August 17, 2022

Fortify Security Team
Aug 17, 2022

Title: Google Fixes Fifth Chrome Zero-day Bug Exploited This Year
Date Published: August 17, 2022

https://www.bleepingcomputer.com/news/security/google-fixes-fifth-chrome-zero-day-bug-exploited-this-year/

Excerpt: “Google has released a security update for the Chrome browser that addresses close to a dozen vulnerabilities, including a zero-day flaw that is being exploited in the wild. The security update is currently rolling out for Windows, Mac and Linux. Users who have automatic updates turned on should receive it in the coming days/weeks. Google doesn’t typically provide many technical details about the zero-day vulnerabilities they fix until a large number of Chrome users have applied the security update.”

Title: New MailChimp Breach Exposed DigitalOcean Customer Email Addresses
Date Published: August 15, 2022

https://www.bleepingcomputer.com/news/security/new-mailchimp-breach-exposed-digitalocean-customer-email-addresses/

Excerpt: “DigitalOcean is warning customers that a recent MailChimp security breach exposed the email addresses of some customers, with a small number receiving unauthorized password resets. The company says they first learned of the breach after MailChimp disabled their account without warning on August 8th. DigitalOcean used this MailChimp account to send email confirmations, password reset notifications, and alerts to customers. DigitalOcean says that on the same day, a customer notified their cybersecurity team that their password was reset without authorization.”

Title: Malicious Browser Extensions Targeted Almost 7 Million People
Date Published: August 16, 2022

https://www.bleepingcomputer.com/news/security/malicious-browser-extensions-targeted-almost-7-million-people/

Excerpt: “Almost 7 million users have attempted to install malicious browser extensions since 2020, with 70% of those extensions used as adware to target users with advertisements. The most common payloads carried by malicious web browser extensions during the first half of 2022 belonged to adware families, snooping on browsing activity and promoting affiliate links. This finding is based on telemetry data collected by Kaspersky, which reports over 1,300,000 attempts by users to install malicious extensions throughout H1 ’22, an increase compared to last year’s figures.”

Title: Exploit Out for Critical Realtek Flaw Affecting Many Networking Devices
Date Published: August 16, 2022

https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/

Excerpt: “Exploit code has been released for a critical vulnerability affecting networking devices with Realtek’s RTL819x system on a chip (SoC), which are estimated to be in the millions. The flaw is identified as CVE-2022-27255 and a remote attacker could exploit it to compromise vulnerable devices from various original equipment manufacturers (OEMs), ranging from routers and access points to signal repeaters.”

Title: North Korea-linked APT Targets Job Seekers with macOS Malware
Date Published: August 17, 2022

https://securityaffairs.co/wordpress/134491/malware/north-korea-mac-malware-m1.html

Excerpt: “ESET researchers continue to monitor a cyberespionage campaign, tracked as “Operation In(ter)ception,” that has been active at least since June 2020. The campaign targets employees working in the aerospace and military sectors and leverages decoy job offer documents. ESET published a series of tweets detailing the recent attacks, the experts spotted a signed Mac executable disguised as a job description for Coinbase. The malicious code was uploaded to VirusTotal from Brazil on August 11, 2022.”

Title: Zoom Fixed Two Flaws in macOS App That Were Disclosed at DEF CON
Date Published: August 17, 2022

https://securityaffairs.co/wordpress/134468/security/zoom-macos-app-flaws.html

Excerpt: “Zoom last week released macOS updates to fix two high-severity flaws in its macOS app that were disclosed at the DEF CON conference. Technical details of the vulnerabilities were disclosed at the DEF CON conference by security researcher Patrick Wardle during its talk “You’re Muted Rooted.” In his talk, the expert explored Zoom’s macOS application to uncover several critical security flaws that can be exploited by a local unprivileged attacker to achieve root access to the device.”

Title: Scammers Are Using This Sneaky Tactic to Trick You into Handing Over Bank Details And Passwords
Date Published: August 16, 2022

https://www.zdnet.com/article/scammers-are-using-this-sneaky-trick-to-bypass-spam-filters-and-trick-you-into-handing-over-your-sensitive-information/

Excerpt: “Now, in an effort to make vishing attacks look even more legitimate, cyber criminals are using what cybersecurity researchers at Agari, by HelpSystems describe as ‘hybrid’ vishing attacks. These are different to regular vishing attacks because they use multiple different stages, first contacting the victim with a phishing email lure containing a phone number that they’re asked to call. The emails will often claim a state of urgency in order to panic the target into calling the number – for example, it could claim that you’re about to be locked out of your bank account, or a transaction has been made without your permission and you should call the number to talk to the bank.”

Title: Healthcare Provider Issues Warning After Tracking Pixels Leak Patient Data
Date Published: August 16, 2022

https://www.infosecurity-magazine.com/news/novant-leak-meta-tracking-pixel/

Excerpt: “US healthcare provider Novant Health has notified patients that their protected health information may have been leaked through a tracking tool linked to Facebook. The company made the announcement in a blog post last Friday, where it apologized for the concern this may have caused patients. The post does not specify how many patients were affected by the pixel tracking but mentions Novant has mailed 1.3 million notification letters. Data potentially leaked included demographic information such as email address, phone number, computer IP address and contact information entered into Emergency Contacts or Advanced Care Planning. Also, information such as appointment type and date, physician selected, button/menu selections and/or content typed into free text boxes.”

Title: USBs Still a Major OT Infection Vector
Date Published: August 17, 2022

https://www.infosecurity-magazine.com/news/usb-ot-infection-vector/

Excerpt: “Removable media represents the second greatest threat to operational technology (OT) systems so far this year, according to new data from IBM X-Force. The vendor analyzed its incident response and managed security services (MSS) data in light of the ongoing threat from Russia and a fast-expanding digital attack surface for many OT asset owners and operators. It revealed that phishing was the number one initial access vector for attackers in 2021, and was present in 78% of incidents analyzed over January-June 2022. However, tying for second place were scanning and exploitation of vulnerabilities and use of removable media (both 11%). IBM said that use of personal laptops by workers in the field often leads to infected USBs, which are then plugged into operator workstations.”

Title: How Russian Information Operations Are Trying to Win the War
Date Published: August 17, 2022

https://www.infosecurity-magazine.com/blogs/russian-information-operations-win/

Excerpt: “The uptick in information operations is, in many ways, no surprise. It is the result of a military campaign that has so far failed to achieve many of its objectives. President Vladimir Putin underestimated the strength of Ukrainian resistance while over-estimating his troops’ ability to advance. As time drags on, the country faces an inevitable economic contraction as unprecedented Western sanctions bite, alongside potential political disquiet. However, in response, Moscow is seeking to create division, realizing that economic pain and international divisions in the West can be exacerbated with the right kind of pressure. Information operations are key to applying such pressure by dividing and destabilizing Ukraine’s allies. From analyzing Russian influence networks, we’ve assessed that multiple info ops have been running since May 2022 to achieve these ends. They use familiar channels: state-controlled media like RT, known covert intelligence outlets and known propaganda and disinformation amplifiers like the website ‘SouthFront’ and Telegram troll farms’ Cyber Front Z.’ They also use familiar tactics. One popular effort is to sow division between Western countries. They do this by amplifying genuine stories – such as Turkey’s security concerns over Finland and Sweden joining NATO and German-Polish disagreements over the supply of tanks. Additionally, where necessary, they make stuff up. These include the dissemination of forged documents supposedly citing Polish and Lithuanian plans to invade Western Ukraine.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...