AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/05/2022

Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums

A previously undocumented “sophisticated” information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200. “BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients,” Zscaler ThreatLabz researchers Mitesh Wani and Kaivalya Khursale said in a report published last week. Also sold for a lifetime price of $700, BlackGuard is designed as a .NET-based malware that’s actively under development, boasting of a number of anti-analysis, anti-debugging, and anti-evasion features that allows it to kill processes related to antivirus engines and bypass string-based detection.


CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on “evidence of active exploitation.” The critical severity flaw, assigned the identifier CVE-2022-22965 (CVSS score: 9.8) and dubbed “Spring4Shell”, impacts Spring model–view–controller (MVC) and Spring WebFlux applications running on Java Development Kit 9 and later. “Exploitation requires an endpoint with DataBinder enabled (e.g., a POST request that decodes data from the request body automatically) and depends heavily on the servlet container for the application,” Praetorian researchers Anthony Weems and Dallas Kaman noted last week. Although exact details of in-the-wild abuse remain unclear, information security company SecurityScorecard said “active scanning for this vulnerability has been observed coming from the usual suspects like Russian and Chinese IP space.”


The Works forced to close some stores after cyber-attack

A cyber-attack targeting The Works has caused the closure of some of the retailer’s stores, delayed the resupply of stock and online order deliveries to customers. The cut-price seller of books, crafts and toys, which operates 520 stores across the UK, said the security breach of its computer systems had not given hackers access to any customer payment data. “There has been some limited disruption to trading and business operations, including the closure of some stores due to till issues,” the company said. “Replenishment deliveries to the group’s stores were suspended temporarily and the normal delivery window for the fulfilment of online orders was extended, but store deliveries are expected to resume imminently and the normal online service levels are progressively being reintroduced.”


US judge sentences men for $1.5 million Apple Gift Card scam

A US judge has sentenced two men for operating an Apple Gift Card scam that netted them over $1.5 million. On Monday, the US Department of Justice (DoJ) said Syed Ali and Jason Tout-Puissant, 29- and 27-years-old, respectively, were sentenced after admitting to the scam in 2019. Both pleaded guilty to wire fraud. Ali was sentenced in October 2021 by Texas US District Judge David Godbey, and Tout-Puissant has now joined his co-conspirator, having been sentenced by the same judge this week. Often, gift card scams are associated with fake romance scams and cold calls, in which criminals pretend to be an antivirus provider or a tax organization. These scam artists demand payment made in gift cards purchased from Apple, Google, or other vendors.


Attackers can compromise 94% of critical assets within four steps of breach point

Research on Thursday from XM Cyber found that attackers can compromise 94% of critical assets within four steps of the initial breach point. The company’s first annual survey also reported that attackers can compromise 75% of an organization’s critical assets in the company’s existing security status, and 73% of the top attack techniques involve mismanaged or stolen credentials. Shay Siksik, vice president customer experience at XM Cyber, said by knowing where to disrupt attack paths, companies can reduce 80% of issues that would otherwise have taken up security resources.


Vulnerabilities and cyberattacks that marked the year 2021

Rapid7 announced the release of a report examining the 50 most notable security vulnerabilities and high-impact cyberattacks in 2021. On any given day, security professionals must prioritize and address viable threats from an overwhelming number of reported vulnerabilities. Researchers analyze thousands of vulnerabilities each year to understand root causes, dispel misconceptions, and share information on why certain flaws are more likely to be exploited than others. From this research, the team creates a report of the highest priority CVEs based on their likelihood of widespread exploitation. The report highlights 50 vulnerabilities from 2021 that posed considerable risk to businesses of all sizes. Of those 50 vulnerabilities, 43 were exploited in the wild. Furthermore, vulnerabilities classified as “widespread threats” for the scale at which they were exploited increased 136% over the previous year.

Related Posts