August 30, 2022

Fortify Security Team
Aug 30, 2022

Title: Google Launches Open-source Software Bug Bounty Program

Date Published: August 30, 2022

https://www.bleepingcomputer.com/news/google/google-launches-open-source-software-bug-bounty-program/

Excerpt: “Google will now pay security researchers to find and report bugs in the latest versions of Google-released open-source software (Google OSS).  The company’s newly announced Vulnerability Reward Program (VRP) focuses on Google software and repository settings (like GitHub actions, application configurations, and access control rules).  It applies to software available on public repositories of Google-owned GitHub organizations as well as some repositories from other platforms.”

Title: FBI: Hackers Increasingly Exploit DeFi Bugs to Steal Cryptocurrency

Date Published: August 29, 2022

https://www.bleepingcomputer.com/news/security/fbi-hackers-increasingly-exploit-defi-bugs-to-steal-cryptocurrency/

Excerpt: “The U.S. Federal Bureau of Investigation (FBI) is warning investors that cybercriminals are increasingly exploiting security vulnerabilities in Decentralized Finance (DeFi) platforms to steal cryptocurrency.  “The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency,” the federal law enforcement agency said.  “The FBI encourages investors who suspect cyber criminals have stolen their DeFi investments to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.”

Title: Nelnet Servicing Breach Exposes Data of 2.5M Student Loan Accounts

Date Published: August 29, 2022

https://www.bleepingcomputer.com/news/security/nelnet-servicing-breach-exposes-data-of-25m-student-loan-accounts/

Excerpt: “Data for over 2.5 million individuals with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial was exposed after hackers breached the systems of technology services provider Nelnet Servicing.  Technology services from Nelnet Servicing, including a web portal, are used by OSLA and EdFinancial to give online access students taking out a loan access to their loan accounts.  Sometime in June, unidentified intruders compromised Nelnet Servicing and stayed on  its systems until July 22. The hackers compromised the company’s network likely after exploiting a vulnerability.”

Title: Leading Library Services Firm Baker & Taylor Hit by Ransomware

Date Published: August 29, 2022

https://www.bleepingcomputer.com/news/security/leading-library-services-firm-baker-and-taylor-hit-by-ransomware/

Excerpt: “Baker & Taylor, which describes itself as the world’s largest distributor of books to libraries worldwide, today confirmed it’s still working on restoring systems after being hit by ransomware more than a week ago.  As Baker & Taylor said on August 23, its servers were down after an outage that impacted the company’s phone systems, offices, and service centers.  One day later, the library services provider revealed that disruptions to its business-critical systems stemming from the incident would persist through the week while technical teams work on restoring impacted servers.”

Title: Outdated Infrastructure Not Up to Today’s Ransomware Challenges

Date Published: August 30, 2022

https://www.helpnetsecurity.com/2022/08/30/outdated-infrastructure-manage-data/

Excerpt: “A global research commissioned by Cohesity reveals that nearly half of respondents say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. In some cases, this technology is more than 20 years old and was designed long before today’s multicloud era and onslaught of sophisticated cyberattacks plaguing enterprises globally.  Challenges pertaining to outdated infrastructure could easily be compounded by the fact that many IT and security teams don’t seem to have a plan in place to mobilize if and when a cyber attack occurs. Nearly 60% of respondents expressed some level of concern that their IT and security teams would be able to mobilize efficiently to respond to the attack.”

Title: A Study on Malicious Plugins in WordPress Marketplaces

Date Published: August 30, 2022

https://securityaffairs.co/wordpress/135032/reports/wordpress-malicious-plugins.html

Excerpt: “A team of researchers from the Georgia Institute of Technology has analyzed the backups of more than 400,000 unique web servers and discovered 47,337 malicious plugins installed on 24,931 unique WordPress websites. The experts studied the evolution of CMS plugins in the production web servers dating back to 2012, to do this they developed an automated framework named YODA to detect malicious plugins.  The number of malicious plugins on WordPress websites has increased over the years, and malicious activity reached a peak in March 2020.  The researchers employed cross-website verification to certify the malicious origin of each website, they also noted that legitimate marketplace, nulled marketplace, and injected plugin categories are mutually exclusive.”

Title: New Go-based Ransomware ‘Agenda’ Delivers Customized Attacks

Date Published: August 30, 2022

https://www.infosecurity-magazine.com/news/golang-ransomware-agenda/

Excerpt: “A new piece of targeted ransomware created in the Go programming language has been customized for maximum impact against individual victims.  Security analysts from Trend Micro outlined the new threat in an advisory they published on Thursday following direct attacks against one of the company’s customers.  “Malware written in the Go language (aka Golang) has become common among threat actors,” reads the document. “One possible reason for this uptick in popularity is that Go statically compiles necessary libraries, making security analysis much harder.”  Incidentally, while Golang is still a popular programming language for ransomware, some actors, including BlackCat, are now moving to Rust.”

Title: LastPass Source Code Breach – Do We Still Recommend Password Managers?

Date Published: August 29, 2022

https://nakedsecurity.sophos.com/2022/08/29/lastpass-source-code-breach-do-we-still-recommend-password-managers/

Excerpt: “As you no doubt already know, because the story has been all over the news and social media recently, the widely-known and widely-used password manager LastPass last week reported a security breach.  The breach itself actually happened two weeks before that, the company said, and involved attackers getting into the system where LastPass keeps the source code of its software.  From there, LastPass reported, the attackers “took portions of source code and some proprietary LastPass technical information.”  We didn’t write this incident up last week, because there didn’t seem to be a lot that we could add to the LastPass incident report – the crooks rifled through their proprietary source code and intellectual property, but apparently didn’t get at any customer or employee data.”

Title: Scammers Made Deepfake AI Hologram of Binance Executive

Date Published: August 27, 2022

https://www.hackread.com/hackers-deepfake-ai-hologram-binance-crypto-scam/

Excerpt: “Earlier in April this year, an interesting story surfaced revealing how scammers are using AI-generated images to represent fake law firm and scam unsuspecting users and businesses. This time around, scammers have taken scamming techniques a notch higher by creating a Deepfake hologram of one of Binance executives. For your information, Binance is the world’s largest cryptocurrency exchange.  Binance’s chief communication officer, Patrick Hillmann revealed that a “sophisticated” team of hackers is using video footage of his previous television appearances and interviews and digitally modifying it to make his AI hologram.”

Title: 5 Signs your WordPress Site is Hacked (And How to Fix It)

Date Published: August 28, 2022

https://www.hackread.com/5-signs-wordpress-site-hacked-how-to-fix-it/

Excerpt: “Yes, there are signs that your WordPress or any website has been hacked, and yes there are ways to fix it. This article offers five ways you can tell if your website has been hacked, and then offers a few ways to solve the hack.  Remember that a malicious attacker has several ways of gaining access. It may be malware or a nefarious plugin, but it may be something more sinister like your email has been hacked or your smartphone/computer has spyware. Here are a few signs that your website has been hacked.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...