August 4, 2022

Fortify Security Team
Aug 4, 2022

Title: Experts Warn of Fake Football Ticket Scams
Date Published: August 4, 2022

https://www.infosecurity-magazine.com/news/experts-warn-of-fake-football/

Excerpt: “Football fans have been warned to exercise caution online after news emerged that fraudsters are increasingly taking to social media to sell non-existent tickets. Lloyds Bank data revealed that incidents surged by 68% between January and June this year, with an average loss of £410 per victim. Unsurprisingly, tickets for the top six English clubs plus internationals and European games are the most sought after, and therefore most at risk of scams like this. Some victims have lost thousands of pounds on fake tickets for big matches such as cup finals, according to the high street lender. The fear is that fraudsters will double down on these tactics as the new Premier League season gets underway in the UK this coming weekend.”

Title: Hackers Stole $200 Million From the Nomad Crypto Bridge
Date Published: August 4, 2022

https://securityaffairs.co/wordpress/133988/hacking/nomad-cyber-heist.html

Excerpt: “Another crypto heist made the headlines, threat actors stole nearly $200 million worth of cryptocurrency from the bridge Nomad. Nomad Bridge is a cross-chain bridge between Ethereum, Moonbeam, Avalanche, Evmos and Milkomeda. The project confirmed the incident and is investigating the case after it has notified law enforcement. According to researcher ‘samczsun’ from Paradigm, an upgrade made by the Nomad team has introduced a security flaw. It changed the verification process for the messages allowing attackers to copy/paste transactions and steal the funds from the bridge. Attackers copied the original transaction and replaced the address with their own.”

Title: Minimizing the Security Risks of Single Sign on Implementations
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/minimizing-the-security-risks-of-single-sign-on-implementations/

Excerpt: “Single Sign On (SSO) was originally introduced as a tool for both user convenience and improved security. The idea was that rather than requiring users to memorize numerous, complex and frequently changing passwords a user could sign in once and access all of their resources through a single set of credentials. Because the user was only required to remember a single password, an organization could require additional password complexity, thereby improving the overall password security.”

Title: Russian Organizations Attacked With New Woody Rat Malware
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/russian-organizations-attacked-with-new-woody-rat-malware/

Excerpt: “Unknown attackers target Russian entities with newly discovered malware that allows them to control and steal information from compromised devices remotely. According to Malwarebytes, one of the Russian organizations that were attacked using this malware is a government-controlled defense corporation. “Based on a fake domain registered by the threat actors, we know that they tried to target a Russian aerospace and defense entity known as OAK,” the Malwarebytes Labs researchers said.”

Title: Cloned Atomic Wallet Website Is Pushing Mars Stealer Malware
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/cloned-atomic-wallet-website-is-pushing-mars-stealer-malware/

Excerpt: “A fake website impersonating the official portal for the Atomic wallet, a popular decentralized wallet that also operates as a cryptocurrency exchange portal, is, in reality, distributing copies of the Mars Stealer information-stealing malware. The phony website was disclosed by a malware researcher known as Dee on Monday, but at the time of writing this, it remains online, serving copies of the said malware. Seeing the genuine and fake websites side by side reveals that the latter isn’t a faithful copy of the former, but it’s still using the official logos, themes, marketing images, and structure. The fake site even features a contact form, email address, and FAQ section.”

Title: Spanish Research Agency Still Recovering After Ransomware Attack
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/spanish-research-agency-still-recovering-after-ransomware-attack/

Excerpt: “The Spanish National Research Council (CSIC) last month was hit by a ransomware attack that is now attributed to Russian hackers. CSIC is a state agency for scientific research and technological development part of the Spanish Ministry of Science and Innovation but with a special status in that it has “its own assets and treasury, functional and managerial autonomy.””

Title: Windows 11 Smart App Control Blocks Files Used to Push Malware
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/microsoft/windows-11-smart-app-control-blocks-files-used-to-push-malware/

Excerpt: “Smart App Control, a Windows 11 security feature that blocks threats at the process level, now comes with support for blocking several file types threat actors have recently adopted to infect targets with malware in phishing attacks. “Windows 11 with smart app control blocks iso and lnk files that have mark of the web just like Macros,” David Weston, Microsoft’s VP for Enterprise and OS Security, tweeted on Tuesday. When blocking a dangerous file using SAC, the system will open a foreground dialog with the following message: “Smart App Control blocked an app that may be unsafe. This file was blocked because files of this type from the internet can be dangerous.””

Title: Microsoft Accounts Targeted With New Mfa-Bypassing Phishing Kit
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/microsoft-accounts-targeted-with-new-mfa-bypassing-phishing-kit/

Excerpt: “A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. Researchers believe the campaign’s goal is to breach corporate accounts to conduct BEC (business email compromise) attacks, diverting payments to bank accounts under their control using falsified documents. The phishing campaign’s targets include fin-tech, lending, accounting, insurance, and Federal Credit Union organizations in the US, UK, New Zealand, and Australia. The campaign was discovered by Zscaler’s ThreatLabz researchers, who report that the operation is still ongoing, and the phishing actors register new phishing domains almost daily.”

Title: Cisco Fixes Critical Remote Code Execution Bug in Vpn Routers
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-remote-code-execution-bug-in-vpn-routers/

Excerpt: “Cisco has fixed critical security vulnerabilities affecting Small Business VPN routers and enabling unauthenticated, remote attackers to execute arbitrary code or commands and trigger denial of service (DoS) conditions on vulnerable devices. The two security flaws tracked as CVE-2022-20842 and CVE-2022-20827 were found in the web-based management interfaces and the web filter database update feature, and are both caused by insufficient input validation. Successful exploitation of CVE-2022-20842 with crafted HTTP input could allow attackers “to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition,” the company explains.”

Title: Ukraine Takes Down 1,000,000 Bots Used for Disinformation
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/ukraine-takes-down-1-000-000-bots-used-for-disinformation/

Excerpt: “The Ukrainian cyber police (SSU) has shut down a massive bot farm of 1,000,000 bots used to spread disinformation on social networks. The goal of the bot farm was to discredit information coming from official Ukrainian state sources, destabilize the social and political situation in the country, and create internal strife. The messages spread by the bots were in line with Russian propaganda, so the operators of the disinformation machine are believed to be members of the Russian special services. In fact, SSU’s investigation led to the criminal group’s leader, a Russian “political expert” who in the past lived in Kyiv. The investigation of the Ukrainian police is still underway to uncover any other participants in the operation who will be charged for violations of Article 361.2 of the country’s criminal code.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...