October 27, 2022

Fortify Security Team
Oct 27, 2022

Title: Notorious ‘BestBuy’ hacker arraigned for running dark web market

Date Published: October 26, 2022


Excerpt: “A notorious British hacker was arraigned on Wednesday by the U.S. Department of Justice for allegedly running the now defunct ‘The Real Deal” dark web marketplace. The 34-year-old defendant Daniel Kaye (aka Bestbuy, Spdrman, Popopret, UserL0ser) allegedly ran the illicit services market between early 2015 and November 2016 when The Real Deal shut down. Threat actors used this platform to sell anything from stolen credentials for U.S. government agencies’ systems and hacking tools to drugs, weapons, and government data.Kaye also allegedly trafficked Twitter and Linked accounts and conspired with a threat actor known as TheDarkOverlord to sell stolen Social Security numbers. He laundered the cryptocurrency obtained while operating The Real Deal using the Bitmixer.io Bitcoin mixer service to hide the illicit gains from law enforcement’s blockchain tracing analysis efforts.”

Title: OpenSSL to fix the second critical flaw ever

Date Published: October 26, 2022


Excerpt: “The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts pointed out that it is the first critical vulnerability patched in the toolkit since September 2016. “The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 3.0.7. This release will be made available on Tuesday 1st November 2022 between 1300-1700 UTC.” reads the announcement. “OpenSSL 3.0.7 is a security-fix release. The highest severity issue fixed in this release is CRITICAL:”The critical vulnerability only impacts versions 3.0 and later. This is the second critical vulnerability ever addressed by the OpenSSL Project after the critical Heartbleed vulnerability (CVE-2014-0160) in 2014.”

Title: Ransomware Gangs Ramp Up Industrial Attacks in US

Date Published: October 26, 2022


Excerpt: “Ransomware gangs are hitting the industrial sector hard — and especially manufacturing companies, with significant spikes in cyberattack activity against US organizations spotted in the third quarter. Meanwhile, emerging ransomware groups are bursting onto the scene, threatening to push the rate of attacks up even higher. According to a Dragos Q3 analysis of ransomware attacks on industrial organizations, 36% of the recorded cases globally hit North America (46 incidents). This is a significant 10% increase over last quarter, when a quarter of cases affected the region. However, the analysis also found that the rate of attacks globally remained flat quarter over quarter — 128 incidents for Q3 vs. 125 in Q2. The majority (68%) of observed incidents were aimed at the manufacturing sector. Out of the confirmed attacks (i.e., those publicly reported, seen in the firm’s telemetry, or confirmed on the Dark Web), 88 were against that segment, especially those producing metal products (12 attacks).”

Title: GitHub Bug Exposed Repositories to Hijacking

Date Published: October 27, 2022


Excerpt: “Security researchers have discovered a new flaw in GitHub which they say could have enabled attackers to take control of repositories and spread malware to related apps and code. Although GitHub has now fixed the bug in its “popular repository namespace retirement” feature, the same tool could be targeted by threat actors in the future, Checkmarx warned. In fact, a separate vulnerability in the same tool was exploited earlier this year, enabling hackers to hijack and poison popular PHP packages with millions of downloads. Popular repository namespace retirement was created by GitHub to guard against so-called “repojacking.” GitHub repositories have a unique URL connected to their creator’s user account. If users decide to rename their account, a new URL will be generated and GitHub will redirect traffic from the repository’s original URL.”

Title: These cybersecurity vulnerabilities are most popular with hackers right now – have you patched them?

Date Published: October 27, 2022


Excerpt: “One of the most popular security vulnerabilities among cyber criminals during the past few months is a software flaw in Microsoft Office that’s over five years old – and it continues to be exploited because, despite a longstanding available security update, many businesses still haven’t applied it. According to analysis by cybersecurity researchers at Digital Shadows, the most commonly discussed vulnerability among cyber criminals on underground forums over the last three months is CVE-2017-11882 – a security flaw in Microsoft Office first disclosed in 2017. When exploited successfully, this vulnerability allows cyber criminals to execute remote code on a vulnerable Windows system, providing a way for attackers to drop malware secretly onto the machine.”

Title: Healthcare’s email security problem is a compliance and forensics nightmare

Date Published: October 27, 2022


Excerpt: “Email hacks against the healthcare sector are common — and problematic from a compliance perspective in terms of reporting requirements. While the consensus is that email is merely a pivot point for other nefarious activities, the stat doesn’t hold as much water in highly regulated industries. Fortified Health Security CEO Dan L. Dodson explains that email is the No. 1 attack vector, mainly through phishing attacks because “the end user is obviously one of, if not the riskiest, point of entry to the organization.” SC Media examined the Office for Civil Rights breach reporting tool and found more than 122 email-related incidents affecting over 1.33 million patients have been reported to the Department of Health and Human Services in 2022, so far. The tallies range from 500 or 501 patients (typically filed as such to denote an ongoing investigation), to as many as 502,869.  Although some of these breach tallies are notable, what’s more concerning is the length of time between detection and reporting it to the impacted patients and regulators.”

