WTF Happened Last Week?!?

Week of Jan 15th

Happy Sunday y'all! I hope everyone took some much needed time off during the holidays. We're back in full swing here at It's Security Y'all, so on to the news!

Ivanti Under Attack

• Hackers Exploited Hidden Flaws: Two vulnerabilities in Ivanti Connect Secure, discovered in December, allowed attackers to install custom malware.

• Snooping Malware Deployed: Tools like Zipline and Lightwire intercepted network traffic, stole files, and enabled attackers to remotely control systems.

• C2 Servers Hidden in Old VPNs: Attackers used compromised Cyberoam VPNs as command and control centers for their operations.

• Patch Available, Mitigations Necessary: While Ivanti released a patch, implementing additional security measures is crucial to protect against lingering threats.

The Balada Bait & Switch

• Catfishin' Malware: Balada Injector hijacked over 6,700 websites since December, redirecting visitors to fake popups and scams.

• Exploiting Rusty Tools: This attack used a vulnerability in the outdated Popup Builder plugin, highlighting the importance of software updates.

• Shady Destinations: Balada sends visitors to fake support pages, lottery scams, and push notification spam traps.

• Patch & Protect: Keep your WordPress themes and plugins updated, minimize unnecessary plugins, and be wary of suspicious redirections.

The Great X Caper

• Mandiant's X Account Hijacked: Hackers used the platform to spread fake token airdrop scams, targeting 123,000 followers.

• Widespread Network of Catfishers: The attack involved a tool called CLINKSINK, part of a larger scheme draining crypto wallets since December, netting over $900,000.

• Hijacked Verified Accounts: Hackers targeted X accounts of Netgear, Hyundai, and even the SEC, highlighting vulnerabilities with verified profiles.

• Protect Your Crypto: Secure your accounts with two-factor authentication, avoid shady airdrop promises, and stay vigilant against phishing scams.

Babuk's Bad Day

• Tortilla Ransomware Nailed: Dutch police arrested the operator and obtained a decryptor for victims' locked files.

• Patch Your Servers: Tortilla targeted vulnerable Microsoft Exchange servers – keep software updated to avoid similar attacks.

• More Babuk Copycats: Beware of ransomware like Rook, Night Sky, and AstraLocker using similar tactics.

• Free Decryptor Available: Avast's tool unlocks files encrypted by Tortilla and other Babuk variants – download it if your files are affected.

Till next week y'all!

Also, don't forget to drink some water, move around, and touch some grass!