CyberSecurity News

                July 25, 2022

            CyberSecurity News 

                25th July 2022

            This week we see great improvements in RaaS and some issues in privacy. Ransomware as a service gangs seem to be better at continuous improvement than those trying to catch them.

Thanks for reading Bagheera’s Newsletter! Subscribe for free to receive new posts and support my work.

Atlas Intelligence Group Launches With Unique Business Model. A ransomware group that hires cyber-mercenaries to carry out its missions. When a client purchases AIG's DDoS, data theft, or malicious spam services, the group advertises for and hires independent contractors to execute the actual task

Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading

Digital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems:
https://www.bleepingcomputer.com/news/security/digital-security-giant-entrust-breached-by-ransomware-gang/
Dominic Alvieri @AlvieriD
Entrust security incident dated June 18th.
Entrust blog still down on your left and official statement on your right.
No one seen taking credit to date.
@Entrust_Corp 
#cybersecurity #infosec
@Cyberknow20 @GossiTheDog
@campuscodi @vxunderground @FBI 
2:03 PM ∙ Jul 21, 2022
50Likes34RetweetsLinkedIn is on top of the list of most impersonated brands regarded in phishing campaigns:
https://gbhackers.com/linkedin-remains-number-one-brand-to-be-faked/
A previously undetected malware dubbed 'Lightning Framework' that targets Linux systems can be used to backdoor infected devices using SSH and deploy rootkits:
https://www.bleepingcomputer.com/news/security/new-lightning-framework-linux-malware-installs-rootkits-backdoors/
A new release of Burp includes tab-specific options in Repeater:
https://portswigger.net/burp/releases/professional-community-2022-7-1
Hackers Arise have a great tutorial on Exploiting SCADA/ICS Systems with the Command Line Tool:
https://www.hackers-arise.com/post/2018/03/22/scada-hacking-exploiting-scadaics-systems-with-the-command-line-tool-modbus-cli
Meta CEO Mark Zuckerberg and former COO Sheryl Sandberg will have to provide testimony to a federal court to discuss their alleged involvement in the company's notorious Cambridge Analytica scandal:
https://storage.courtlistener.com/recap/gov.uscourts.cand.327471/gov.uscourts.cand.327471.964.0.pdf

Zuckerberg and Sandberg to Testify Over Cambridge Analytica
The two will provide six and five hours of testimony respectively, more than half a decade after the scandal first became public.

An Italian court has ordered Cloudflare to block three torrent sites on its public DNS resolver 1.1.1.1:
https://torrentfreak.com/court-orders-cloudflares-dns-resolver-1-1-1-1-to-block-pirate-sites-in-italy-220719/
An installation-art company called META (or Meta.is) announced Tuesday that it will be suing Meta (or Facebook) for trademark violation, alleging that Zuckerberg's name change violated the smaller company's established brand:

A company called Meta is suing Meta for naming itself Meta - The Verge
A tale of two Metas

FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications:
https://www.cnn.com/2022/07/23/politics/fbi-investigation-huawei-china-defense-department-communications-nuclear/index.html
Hacker using pseudonym Rektengle claims to have hacked into Rogers days before the outage to help them secure the perimeter:
https://cybernews.com/security/hacker-claims-to-have-hacked-into-rogers-days-before-outage-out-of-good-faith
Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and Data Center servers:
https://www.bleepingcomputer.com/news/security/atlassian-confluence-hardcoded-password-was-leaked-patch-now/
Leveraging little more than Linux bugs, common cloud application vulnerabilities, and misconfigurations, the 8220 Gang has been able to use its latest IRC botnet to infect more than 30,000 hosts with their PwnRig cryptominer:
https://www.darkreading.com/application-security/lax-security-fuels-cloud-botnet-army-surge
Building materials giant Knauf hit by Black Basta ransomware gang:
https://www.bleepingcomputer.com/news/security/building-materials-giant-knauf-hit-by-black-basta-ransomware-gang/
Attackers of the North Korean hacking group are believed to be behind a recent effort that targets high-value organizations in the Czech Republic, Poland, and other European nations:
https://virtualattacks.com/news/attackers-of-north-korea-target-eu-with-konni-rat-malware/
Microsoft releases a new default policy to thwart credential attacks, which is also heading to Windows 10:
https://www.zdnet.com/article/windows-11-is-getting-a-new-security-setting-to-block-ransomware-attacks
Massive Microsoft 365 outage caused by faulty ECS deployment:
https://www.bleepingcomputer.com/news/microsoft/massive-microsoft-365-outage-caused-by-faulty-ecs-deployment/
Ex-Coinbase manager charged in first crypto insider-trading case:
https://www.bleepingcomputer.com/news/cryptocurrency/ex-coinbase-manager-charged-in-first-crypto-insider-trading-case/
0-click RCE on Tesla:

Synacktiv @Synacktiv
The 0-click RCE on Tesla infotainment demonstrated by @_p0ly_  and @vdehors during latest #Pwn2Own has been nominated for the @PwnieAwards! If you want to get all the details, come listening to their talk during @hexacon_fr in October ;) 
12:58 PM ∙ Jul 21, 2022
97Likes23Retweets
A warrant allowed FBI agents in Tennessee to force a suspect to unlock his encrypted Amazon messaging app, Wickr, with his face. It's an unprecedented move by the feds:
https://www.forbes.com/sites/thomasbrewster/2022/07/19/fbi-forces-open-amazon-wickr-app-with-a-suspects-face
FairFax gets hit with Ransomware while in the middle of selling it’s Pet Insurance group to JAB Holding:
Xw7au5pnwtl6lozbsudkmyd32n6gnqdngitjdppybudan3x3pjgpmpid.onion

Luna ransomware encrypts Windows, Linux, and ESXi systems:
https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/
A man suspected of providing the IT infrastructure behind the Gozi banking trojan has been extradited to the US to face a string of computer fraud charges:
https://www.theregister.com/2022/07/20/alleged_gozi_malware_cio_extradited/
BlackBerry collaborates with LeapXpert to provide customers with secure communication:
https://www.helpnetsecurity.com/2022/07/21/blackberry-leapxpert/
Heads of GCHQ and NCSC back plan to scan phones for child abuse images:
https://www.theguardian.com/uk-news/2022/jul/21/uk-cybersecurity-chiefs-back-plan-to-scan-phones-for-child-abuse-images
Doenerium - Fully Undetected Grabber (Grabs Wallets, Passwords, Cookies, Modifies Discord Client Etc.):
https://www.kitploit.com/2022/07/doenerium-fully-undetected-grabber.html
DeimosC2 is a post-exploitation Command & Control (C2) tool

GitHub - DeimosC2/DeimosC2: DeimosC2 is a Golang command and control framework for post-exploitation.
DeimosC2 is a Golang command and control framework for post-exploitation. - GitHub - DeimosC2/DeimosC2: DeimosC2 is a Golang command and control framework for post-exploitation.

Podalirius has a great project is to provide an OpenSource knowledge database of all the techniques to achieve Remote Code Execution:
https://github.com/p0dalirius/Awesome-RCE-techniques
Thanks for reading Bagheera’s Newsletter! Subscribe for free to receive new posts and support my work.

                Don't miss what's next. Subscribe to BagheeraAltered's CyberSecurity Newsletter: