October 27, 2022

Fortify Security Team
Oct 27, 2022

Title: Notorious ‘BestBuy’ hacker arraigned for running dark web market

Date Published: October 26, 2022

https://www.bleepingcomputer.com/news/security/notorious-bestbuy-hacker-arraigned-for-running-dark-web-market/

Excerpt: “A notorious British hacker was arraigned on Wednesday by the U.S. Department of Justice for allegedly running the now defunct ‘The Real Deal” dark web marketplace. The 34-year-old defendant Daniel Kaye (aka Bestbuy, Spdrman, Popopret, UserL0ser) allegedly ran the illicit services market between early 2015 and November 2016 when The Real Deal shut down. Threat actors used this platform to sell anything from stolen credentials for U.S. government agencies’ systems and hacking tools to drugs, weapons, and government data.Kaye also allegedly trafficked Twitter and Linked accounts and conspired with a threat actor known as TheDarkOverlord to sell stolen Social Security numbers. He laundered the cryptocurrency obtained while operating The Real Deal using the Bitmixer.io Bitcoin mixer service to hide the illicit gains from law enforcement’s blockchain tracing analysis efforts.”

Title: OpenSSL to fix the second critical flaw ever

Date Published: October 26, 2022

https://securityaffairs.co/wordpress/137689/security/openssl-second-critical-flaw-ever.html

Excerpt: “The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts pointed out that it is the first critical vulnerability patched in the toolkit since September 2016. “The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 3.0.7. This release will be made available on Tuesday 1st November 2022 between 1300-1700 UTC.” reads the announcement. “OpenSSL 3.0.7 is a security-fix release. The highest severity issue fixed in this release is CRITICAL:”The critical vulnerability only impacts versions 3.0 and later. This is the second critical vulnerability ever addressed by the OpenSSL Project after the critical Heartbleed vulnerability (CVE-2014-0160) in 2014.”

Title: Ransomware Gangs Ramp Up Industrial Attacks in US

Date Published: October 26, 2022

https://www.darkreading.com/ics-ot/ransomware-gangs-ramp-industrial-attacks-us

Excerpt: “Ransomware gangs are hitting the industrial sector hard — and especially manufacturing companies, with significant spikes in cyberattack activity against US organizations spotted in the third quarter. Meanwhile, emerging ransomware groups are bursting onto the scene, threatening to push the rate of attacks up even higher. According to a Dragos Q3 analysis of ransomware attacks on industrial organizations, 36% of the recorded cases globally hit North America (46 incidents). This is a significant 10% increase over last quarter, when a quarter of cases affected the region. However, the analysis also found that the rate of attacks globally remained flat quarter over quarter — 128 incidents for Q3 vs. 125 in Q2. The majority (68%) of observed incidents were aimed at the manufacturing sector. Out of the confirmed attacks (i.e., those publicly reported, seen in the firm’s telemetry, or confirmed on the Dark Web), 88 were against that segment, especially those producing metal products (12 attacks).”

Title: GitHub Bug Exposed Repositories to Hijacking

Date Published: October 27, 2022

https://www.infosecurity-magazine.com/news/github-bug-hackers-hijack/

Excerpt: “Security researchers have discovered a new flaw in GitHub which they say could have enabled attackers to take control of repositories and spread malware to related apps and code. Although GitHub has now fixed the bug in its “popular repository namespace retirement” feature, the same tool could be targeted by threat actors in the future, Checkmarx warned. In fact, a separate vulnerability in the same tool was exploited earlier this year, enabling hackers to hijack and poison popular PHP packages with millions of downloads. Popular repository namespace retirement was created by GitHub to guard against so-called “repojacking.” GitHub repositories have a unique URL connected to their creator’s user account. If users decide to rename their account, a new URL will be generated and GitHub will redirect traffic from the repository’s original URL.”

Title: These cybersecurity vulnerabilities are most popular with hackers right now – have you patched them?

Date Published: October 27, 2022

https://www.zdnet.com/article/these-cybersecurity-vulnerabilities-are-most-popular-with-hackers-right-now-have-you-patched-them/

Excerpt: “One of the most popular security vulnerabilities among cyber criminals during the past few months is a software flaw in Microsoft Office that’s over five years old – and it continues to be exploited because, despite a longstanding available security update, many businesses still haven’t applied it. According to analysis by cybersecurity researchers at Digital Shadows, the most commonly discussed vulnerability among cyber criminals on underground forums over the last three months is CVE-2017-11882 – a security flaw in Microsoft Office first disclosed in 2017. When exploited successfully, this vulnerability allows cyber criminals to execute remote code on a vulnerable Windows system, providing a way for attackers to drop malware secretly onto the machine.”

Title: Healthcare’s email security problem is a compliance and forensics nightmare

Date Published: October 27, 2022

https://www.scmagazine.com/feature/security-awareness/healthcares-email-security-problem-is-a-compliance-and-forensics-nightmare

Excerpt: “Email hacks against the healthcare sector are common — and problematic from a compliance perspective in terms of reporting requirements. While the consensus is that email is merely a pivot point for other nefarious activities, the stat doesn’t hold as much water in highly regulated industries. Fortified Health Security CEO Dan L. Dodson explains that email is the No. 1 attack vector, mainly through phishing attacks because “the end user is obviously one of, if not the riskiest, point of entry to the organization.” SC Media examined the Office for Civil Rights breach reporting tool and found more than 122 email-related incidents affecting over 1.33 million patients have been reported to the Department of Health and Human Services in 2022, so far. The tallies range from 500 or 501 patients (typically filed as such to denote an ongoing investigation), to as many as 502,869.  Although some of these breach tallies are notable, what’s more concerning is the length of time between detection and reporting it to the impacted patients and regulators.”

