August 24, 2022

Fortify Security Team
Aug 24, 2022

Title: Plex Forces Password Resets after Database Access Incident
Date Published: August 24, 2022

https://www.bleepingcomputer.com/news/security/plex-forces-password-resets-after-database-access-incident/

Excerpt: “The Plex media streaming platform is sending password reset notices to many of its users in response to discovering unauthorized access to one of its databases. According to the letter that a reader shared with BleepingComputer, the intruder potentially accessed a limited subset of data, including email addresses, usernames, and encrypted passwords. “Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution, we are requiring all Plex accounts to have their password reset,” claims Plex’s notice.”

Title: Fake Chrome Extension ‘Internet Download Manager’ has 200,000 Installs
Date Published: August 24, 2022

https://www.bleepingcomputer.com/news/security/fake-chrome-extension-internet-download-manager-has-200-000-installs/

Excerpt: “Google Chrome extension ‘Internet Download Manager’ installed by more than 200,000 users is adware. The extension has been sitting on the Chrome Web Store since at least June 2019, according to the earliest reviews posted by users. Although the extension may install a known and legitimate download manager program, BleepingComputer observed unwanted behavior exhibited by the extension—such as opening links to spammy sites, changing the default browser search engine, and further hounding the user with pop-ups asking them to download more “patches” and unwanted programs.”

Title: Pirated 3DMark Benchmark Tool Delivering Info-stealer Malware
Date Published: August 23, 2022

https://www.bleepingcomputer.com/news/security/pirated-3dmark-benchmark-tool-delivering-info-stealer-malware/

Excerpt: “Cybersecurity researchers have discovered multiple ongoing malware distribution campaigns that target internet users who seek to download copies of pirated software. The campaign uses SEO poisoning and malvertising to push malicious shareware sites high in Google Search results, promoting fake software along with cracks and product activation key generators.”

The software used for luring victims in the ongoing campaigns, according to Zscaler that discovered them, includes the following:

  • Adobe Acrobat Pro
  • 3DMark
  • 3DVista Virtual Tour Pro
  • 7-Data Recovery Suite
  • MAGIX Sound Force Pro
  • Wondershare Dr. Fone

Title: Phishing Attacks Abusing SaaS Platforms See a Massive 1,100% Growth  from June 2021 to June 2022.”

Title: Critical RCE Bug in GitLab Patched, Update ASAP! (CVE-2022-2884)

Date Published: August 23, 2022

https://www.bleepingcomputer.com/news/security/phishing-attacks-abusing-saas-platforms-see-a-massive-1-100-percent-growth/

Excerpt: “Threat actors are increasingly abusing legitimate software-as-a-service (SaaS) platforms like website builders and personal branding spaces to create malicious phishing websites that steal login credentials. According to a new report by Palo Alto Networks Unit 42, researchers have seen a sharp rise in this abuse, with the data collected by the firm showing a massive increase of 1,100% from June 2021 to June 2022.”

Title: Critical RCE Bug in GitLab Patched, Update ASAP! (CVE-2022-2884)
Date Published: August 24, 2022

https://www.helpnetsecurity.com/2022/08/24/cve-2022-2884/

Excerpt: “The vulnerability was reported through the company’s bug bounty program and there is no mention of it being actively exploited in the wild. CVE-2022-2884 is a critical severity issue that may allow an authenticated user to achieve remote code execution via the Import from GitHub API endpoint, the company explained.”

It affects all GitLab CE/EE versions:

  • Starting from 11.3.4 before 15.1.5
  • Starting from 15.2 before 15.2.3
  • Starting from 15.3 before 15.3.1

Title: France Hospital Center Hospitalier Sud Francilien Suffered Ransomware Attack
Date Published: August 24, 2022

https://securityaffairs.co/wordpress/134771/cyber-crime/center-hospitalier-sud-francilien-ransomware.html

Excerpt: “The Center Hospitalier Sud Francilien (CHSF), a hospital southeast of Paris, has suffered a ransomware attack over the weekend. The attack disrupted the emergency services and surgeries and forced the hospital to refer patients to other structures. According to local media, threat actors demand a $10 million ransom to provide the decryption key to restore encrypted data. “This attack on the computer network of the establishment makes inaccessible for the time being all the hospital’s business software, the storage systems (in particular medical imaging) and the information system relating to patient admissions.” reads the announcement published by the CHSF.”

