September 2, 2022

Fortify Security Team
Sep 2, 2022

Title: New Ransomware Hits Windows, Linux Servers of Chile Govt Agency
Date Published: September 1, 2022

https://www.bleepingcomputer.com/news/security/new-ransomware-hits-windows-linux-servers-of-chile-govt-agency/

Excerpt: “Chile’s national computer security and incident response team (CSIRT) has announced that a ransomware attack has impacted operations and online services of a government agency in the country. The attack started on Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency. The hackers stopped all running virtual machines and encrypted their files, appending the “.crypt” filename extension.”

Title: Microsoft Will Disable Exchange Online Basic Auth Next Month
Date Published: September 1, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-will-disable-exchange-online-basic-auth-next-month/

Excerpt: “Microsoft warned customers today that it will finally disable basic authentication in random tenants worldwide to improve Exchange Online security starting October 1, 2022. Today’s announcement follows multiple reminders and warnings the company has issued over the last three years, the first published in September 2019. The company again asked customers to toggle off basic auth in September 2021 and May 2022 after seeing that many of them were yet to move their clients and apps to Modern Authentication.”

Title: Montenegro Hit by Ransomware Attack, Hackers Demand $10 Million
Date Published: September 1, 2022

https://www.bleepingcomputer.com/news/security/montenegro-hit-by-ransomware-attack-hackers-demand-10-million/

Excerpt: “The government of Montenegro has provided more information about the attack on its critical infrastructure saying that ransomware is responsible for the damage and disruptions. Public Administration Minister Maras Dukaj stated on local television yesterday that behind the attack is an organized cybercrime group. The effects of the incident continue for the tenth day. The minister added that a “special virus” is used in this attack and there is a ransom demand of $10 million.”

Title: CIOs Find It Most Difficult to Solve Cybersecurity Challenges
Date Published: September 2, 2022

https://www.helpnetsecurity.com/2022/09/02/cio-solve-cybersecurity-challenges/

Excerpt: “A global research study from Lenovo reveals how the CIO role has evolved, shedding light on growing areas of responsibility and increasing influence in the C-Suite, as well as removing barriers to business growth. Today, technology is the nervous system that connects corporate strategy, finance, innovation, operations, and talent. CIOs are increasingly tasked with connecting with key stakeholders across the organization to ensure alignment and drive execution. With IT enmeshed in every facet of a business, CIOs believe that their organizations must continue to invest in digital transformation to remain relevant. Nearly all CIOs surveyed believe their roles have evolved and expanded in the past few years, and that they are being asked to make business decisions that go far beyond technology.”

Title: Experts Link Raspberry Robin Malware to Evil Corp Cybercrime Gang
Date Published: September 2, 2022

https://securityaffairs.co/wordpress/135206/cyber-crime/raspberry-robin-linked-to-evil-corp.html

Excerpt: “IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL. The malware uses TOR exit nodes as a backup C2 infrastructure. The malware was first spotted on September 2021, the experts observed it targeting organizations in the technology and manufacturing industries. Initial access is typically through infected removable drives, often USB devices.”

Title: Google Chrome Issue Allows Overwriting The Clipboard Content
Date Published: September 2, 2022

https://securityaffairs.co/wordpress/135197/hacking/google-chrome-bug-clipboard-overwrite.html

Excerpt: “A vulnerability in the Google Chrome browser, as well as Chromium-based browsers, could allow malicious web pages to automatically overwrite the clipboard content without any user interaction and consent simply visiting them. According to a blog post published by the developer Jeff Johnson this issue was introduced in version 104. “This blog post isn’t just about Google Chrome, it’s also about Safari and Firefox. Chrome is currently the worst offender, because the user gesture requirement for writing to the clipboard was accidentally broken in version 104.” reads the post. “A public demonstration of the brokenness has been posted on Web Platform News. If you simply visit the demonstration page in Google Chrome or a Chromium browser, then your system clipboard will be overwritten with the text below. (It’s all plain text in your clipboard, but I’ve added a hyperlink for your convenience.)”

Title: Researchers Analyzed a New JavaScript Skimmer Used by Magecart Threat Actors
Date Published: September 1, 2022

https://securityaffairs.co/wordpress/135177/cyber-crime/javascript-skimmer-magecart.html

Excerpt: “Cyble Research & Intelligence Labs started its investigation after seeing a post on Twitter of a new JavaScript skimmer developed by the Magecart threat group used to target Magento e-commerce websites. In Magecart attacks against Magento e-stores, attackers attempt to exploit vulnerabilities in the popular CMS to gain access to the source code of the website and inject malicious JavaScript. The malicious code is designed to capture payment data (credit/debit owner’s name, credit/debit card number, CVV number, and expiry date) from payment forms and checkout pages. The malicious code also performs some checks to determine that data are in the correct format, for example analyzing the length of the entered data. In this specific case, the researchers discovered that when a user visits the compromised website, the skimmer loads the payment overlay and asks the user to enter the payment information.”

Title: New Ransomware Group BianLian Activity Exploding
Date Published: September 2, 2022

https://www.infosecurity-magazine.com/news/new-ransomware-group-bianlian/

Excerpt: “A new ransomware group operating under the name BianLian emerged in late 2021 and has become increasingly active since. The threat actor already has twenty alleged victims across several industries (insurance, medicine, law and engineering), according to a research paper from US cybersecurity firm Redacted, published on September 1, 2022. The majority of the victim organizations have been based in Australia, North America and the UK. The research team has given no attribution yet but believes the threat actor “represents a group of individuals who are very skilled in network penetration but are relatively new to the extortion/ransomware business.”

Title: CISA, NSA and npm Release Software Supply Chain Guidance
Date Published: September 2, 2022

https://www.infosecurity-magazine.com/news/cisa-nsa-npm-software-supply-chain/

Excerpt: “The US government has issued new guidance for developers designed to improve the security of the software supply chain, and in so doing make the nation’s critical infrastructure more resilient. The document, Securing the Software Supply Chain for Developers, was published by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) under the Enduring Security Framework (ESF) initiative. “As the cyber-threat continues to become more sophisticated, adversaries have begun to attack the software supply chain, rather than rely on publicly known vulnerabilities. This supply chain compromise allows malicious actors to move throughout networks seemingly undetected. In order to counter this threat, the cybersecurity community needs to focus on securing the software development lifecycle,” they said.”

Title: Ragnar Locker Ransomware Gang Claims to Have Stolen Data from TAP Air Portugal
Date Published: September 1, 2022

https://securityaffairs.co/wordpress/135168/data-breach/ragnar-locker-ransomware-tap-air-portugal.html

Excerpt: “The Ragnar Locker ransomware added the Portuguese state-owned flag carrier airline TAP Air Portugal to its leak site and claims to have stolen customers’ data. On August 31, the Ragnar Locker ransomware gang announced to have breached the airline’s infrastructure and exfiltrated the data of its customers. “Several days ago Tap Air Portugal made a press-release where they claimed with confidence that they successfully repelled the cyber attack and no data was compromised (but we do have some reasons to believe that hundreds of Gigabytes might be compromised).” reads the message published by the gang on its leak site. “Now try to guess what happens if someone (guess who?) will provide a huge amount of irrefutable evidence, which will show that the official statement of Tap Air – is not true. The incident that occurred with them on Friday – in terms of the compromised personal data scale, it exceeds even the incident with company Easy jet.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...