Title: LinkedIn’s new security features combat fake profiles, threat actors

Date Published: October 26, 2022

https://www.bleepingcomputer.com/news/security/linkedins-new-security-features-combat-fake-profiles-threat-actors/

Excerpt: “LinkedIn has introduced three new features to fight fake profiles and malicious use of the platform, including a new method to confirm whether a profile is authentic by showing whether it has a verified work email or phone number. Over the past couple of years, LinkedIn has become heavily abused by threat actors to initiate communication with targets to distribute malware, perform cyberespionage, steal credentials, or conduct financial fraud. This abuse has been demonstrated time and time again by the Lazarus North Korean Hacking group, which commonly approaches targets over LinkedIn with fake job offers. However, these fake job offers lead to the installation of malware that allows the threat actors to gain access to a target’s device, and potentially corporate network, or conduct multi-million cryptocurrency hacks. Google has also seen Russian SVR hackers targeting LinkedIn users with Safari zero-day vulnerabilities, and other researchers have seen groups targeting LinkedIn users to steal Facebook advertiser accounts. More recently, Brian Krebs has been reporting on the massive number of fake LinkedIn profiles that are believed to be used for scams and other malicious purposes.”

Title: White House Launches Chemical Sector Security Sprint

Date Published: October 27, 2022

https://www.infosecurity-magazine.com/news/white-house-chemical-sector/

Excerpt: “The Biden–Harris administration has launched a new initiative designed to improve the security of industrial systems in the chemical sector over the next 100 days, as part of ongoing efforts to reduce cyber-risk in critical infrastructure (CNI). The sector is the fourth to be covered by the Industrial Control Systems (ICS) Cybersecurity Initiative, following similar initiatives in the electricity, pipeline, water and railway industries. Incorporating lessons learned from those previous efforts, the 100 day security “sprint” will focus on:

  • Information sharing and coordination between federal government and the private sector
  • Prioritizing “high-risk chemical facilities” which “present significant chemical release hazards”
  • Driving collaboration between sector owners and operators to ensure the right technologies are deployed based on individual risk assessments.

The White House emphasized the criticality to national and economic security of protecting the sector, noting that it produces chemicals “that are used directly or as building blocks in the everyday lives of Americans,” including fertilizers and disinfectants, personal care products and even energy sources. While the focus initially will be on those high-risk facilities, the goal is to disseminate best practices for enhanced ICS cybersecurity across the entire chemical sector.”

Title: Zero-Day Hoarding Aids Advanced Spyware, PEGA Committee Told

Date Published: October 26, 2022

https://www.databreachtoday.com/zero-day-hoarding-aids-advanced-spyware-pega-committee-told-a-20340

Excerpt: “Google’s Shane Huntley Urges EU to ‘Lead a Diplomatic Effort’ to Curb Spyware. Exploitation of zero-day vulnerabilities by commercial makers of advanced spyware threatens global internet security to the point that it needs urgent attention from governments across the world, a Google cybersecurity executive told a European Parliament panel. Shane Huntley, head of Google’s Threat Analysis Group, urged the European Union to “lead a diplomatic effort” to limit the harms of advanced spyware apps such as Pegasus, the flagship product of Israel’s NSO Group. More and more countries seek the surveillance capabilities granted by Pegasus and its competitors “because they see it works,” Huntley told the parliamentary committee investigating European Union member countries’ use of digital surveillance tools. Pegasus has been capable of infecting smartphones without the user having to click on a malicious phishing link. “Very small countries with very poor records of human rights are able to get top-tier capabilities because companies like NSO will sell it to them,” he said. The Parliament overwhelmingly voted in March to empanel the 38-member PEGA committee after reports surfaced that authorities in Poland, Greece, Hungary and Spain had used Pegasus to target politicians, journalists and activists. Committee head Jeroen Lenaers, a Netherlands member from the European People’s Party, lamented Tuesday that the investigation is running into opposition in European capitals.”

Title: DHL takes top spot in brand phishing attempts

Date Published: October 27, 2022

https://www.helpnetsecurity.com/2022/10/27/brand-phishing-q3-2022/

Excerpt: “Check Point Research has published its Brand Phishing Report for Q3 2022, which highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials during July, August and September. While LinkedIn was the most imitated brand in both Q1 and Q2 2022, it’s shipping company DHL that took the top spot in Q3, accounting for twenty-two percent of all phishing attempts worldwide. Microsoft is in second place (16%) and LinkedIn has fallen into third, making up just 11% of scams, compared to 52% in Q1 and 45% in Q2. DHL’s increase could be due in part to a major global scam and phishing attack that the logistics giant warned about itself just days before the quarter started. Instagram has also appeared in the top ten list for the first time this quarter, following a ‘blue-badge’ related phishing campaign that was reported in September.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...