Blacksite's Intelligence Report - Week of March 21st, 2022

The Blacksite Weekly Intelligence Report

Phishing Toolkit for Fake Chrome Browser Windows

A phishing toolkit has been released that allows security experts and cybercriminals to create effective single sign-on phishing login forms using fake Chrome browser windows. The toolkit was created by security researcher mr.d0x, who released the templates on GitHub. These templates include those for Google Chrome for Windows and Mac and dark and light mode variants. Security experts could simply download the templates, edit them to contain the desired URL and title, and then use an iframe to display the login form.

More information: https://mrd0x.com/browser-in-the-browser-phishing-attack


Western Digital Application Bug Allows for Privilege Escalation

Western Digital's EdgeRover desktop app for both Windows and Mac are vulnerable to local privilege escalation and sandboxing escape bugs that could allow the disclosure of sensitive information or denial of service (DoS) attacks. The vulnerability, tracked as CVE-2022-22998, is a directory traversal bug, allowing unauthorized access to restricted directories and files.

More information: https://www.westerndigital.com/support/product-security/wdc-22004-edgerover-desktop-app-version-1-5-1-594


Cyclops Blink Botnet Targeting Asus Routers

A nascent botnet called Cyclops Blink has emerged as the target of a new report published by Trend Micro. The botnet's main purpose is to build an infrastructure for further attacks on high-value targets. The malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. Trend Micro warned that this could lead to the formation of "eternal botnets" with no security software patching and the absence of patching. The report says the botnet affects a number of Asus routers located in the U.S., India, Italy, Canada, and Russia since June 2019.

More information: https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html

CISA and FBI Warn of SATCOM Networks Threat

CISA and FBI have disclosed information about possible threats to satellite communication (SATCOM) networks in the US and worldwide. Today's warning comes after the KA-SAT network of US satellite communications provider Viasat was affected by a cyberattack that led to satellite service outages in Central and Eastern Europe after a cyber-attack on February 24, roughly around the time when the Russian army invaded Ukraine. The Viasat hack is now also being investigated by the US government as a potential Russian state-sponsored cyberattack.

More information: https://www.cisa.gov/uscert/ncas/alerts/aa22-076a

Chinese State Hackers Target Ukraine

Google's Threat Analysis Group (TAG) says Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine. Google's report of ongoing Chinese cyber operations in Ukraine follows another warning issued one week ago regarding a Chinese-backed hacking group tracked as APT31 targeting Gmail users affiliated with the US government. The group's head, Shane Huntley, also confirmed Leonard's assessment, saying "the Ukraine war isn't only attracting interest from European threat actors... China is working hard here too".


Cyber Risk Management Doesn’t Have To Be Difficult …

 
How Blacksite ZTNA Can Help Protect Your Business Against Cyber Threats

The first step in protecting your company against cyber threats is to make sure you have a solid cybersecurity plan. A cybersecurity plan helps you make sure that your company has the proper safeguards in place to protect your business. Expert security company Blacksite can help you with all your cybersecurity needs. At Blacksite we can help your company develop a cybersecurity plan that is tailored to your business needs. Blacksite implements the latest ZTNA technology to keep your business apps, data, and services safe from prying eyes and potential cybersecurity threats that you might experience in the future. Blacksite specializes in providing cybersecurity solutions in data protection, risk management, encryption, cyber security strategy, and cyber security education at an affordable price to accommodate your business whether it’s a small family owned to that of the size of a fortune 500.

For more information, please contact us and we’ll be glad to assist you.

Become invisible, become secure.