurations when detected in annual audits. However, switches and routers are only included in 4% of audits and these devices play a vital role in reducing an organization’s attack surface and preventing lateral movement across the network. Respondents also indicated that financial resources allocated to mitigating network configuration, which currently stands around 3.4% of the total IT budget, and a lack of accurate automation are limiting factors in misconfiguration risk management.”

Title: Xiaomi Phones With Mediatek Chips Vulnerable to Forged Payments
Date Published: August 12, 2022

https://www.bleepingcomputer.com/news/security/xiaomi-phones-with-mediatek-chips-vulnerable-to-forged-payments/

Excerpt: “Security analysts have found security issues in the payment system present on Xiaomi smartphones that rely on MediaTek chips providing the trusted execution environment (TEE) that is responsible for signing transactions. Attackers could exploit the weaknesses to sign fake payment packages using a third-party unprivileged application. The implications of such an attack would be to make the payment service unavailable or to sign transactions from the user’s mobile wallet to the threat actor’s account. Considering how common mobile payments and Xiaomi phones are, especially in Asian markets, the money pool hackers could tap into is estimated to be in the billions of U.S. dollars.”

Title: Us Govt Will Pay You $10 Million for Info on Conti Ransomware Members
Date Published: August 11, 2022

https://www.bleepingcomputer.com/news/security/us-govt-will-pay-you-10-million-for-info-on-conti-ransomware-members/

Excerpt: “The U.S. State Department announced a $10 million reward today for information on five high-ranking Conti ransomware members, including showing the face of one of the members for the first time. The Rewards of Justice program is a U.S. Department of State program where monetary rewards are offered for information related to threat actors affecting the national security of the USA. Launched initially to gather information on terrorists targeting U.S. interests, the program has expanded to offer rewards for information on cyber criminals, such as the Russian Sandworm hackers, REvil ransomware, and the Evil Corp hacking group.”

Title: FBI: Zeppelin Ransomware May Encrypt Devices Multiple Times in Attacks
Date Published: August 11, 2022

https://www.bleepingcomputer.com/news/security/fbi-zeppelin-ransomware-may-encrypt-devices-multiple-times-in-attacks/

Excerpt: “The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned US organizations today that attackers deploying Zeppelin ransomware might encrypt their files multiple times. The two federal agencies also shared tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help security professionals detect and block attacks using this ransomware strain. “The FBI has observed instances where Zeppelin actors executed their malware multiple times within a victim’s network, resulting in the creation of different IDs or file extensions, for each instance of an attack; this results in the victim needing several unique decryption keys,” a joint advisory published today revealed.”

Title: Zimbra Auth Bypass Bug Exploited to Breach Over 1,000 Servers
Date Published: August 11, 2022

https://www.bleepingcomputer.com/news/security/zimbra-auth-bypass-bug-exploited-to-breach-over-1-000-servers/

Excerpt: “An authentication bypass Zimbra security vulnerability is actively exploited to compromise Zimbra Collaboration Suite (ZCS) email servers worldwide. Zimbra is an email and collaboration platform used by more than 200,000 businesses from over 140 countries, including over 1,000 government and financial organizations.”

Title: UK NHS Service Recovery May Take a Month After MSP Ransomware Attack
Date Published: August 11, 2022

https://www.bleepingcomputer.com/news/security/uk-nhs-service-recovery-may-take-a-month-after-msp-ransomware-attack/

Excerpt: “Managed service provider (MSP) Advanced confirmed that a ransomware attack on its systems disrupted emergency services (111) from the United Kingdom’s National Health Service (NHS). Customers of seven solutions from the British MSP have been impacted either directly or indirectly, the company said.”

Title: Access to Hacked Corporate Networks Still Strong but Sales Fall
Date Published: August 11, 2022

https://www.bleepingcomputer.com/news/security/access-to-hacked-corporate-networks-still-strong-but-sales-fall/

Excerpt: “Statistics collected by cyber-intelligence firm KELA during this year’s second quarter show that marketplaces selling initial access to corporate networks have taken a blow. More specifically, although the number of the offerings remained similar to last quarter, averaging 184 access listings per month, the cumulative requested price was $660,000, which is 0% of Q1 ’22 figures. Additionally, the average price for network access in the recent quarter was only $1,500, whereas, in Q1 ’22, access to networks was sold at an average of $3,000, dropping the price by half. The median price also dropped from $400 to $300.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...