August 15, 2022

Fortify Security Team
Aug 15, 2022

Title: Over 9,000 VNC Servers Exposed Online Without a Password

Date Published: August 14, 2022

https://www.bleepingcomputer.com/news/security/over-9-000-vnc-servers-exposed-online-without-a-password/

Excerpt: “Researchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks.  VNC (virtual network computing) is a platform-independent system meant to help users connect to systems that require monitoring and adjustments, offering control of a remote computer via RFB (remote frame buffer protocol) over a network connection.  If these endpoints aren’t properly secured with a password, which is often the result of negligence, error, or a decision taken for convenience, they can serve as entry points for unauthorized users, including threat actors with malicious intentions.”

Title: SOVA Malware Adds Ransomware Feature to Encrypt Android Devices

Date Published: August 13, 2022

https://www.bleepingcomputer.com/news/security/sova-malware-adds-ransomware-feature-to-encrypt-android-devices/

Excerpt: “The SOVA Android banking trojan continues to evolve with new features, code improvements, and the addition of a new ransomware feature that encrypts files on mobile devices.  With the latest release, the SOVA malware now targets over 200 banking, cryptocurrency exchange, and digital wallet applications, attempting to steal sensitive user data and cookies from them.  Moreover, it features refactored and improved code that helps it operate more stealthy on the compromised device, while its latest version, 5.0, adds a ransomware module.”

Title: Chinese Hackers Backdoor Chat App with New Linux, macOS Malware

Date Published: August 12, 2022

https://www.bleepingcomputer.com/news/security/chinese-hackers-backdoor-chat-app-with-new-linux-macos-malware/

Excerpt: “Versions of a cross-platform instant messenger application focused on the Chinese market known as ‘MiMi’ have been trojanized to deliver a new backdoor (dubbed rshell) that can be used to steal data from Linux and macOS systems. SEKOIA’s Threat & Detection Research Team says that the app’s macOS 2.3.0 version has been backdoored for almost four months, since May 26, 2022.  They discovered this after noticing unusual connections to this app while analyzing command-and-control (C2) infrastructure for the HyperBro remote access trojan (RAT) malware linked to the APT27 Chinese-backed threat group.”

Title: A Flaw in Xiaomi Phones Using MediaTek Chips Could Allow to Forge Transactions

Date Published: August 14, 2022

https://securityaffairs.co/wordpress/134331/hacking/xiaomi-phones-flaw.html

Excerpt: “Check Point researchers discovered the flaws while analyzing the payment system built into Xiaomi smartphones powered by MediaTek chips.  Trusted execution environment (TEE) is an important component of mobile devices designed to process and store sensitive security information such as cryptographic keys and fingerprints.  TEE protection leverages hardware extensions (such as ARM TrustZone) to secure data in this enclave, even on rooted devices or systems compromised by malware.  The most popular implementations of the TEE are Qualcomm’s Secure Execution Environment (QSEE) and Trustronic’s Kinibi, but most of the devices in the wider Asian market are powered by MediaTek chips, which is less explored by security experts.”

Title: Meta Tests Encrypted Backups and End-to-End Encryption in Facebook Messenger

Date Published: August 12, 2022

https://www.infosecurity-magazine.com/news/end-end-encryption-facebook/

Excerpt: “Social media giant Meta has announced it will start testing end-to-end encryption (E2EE) as the default option on its Facebook Messenger platform.  The company made the announcement in a blog post on August 11, where it explained the feature will be initially available only to selected users.  “If you’re in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won’t have to opt into the feature,” reads the post by Sara Su, product management director of Messenger Trust.  “You’ll still have access to your message history, but any new messages or calls with that person will be end-to-end encrypted.”  Additionally, Meta is also introducing an encrypted backup feature called “Secure Storage”.  “Secure storage will be the default way to protect the history of your end-to-end encrypted conversations on Messenger, and you’ll have multiple options for restoring your messages if you choose to do so,” Meta wrote.”

