InfoSec News 20220411
Top News
-
NB65 group targets Russia with a modified version of Conti’s ransomware
"NB65 hacking group created its ransomware based on the leaked source code of the Conti ransomware and targets Russia."
TLP1 : Green
-
Accounts Deceivable: Email Scam Costliest Type of Cybercrime
"A shopping spree in Beverly Hills, a luxury vacation in Mexico, a bank account that jumped from $299.77 to $1.4 million overnight.
From the outside, it looked like Moe and Kateryna Abourched had won the lottery.
But this big payday didn’t come from lucky numbers. Rather, a public school district in Michigan was tricked into wiring its monthly health insurance payment to the bank account of a California nail salon the Abourcheds owned, according to a search warrant application filed by a Secret Service agent in federal court."
TLP1 : Green
-
Raspberry Pi Ditches Default Logins to Boost Security
"The developers behind Raspberry Pi have enhanced security by forcing users to choose a new username and password on start-up.
Senior principal software engineer, Simon Long, explained in a blog post that previously, users were able to keep the default username “pi.” They were also able to bypass a setup wizard which requested users to choose a new password on start-up, which would leave them with the default option of “raspberry.”"
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
New Meta information stealer distributed in malspam campaign
"A malspam campaign has been found distributing the new META malware, a new info-stealer malware that appears to be rising in popularity among cybercriminals.
META is one of the novel info-stealers, along with Mars Stealer and BlackGuard, whose operators wish to take advantage of Raccoon Stealer's exit from the market that left many searching for their next platform."
TLP1 : Green
-
New Android banking malware remotely takes control of your device
"A new Android banking malware named Octo has appeared in the wild, featuring remote access capabilities that allow malicious operators to perform on-device fraud.
Octo is an evolved Android malware based on ExoCompact, a malware variant based on the Exo trojan that quit the cybercrime space and had its source code leaked in 2018."
TLP1 : Green
-
A DDoS attack took down Finnish govt sites as Ukraine’s President addresses MPs
"A massive DDoS attack took down Finnish government websites while Ukrainian President Zelenskyy addressed Finland’s members of parliament (MPs)."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
SuperCare Health Data Breach Impacts Over 300,000 People
"California-based respiratory care provider SuperCare Health recently disclosed a data breach affecting more than 300,000 individuals."
TLP1 : Green
-
Snap-on discloses data breach claimed by Conti ransomware gang
"American automotive tools manufacturer Snap-on announced a data breach exposing associate and franchisee data after the Conti ransomware gang began leaking the company's data in March.
Snap-on is a leading manufacturer and designer of tools, software, and diagnostic services used by the transportation industry through various brands, including Mitchell1, Norbar, Blue-Point, Blackhawk, and Williams.
Yesterday, Snap-on disclosed a data breach after they detected suspicious activity in their network, which led to them shutting down all of their systems."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits
-
Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII.
"Another day, another threat to your data. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability affecting Easy Appointments, a popular open-source web app written in PHP, used by thousands of sites to manage their online bookings."
TLP1 : Green
-
Dependency Review GitHub Action prevents adding known flaws in the code
"Dependency Review GitHub Action scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
#ISC2Events: Supply Chain Security is a Multifaceted Challenge
"The multifaceted nature of modern supply chain risks was highlighted by Jon France, CISO for (ISC)², during (ISC)² Secure London this week.
France, who was appointed the first-ever CISO of (ISC)² earlier this year, emphasized that rapid digitization across all industries had significantly widened organizations’ threat landscape during COVID-19. “Speed can sometimes be the enemy of risk,” he noted, adding that most have still not gone through the necessary consolidation phase, ensuring these technologies are adequately protected."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Researchers warn of FFDroider and Lightning info-stealers targeting users in the wild
"Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks.
"Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself on victim's machines to look like the instant messaging application 'Telegram,'" Zscaler ThreatLabz researchers Avinash Kumar and Niraj Shivtarkar said in a report published last week."
TLP1 : Green
-
Uncover - Quickly Discover Exposed Hosts On The Internet Using Multiple Search Engine
"uncover is a go wrapper using APIs of well known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools. Currently, it supports shodan, censys, and fofa search engine."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.