August 4, 2022

Fortify Security Team
Aug 4, 2022

Title: Experts Warn of Fake Football Ticket Scams
Date Published: August 4, 2022

https://www.infosecurity-magazine.com/news/experts-warn-of-fake-football/

Excerpt: “Football fans have been warned to exercise caution online after news emerged that fraudsters are increasingly taking to social media to sell non-existent tickets. Lloyds Bank data revealed that incidents surged by 68% between January and June this year, with an average loss of £410 per victim. Unsurprisingly, tickets for the top six English clubs plus internationals and European games are the most sought after, and therefore most at risk of scams like this. Some victims have lost thousands of pounds on fake tickets for big matches such as cup finals, according to the high street lender. The fear is that fraudsters will double down on these tactics as the new Premier League season gets underway in the UK this coming weekend.”

Title: Hackers Stole $200 Million From the Nomad Crypto Bridge
Date Published: August 4, 2022

https://securityaffairs.co/wordpress/133988/hacking/nomad-cyber-heist.html

Excerpt: “Another crypto heist made the headlines, threat actors stole nearly $200 million worth of cryptocurrency from the bridge Nomad. Nomad Bridge is a cross-chain bridge between Ethereum, Moonbeam, Avalanche, Evmos and Milkomeda. The project confirmed the incident and is investigating the case after it has notified law enforcement. According to researcher ‘samczsun’ from Paradigm, an upgrade made by the Nomad team has introduced a security flaw. It changed the verification process for the messages allowing attackers to copy/paste transactions and steal the funds from the bridge. Attackers copied the original transaction and replaced the address with their own.”

Title: Minimizing the Security Risks of Single Sign on Implementations
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/minimizing-the-security-risks-of-single-sign-on-implementations/

Excerpt: “Single Sign On (SSO) was originally introduced as a tool for both user convenience and improved security. The idea was that rather than requiring users to memorize numerous, complex and frequently changing passwords a user could sign in once and access all of their resources through a single set of credentials. Because the user was only required to remember a single password, an organization could require additional password complexity, thereby improving the overall password security.”

Title: Russian Organizations Attacked With New Woody Rat Malware
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/russian-organizations-attacked-with-new-woody-rat-malware/

Excerpt: “Unknown attackers target Russian entities with newly discovered malware that allows them to control and steal information from compromised devices remotely. According to Malwarebytes, one of the Russian organizations that were attacked using this malware is a government-controlled defense corporation. “Based on a fake domain registered by the threat actors, we know that they tried to target a Russian aerospace and defense entity known as OAK,” the Malwarebytes Labs researchers said.”

Title: Cloned Atomic Wallet Website Is Pushing Mars Stealer Malware
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/cloned-atomic-wallet-website-is-pushing-mars-stealer-malware/

Excerpt: “A fake website impersonating the official portal for the Atomic wallet, a popular decentralized wallet that also operates as a cryptocurrency exchange portal, is, in reality, distributing copies of the Mars Stealer information-stealing malware. The phony website was disclosed by a malware researcher known as Dee on Monday, but at the time of writing this, it remains online, serving copies of the said malware. Seeing the genuine and fake websites side by side reveals that the latter isn’t a faithful copy of the former, but it’s still using the official logos, themes, marketing images, and structure. The fake site even features a contact form, email address, and FAQ section.”

Title: Spanish Research Agency Still Recovering After Ransomware Attack
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/spanish-research-agency-still-recovering-after-ransomware-attack/

Excerpt: “The Spanish National Research Council (CSIC) last month was hit by a ransomware attack that is now attributed to Russian hackers. CSIC is a state agency for scientific research and technological development part of the Spanish Ministry of Science and Innovation but with a special status in that it has “its own assets and treasury, functional and managerial autonomy.””

Title: Windows 11 Smart App Control Blocks Files Used to Push Malware
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/microsoft/windows-11-smart-app-control-blocks-files-used-to-push-malware/

Excerpt: “Smart App Control, a Windows 11 security feature that blocks threats at the process level, now comes with support for blocking several file types threat actors have recently adopted to infect targets with malware in phishing attacks. “Windows 11 with smart app control blocks iso and lnk files that have mark of the web just like Macros,” David Weston, Microsoft’s VP for Enterprise and OS Security, tweeted on Tuesday. When blocking a dangerous file using SAC, the system will open a foreground dialog with the following message: “Smart App Control blocked an app that may be unsafe. This file was blocked because files of this type from the internet can be dangerous.””

Title: Microsoft Accounts Targeted With New Mfa-Bypassing Phishing Kit
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/microsoft-accounts-targeted-with-new-mfa-bypassing-phishing-kit/

Excerpt: “A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. Researchers believe the campaign’s goal is to breach corporate accounts to conduct BEC (business email compromise) attacks, diverting payments to bank accounts under their control using falsified documents. The phishing campaign’s targets include fin-tech, lending, accounting, insurance, and Federal Credit Union organizations in the US, UK, New Zealand, and Australia. The campaign was discovered by Zscaler’s ThreatLabz researchers, who report that the operation is still ongoing, and the phishing actors register new phishing domains almost daily.”

Title: Cisco Fixes Critical Remote Code Execution Bug in Vpn Routers
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-remote-code-execution-bug-in-vpn-routers/

Excerpt: “Cisco has fixed critical security vulnerabilities affecting Small Business VPN routers and enabling unauthenticated, remote attackers to execute arbitrary code or commands and trigger denial of service (DoS) conditions on vulnerable devices. The two security flaws tracked as CVE-2022-20842 and CVE-2022-20827 were found in the web-based management interfaces and the web filter database update feature, and are both caused by insufficient input validation. Successful exploitation of CVE-2022-20842 with crafted HTTP input could allow attackers “to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition,” the company explains.”

Title: Ukraine Takes Down 1,000,000 Bots Used for Disinformation
Date Published: August 3, 2022

https://www.bleepingcomputer.com/news/security/ukraine-takes-down-1-000-000-bots-used-for-disinformation/

Excerpt: “The Ukrainian cyber police (SSU) has shut down a massive bot farm of 1,000,000 bots used to spread disinformation on social networks. The goal of the bot farm was to discredit information coming from official Ukrainian state sources, destabilize the social and political situation in the country, and create internal strife. The messages spread by the bots were in line with Russian propaganda, so the operators of the disinformation machine are believed to be members of the Russian special services. In fact, SSU’s investigation led to the criminal group’s leader, a Russian “political expert” who in the past lived in Kyiv. The investigation of the Ukrainian police is still underway to uncover any other participants in the operation who will be charged for violations of Article 361.2 of the country’s criminal code.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...