August 17, 2022

Fortify Security Team
Aug 17, 2022

Title: Google Fixes Fifth Chrome Zero-day Bug Exploited This Year
Date Published: August 17, 2022

Excerpt: “Google has released a security update for the Chrome browser that addresses close to a dozen vulnerabilities, including a zero-day flaw that is being exploited in the wild. The security update is currently rolling out for Windows, Mac and Linux. Users who have automatic updates turned on should receive it in the coming days/weeks. Google doesn’t typically provide many technical details about the zero-day vulnerabilities they fix until a large number of Chrome users have applied the security update.”

Title: New MailChimp Breach Exposed DigitalOcean Customer Email Addresses
Date Published: August 15, 2022

Excerpt: “DigitalOcean is warning customers that a recent MailChimp security breach exposed the email addresses of some customers, with a small number receiving unauthorized password resets. The company says they first learned of the breach after MailChimp disabled their account without warning on August 8th. DigitalOcean used this MailChimp account to send email confirmations, password reset notifications, and alerts to customers. DigitalOcean says that on the same day, a customer notified their cybersecurity team that their password was reset without authorization.”

Title: Malicious Browser Extensions Targeted Almost 7 Million People
Date Published: August 16, 2022

Excerpt: “Almost 7 million users have attempted to install malicious browser extensions since 2020, with 70% of those extensions used as adware to target users with advertisements. The most common payloads carried by malicious web browser extensions during the first half of 2022 belonged to adware families, snooping on browsing activity and promoting affiliate links. This finding is based on telemetry data collected by Kaspersky, which reports over 1,300,000 attempts by users to install malicious extensions throughout H1 ’22, an increase compared to last year’s figures.”

Title: Exploit Out for Critical Realtek Flaw Affecting Many Networking Devices
Date Published: August 16, 2022

Excerpt: “Exploit code has been released for a critical vulnerability affecting networking devices with Realtek’s RTL819x system on a chip (SoC), which are estimated to be in the millions. The flaw is identified as CVE-2022-27255 and a remote attacker could exploit it to compromise vulnerable devices from various original equipment manufacturers (OEMs), ranging from routers and access points to signal repeaters.”

Title: North Korea-linked APT Targets Job Seekers with macOS Malware
Date Published: August 17, 2022

Excerpt: “ESET researchers continue to monitor a cyberespionage campaign, tracked as “Operation In(ter)ception,” that has been active at least since June 2020. The campaign targets employees working in the aerospace and military sectors and leverages decoy job offer documents. ESET published a series of tweets detailing the recent attacks, the experts spotted a signed Mac executable disguised as a job description for Coinbase. The malicious code was uploaded to VirusTotal from Brazil on August 11, 2022.”

Title: Zoom Fixed Two Flaws in macOS App That Were Disclosed at DEF CON
Date Published: August 17, 2022

Excerpt: “Zoom last week released macOS updates to fix two high-severity flaws in its macOS app that were disclosed at the DEF CON conference. Technical details of the vulnerabilities were disclosed at the DEF CON conference by security researcher Patrick Wardle during its talk “You’re Muted Rooted.” In his talk, the expert explored Zoom’s macOS application to uncover several critical security flaws that can be exploited by a local unprivileged attacker to achieve root access to the device.”

Title: Scammers Are Using This Sneaky Tactic to Trick You into Handing Over Bank Details And Passwords
Date Published: August 16, 2022

Excerpt: “Now, in an effort to make vishing attacks look even more legitimate, cyber criminals are using what cybersecurity researchers at Agari, by HelpSystems describe as ‘hybrid’ vishing attacks. These are different to regular vishing attacks because they use multiple different stages, first contacting the victim with a phishing email lure containing a phone number that they’re asked to call. The emails will often claim a state of urgency in order to panic the target into calling the number – for example, it could claim that you’re about to be locked out of your bank account, or a transaction has been made without your permission and you should call the number to talk to the bank.”

Title: Healthcare Provider Issues Warning After Tracking Pixels Leak Patient Data
Date Published: August 16, 2022

Excerpt: “US healthcare provider Novant Health has notified patients that their protected health information may have been leaked through a tracking tool linked to Facebook. The company made the announcement in a blog post last Friday, where it apologized for the concern this may have caused patients. The post does not specify how many patients were affected by the pixel tracking but mentions Novant has mailed 1.3 million notification letters. Data potentially leaked included demographic information such as email address, phone number, computer IP address and contact information entered into Emergency Contacts or Advanced Care Planning. Also, information such as appointment type and date, physician selected, button/menu selections and/or content typed into free text boxes.”

Title: USBs Still a Major OT Infection Vector
Date Published: August 17, 2022

Excerpt: “Removable media represents the second greatest threat to operational technology (OT) systems so far this year, according to new data from IBM X-Force. The vendor analyzed its incident response and managed security services (MSS) data in light of the ongoing threat from Russia and a fast-expanding digital attack surface for many OT asset owners and operators. It revealed that phishing was the number one initial access vector for attackers in 2021, and was present in 78% of incidents analyzed over January-June 2022. However, tying for second place were scanning and exploitation of vulnerabilities and use of removable media (both 11%). IBM said that use of personal laptops by workers in the field often leads to infected USBs, which are then plugged into operator workstations.”

Title: How Russian Information Operations Are Trying to Win the War
Date Published: August 17, 2022

Excerpt: “The uptick in information operations is, in many ways, no surprise. It is the result of a military campaign that has so far failed to achieve many of its objectives. President Vladimir Putin underestimated the strength of Ukrainian resistance while over-estimating his troops’ ability to advance. As time drags on, the country faces an inevitable economic contraction as unprecedented Western sanctions bite, alongside potential political disquiet. However, in response, Moscow is seeking to create division, realizing that economic pain and international divisions in the West can be exacerbated with the right kind of pressure. Information operations are key to applying such pressure by dividing and destabilizing Ukraine’s allies. From analyzing Russian influence networks, we’ve assessed that multiple info ops have been running since May 2022 to achieve these ends. They use familiar channels: state-controlled media like RT, known covert intelligence outlets and known propaganda and disinformation amplifiers like the website ‘SouthFront’ and Telegram troll farms’ Cyber Front Z.’ They also use familiar tactics. One popular effort is to sow division between Western countries. They do this by amplifying genuine stories – such as Turkey’s security concerns over Finland and Sweden joining NATO and German-Polish disagreements over the supply of tanks. Additionally, where necessary, they make stuff up. These include the dissemination of forged documents supposedly citing Polish and Lithuanian plans to invade Western Ukraine.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 Excerpt: “The Keralty multinational healthcare...