August 3, 2022

Fortify Security Team
Aug 3, 2022

Title: DDoS Attacks Pepper Taiwanese Government Sites
Date Published: August 3, 2022

https://www.infosecurity-magazine.com/news/ddos-attacks-pepper-taiwanese/

Excerpt: “Multiple distributed denial of service (DDoS) attacks caused intermittent outages across several government websites in Taiwan yesterday following the much-publicized arrival of a senior US lawmaker. House speaker Nancy Pelosi’s trip has been widely trailed by global media. Although it is by no means the first such visit by a US politician of her seniority, and certainly does not break any international law or bilateral agreement, the visit has angered Beijing, which claims Taiwan as its own. Pelosi reportedly met Taiwanese President Tsai Ing-wen and reiterated Washington’s support for the democratic island nation of 24 million. However, at the same time, reports suggested the websites of Taiwan’s presidential office, foreign ministry and other government portals were knocked briefly offline after being flooded with traffic.”

Title: Busting the Myths of Hardware Based Security
Date Published: August 3, 2022

https://securityaffairs.co/wordpress/133948/security/busting-the-myths-of-hardware-based-security.html

Excerpt: “When it comes to cybersecurity, everyone likes to talk about software and the dangers that it poses. However, people often overlook hardware-based security and its vital importance in establishing a secure workspace. This is attributed to a general lack of knowledge when it comes to hardware security and how it works. So, it’s time to bust some myths that you might think are true when it comes to hardware security.”

Title: Microsoft Announces New External Attack Surface Audit Tool
Date Published: August 2, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-new-external-attack-surface-audit-tool/

Excerpt: “Microsoft has announced a new security product allowing security teams to spot Internet-exposed resources in their organization’s environment that attackers could use to breach their networks. The focus is on unmanaged or unknown assets added to the environment after mergers or acquisitions, created by shadow IT, missing from inventory due to incomplete cataloging, or left out due to rapid business growth. Dubbed Microsoft Defender External Attack Surface Management, this new product provides customers with an overview of their businesses’ attack surface, making it simpler to discover vulnerabilities and block potential attack vectors.”

Title: Thousands of Solana Wallets Drained in Attack Using Unknown Exploit
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/thousands-of-solana-wallets-drained-in-attack-using-unknown-exploit/

Excerpt: “An overnight attack on the Solana blockchain platform drained thousands of software wallets of cryptocurrency worth millions of U.S. dollars. The platform has started an investigation and is currently trying to determine how the malicious actors managed to drain the funds. In a statement today, Solana said that at 5 AM UTC the attack impacted more than 7,700 wallets, including Slope and Phantom. According to public reports, Solflare and Trust Wallet users have also been affected.”

Title: 35,000 Code Repos Not Hacked—but Clones Flood Github to Serve Malware
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/

Excerpt: “Thousands of GitHub repositories were forked (copied) with their clones altered to include malware, a software engineer discovered today. While cloning open source repositories is a common development practice and even encouraged among developers, this case involves threat actors creating copies of legitimate projects but tainting these with malicious code to target unsuspecting developers with their malicious clones. GitHub has purged most of the malicious repositories after receiving the engineer’s report.”

Title: Chinese Hackers Use New Cobalt Strike-Like Attack Framework
Date Published: August 2, 2022

https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-cobalt-strike-like-attack-framework/

Excerpt: “Researchers have observed a new post-exploitation attack framework used in the wild, named Manjusaka, which can be deployed as an alternative to the widely abused Cobalt Strike toolset or parallel to it for redundancy. Manjusaka uses implants written in the cross-platform Rust programming language, while its binaries are written in the equally versatile GoLang. Its RAT (remote access trojan) implants support command execution, file access, network reconnaissance, and more, so hackers can use it for the same operational goals as Cobalt Strike.”

Title: Semiconductor manufacturer Semikron hit by LV ransomware attack
Date Published: August 2, 2022

https://www.bleepingcomputer.com/news/security/semiconductor-manufacturer-semikron-hit-by-lv-ransomware-attack/

Excerpt: “German power electronics manufacturer Semikron has disclosed that it was hit by a ransomware attack that partially encrypted the company’s network. Semikron has over 3,000 employees in 24 offices and 8 production sites worldwide across Germany, Brazil, China, France, India, Italy, Slovakia, and the USA, with a turnover of around $461 million in 2020. It also says it’s one of the world’s leading power engineering component manufacturers, with 35% of the wind turbines installed each year operating with its technologies.”

Title: Wolf in Sheep’s Clothing: How Malware Tricks Users and Antivirus
Date Published: August 2, 2022

https://www.bleepingcomputer.com/news/security/wolf-in-sheep-s-clothing-how-malware-tricks-users-and-antivirus/

Excerpt: “One of the primary methods used by malware distributors to infect devices is by deceiving people into downloading and running malicious files, and to achieve this deception, malware authors are using a variety of tricks. Some of these tricks include masquerading malware executables as legitimate applications, signing them with valid certificates, or compromising trustworthy sites to use them as distribution points. According to VirusTotal, a security platform for scanning uploaded files for malware, some of these tricks are happening on a much larger scale than initially thought. The platform has compiled a report presenting stats from January 2021 until July 2022, based on the submission of two million files daily, illustrating trends in how malware is distributed.”

Title: Mobile Store Owner Hacked T-Mobile Employees to Unlock Phones
Date Published: August 2, 2022

https://www.bleepingcomputer.com/news/security/mobile-store-owner-hacked-t-mobile-employees-to-unlock-phones/

Excerpt: “A former owner of a T-Mobile retail store in California has been found guilty of a $25 million scheme where he illegally accessed T-Mobile’s internal systems to unlock and unblock cell phones. Argishti Khudaverdyan, 44, allegedly ran a scheme between 2014 and 2019 where he unlocked devices from the cellular networks of their vendors and enabled people to use them with other telecommunication providers. This scheme impacted mobile carriers who offer these devices to customers at a special price or even free of charge, offsetting the cost by locking them for some time in their networks. Additionally, Khudaverdyan unlocked devices the carriers had blocked due to their rightful owners reporting them as stolen or lost. This action of unlocking stolen cellphones is particularly detrimental because it allows these phones to be sold on a black market, making the theft and reselling of devices very profitable.”

Title: VMware Urges Admins to Patch Critical Auth Bypass Bug Immediately
Date Published: August 2, 2022

https://www.bleepingcomputer.com/news/security/vmware-urges-admins-to-patch-critical-auth-bypass-bug-immediately/

Excerpt: “VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges. The flaw (CVE-2022-31656) was reported by Petrus Viet of VNG Security, who found that it impacts VMware Workspace ONE Access, Identity Manager, and vRealize Automation. VMware evaluated the severity of this security vulnerability as critical, with a CVSSv3 base score of 9.8/10. The company also patched multiple other security bugs enabling attackers to gain remote code execution (CVE-2022-31658, CVE-2022-31659, CVE-2022-31665) and escalate privileges to ‘root’ (CVE-2022-31660, CVE-2022-31661, CVE-2022-31664) on unpatched servers. “It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments,” said Bob Plankers, Cloud Infrastructure Security & Compliance Architect at VMware.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...