Title: LinkedIn’s new security features combat fake profiles, threat actors

Date Published: October 26, 2022


Excerpt: “LinkedIn has introduced three new features to fight fake profiles and malicious use of the platform, including a new method to confirm whether a profile is authentic by showing whether it has a verified work email or phone number. Over the past couple of years, LinkedIn has become heavily abused by threat actors to initiate communication with targets to distribute malware, perform cyberespionage, steal credentials, or conduct financial fraud. This abuse has been demonstrated time and time again by the Lazarus North Korean Hacking group, which commonly approaches targets over LinkedIn with fake job offers. However, these fake job offers lead to the installation of malware that allows the threat actors to gain access to a target’s device, and potentially corporate network, or conduct multi-million cryptocurrency hacks. Google has also seen Russian SVR hackers targeting LinkedIn users with Safari zero-day vulnerabilities, and other researchers have seen groups targeting LinkedIn users to steal Facebook advertiser accounts. More recently, Brian Krebs has been reporting on the massive number of fake LinkedIn profiles that are believed to be used for scams and other malicious purposes.”

Title: White House Launches Chemical Sector Security Sprint

Date Published: October 27, 2022


Excerpt: “The Biden–Harris administration has launched a new initiative designed to improve the security of industrial systems in the chemical sector over the next 100 days, as part of ongoing efforts to reduce cyber-risk in critical infrastructure (CNI). The sector is the fourth to be covered by the Industrial Control Systems (ICS) Cybersecurity Initiative, following similar initiatives in the electricity, pipeline, water and railway industries. Incorporating lessons learned from those previous efforts, the 100 day security “sprint” will focus on:

  • Information sharing and coordination between federal government and the private sector
  • Prioritizing “high-risk chemical facilities” which “present significant chemical release hazards”
  • Driving collaboration between sector owners and operators to ensure the right technologies are deployed based on individual risk assessments.

The White House emphasized the criticality to national and economic security of protecting the sector, noting that it produces chemicals “that are used directly or as building blocks in the everyday lives of Americans,” including fertilizers and disinfectants, personal care products and even energy sources. While the focus initially will be on those high-risk facilities, the goal is to disseminate best practices for enhanced ICS cybersecurity across the entire chemical sector.”

Title: Zero-Day Hoarding Aids Advanced Spyware, PEGA Committee Told

Date Published: October 26, 2022


Excerpt: “Google’s Shane Huntley Urges EU to ‘Lead a Diplomatic Effort’ to Curb Spyware. Exploitation of zero-day vulnerabilities by commercial makers of advanced spyware threatens global internet security to the point that it needs urgent attention from governments across the world, a Google cybersecurity executive told a European Parliament panel. Shane Huntley, head of Google’s Threat Analysis Group, urged the European Union to “lead a diplomatic effort” to limit the harms of advanced spyware apps such as Pegasus, the flagship product of Israel’s NSO Group. More and more countries seek the surveillance capabilities granted by Pegasus and its competitors “because they see it works,” Huntley told the parliamentary committee investigating European Union member countries’ use of digital surveillance tools. Pegasus has been capable of infecting smartphones without the user having to click on a malicious phishing link. “Very small countries with very poor records of human rights are able to get top-tier capabilities because companies like NSO will sell it to them,” he said. The Parliament overwhelmingly voted in March to empanel the 38-member PEGA committee after reports surfaced that authorities in Poland, Greece, Hungary and Spain had used Pegasus to target politicians, journalists and activists. Committee head Jeroen Lenaers, a Netherlands member from the European People’s Party, lamented Tuesday that the investigation is running into opposition in European capitals.”

Title: DHL takes top spot in brand phishing attempts

Date Published: October 27, 2022


Excerpt: “Check Point Research has published its Brand Phishing Report for Q3 2022, which highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials during July, August and September. While LinkedIn was the most imitated brand in both Q1 and Q2 2022, it’s shipping company DHL that took the top spot in Q3, accounting for twenty-two percent of all phishing attempts worldwide. Microsoft is in second place (16%) and LinkedIn has fallen into third, making up just 11% of scams, compared to 52% in Q1 and 45% in Q2. DHL’s increase could be due in part to a major global scam and phishing attack that the logistics giant warned about itself just days before the quarter started. Instagram has also appeared in the top ten list for the first time this quarter, following a ‘blue-badge’ related phishing campaign that was reported in September.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...