Title: A Guide to User Access Monitoring and Why it is Important

Date Published: August 15, 2022

https://www.infosecurity-magazine.com/blogs/a-guide-to-user-access-monitoring/

Excerpt: “User access monitoring is vital to any access management strategy. Think of a home security system, it constantly watches for behavior that could trigger an alarm. Access monitoring tools accomplish the same goal of watching user activity while in session and triggering ‘alarms’ when suspicious activity is detected.  User access monitoring is the observation, recording, or documentation of a user’s activity while they are ‘in session’, logged in to a network, software, database, application, etc., and analyzing that behavior to prevent future security incidents or investigate anomalies in activity.  Although most organizations consider monitoring a crucial part of their security strategy, many struggle to execute it across all instances of user activity, especially third parties.”

Title: New Study Reveals Serious Cyber Insurance Shortfalls

Date Published: August 15, 2022

https://www.infosecurity-magazine.com/news/cyber-insurance-shortfalls/

Excerpt: “Only a fifth of North American organizations have cyber-insurance coverage over $600,000, leaving a potentially significant shortfall in funds if they are compromised by ransomware, according to BlackBerry.  The security software developer teamed up with Corvus Insurance to produce its BlackBerry Cyber Insurance Coverage study, compiled from interviews with 450 IT decision makers in the US and Canada.  The study found that just 14% of SMBs have a  coverage limit of over $600,000.”

Title: Three Extradited from UK to US on $5m BEC Charges

Date Published: August 15, 2022

https://www.infosecurity-magazine.com/news/three-extradited-on-5m-bec-charges/

Excerpt: “Three Nigerian nationals have been extradited from the UK to the US after allegedly participating in business email compromise (BEC) attacks that attempted to steal millions from American organizations, including universities.  The alleged crimes cover jurisdictions in North Carolina, Texas and Virginia. They relate to Oludayo Kolawole John Adeagbo (aka John Edwards and John Dayo), 43, a Nigerian citizen and UK resident; Donald Ikenna Echeazu (aka Donald Smith and Donald Dodient), 40, a dual UK and Nigerian citizen; and Olabanji Egbinola, 42.  In North Carolina, Adeagbo and Echeazu allegedly conspired with others on a classic BEC scheme in which they spoofed the domain of a construction company and then sent fake invoices to a local university.  They tricked the university into wiring $1.9m in funds, which they then laundered “through a series of financial transactions,” according to the Department of Justice (DoJ).”

Title: Sounding the Alarm on Emergency Alert System Flaws

Date Published: August 12, 2022

https://krebsonsecurity.com/2022/08/sounding-the-alarm-on-emergency-alert-system-flaws/

Excerpt: “The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System — a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system.  A Digital Alert Systems EAS encoder/decoder that Pyle said he acquired off eBay in 2019. It had the username and password for the system printed on the machine.  The DHS warning was prompted by security researcher Ken Pyle, a partner at security firm Cybir. Pyle said he started acquiring old EAS equipment off of eBay in 2019, and that he quickly identified a number of serious security vulnerabilities in a device that is broadly used by states and localities to encode and decode EAS alert signals.  “I found all kinds of problems back then, and reported it to the DHS, FBI and the manufacturer,” Pyle said in an interview with KrebsOnSecurity. “But nothing ever happened. I decided I wasn’t going to tell anyone about it yet because I wanted to give people time to fix it.”

Title: Software Supply Chain Chalks Up a Security Win With New Crypto Effort

Date Published: August 12, 2022

https://www.darkreading.com/application-security/software-supply-chain-chalks-up-security-win-with-crypto-effort

Excerpt: “Organizations hosting significant parts of the open source software supply chain continue to adopt security measures that give developers and maintainers more tools to harden their projects against attacks and malicious code commits.  On Monday, GitHub announced that the company — which owns and maintains the Node Package Manager (npm) service — had called for developers to comment on a plan to adopt sigstore, which simplifies the signing of code components produced by projects as well as linking them back to the source code. The sigstore project has made digitally signing source code easier because individual maintainers no longer have to manage their own cryptographic infrastructure.  The technology service allows software developers to confirm what code has been used to generate a particular software application or component, says Brian Behlendorf, general manager of Open Source Security Foundation (OpenSSF), which maintains sigstore with the Linux Foundation.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...