Title: Microsoft Publicly Discloses Details on Critical ChromeOS Flaw
Date Published: August 23, 2022

https://securityaffairs.co/wordpress/134782/security/critical-chromeos-flaw.html

Excerpt: “Microsoft shared details of a critical ChromeOS vulnerability tracked as CVE-2022-2587 (CVSS score of 9.8). The flaw is an out-of-bounds write issue in OS Audio Server that could be exploited to trigger a DoS condition or, under specific circumstances, to achieve remote code execution. “Microsoft discovered a memory corruption vulnerability in a ChromeOS component that can be triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).” reads the advisory published by Microsoft. Microsoft reported the issue to Google in April 2022 as a part of the Chromium bug tracking system. Google addressed the vulnerability in June, an attacker can trigger the flaw using malformed metadata associated with the songs. Microsoft discovered a function in the server that did not check a user-supplied ‘identity’ argument, leading to a heap-based buffer overflow.”

Title: This Company Paid a Ransom Demand. Hackers Leaked its Data Anyway
Date Published: August 24, 2022

https://www.zdnet.com/article/this-company-paid-a-ransom-demand-hackers-leaked-its-data-anyway/

Excerpt: “A victim of a ransomware attack paid to restore access to their network – but the cyber criminals didn’t hold up their end of the deal. The real-life incident, as detailed by cybersecurity researchers at Barracuda Networks, took place in August 2021, when hackers from BlackMatter ransomware group used a phishing email to compromise the account of a single victim at an undisclosed company. Cybersecurity agencies warn that despite networks being encrypted, victims shouldn’t pay ransom demands for a decryption key because this only shows hackers that such attacks are effective. Despite this, the unidentified organization chose to pay the ransom after negotiating the payment down from half the original demand. But even though the company gave in to the extortion demands, the BlackMatter group still leaked the data a few weeks later – providing a lesson in why you should never trust cyber criminals.”

Title: Ransomware Surges to 1.2 Million Attacks Per Month
Date Published: August 24, 2022

https://www.infosecurity-magazine.com/news/ransomware-surges-to-12-million/

Excerpt: “Ransomware threat detections have risen to over one million per month this year, with a French hospital the latest to suffer a major outage. The 1000-bed Center Hospitalier Sud Francilien (CHSF) near Paris revealed it was hit on Sunday morning, in an attack which has knocked out all the hospital’s business software, storage systems including medical imaging, and patient admissions. This has led to all but the most urgent emergency patients being diverted to other facilities in the region. France24 cited figures claiming cyber-attacks against French hospitals surged 70% year-on-year in 2021.”

Title: Ex-Security Chief Accuses Twitter of Cybersecurity Negligence
Date Published: August 23, 2022

https://www.infosecurity-magazine.com/news/ex-security-chief-twitter-cyber/

Excerpt: “For Twitter it is going from bad to worse. While the social media behemoth is busy fighting a legal battle against Elon Musk, Peiter Zatko, the firm’s security chief until January 2022, has blown the whistle on the company’s cybersecurity posture, only five months after being sacked. In a complaint filed to the U.S. Securities and Exchange Commission (SEC) on July 6 and obtained by CNN and The Washington Post, Zatko accuses Twitter of severe cybersecurity mismanagement. In the complaint, he alleges that thousands of employee laptops contained complete copies of Twitter’s source code. He claims that about one-third of those devices blocked automatic security fixes, had system firewalls turned off and had remote desktop access enabled for non-approved purposes. He then accuses Twitter of failing to actively monitor what was downloaded on its employee’s devices, and that “employees were repeatedly found to be intentionally installing spyware on their work computers at the request of external organizations,” the complaint said.

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...