29.03.2024

Another Phobos Ransomware Variant Employs Excel as Its Tool for Compromising Documents
FortiGuard Labs experts have uncovered a new variant of the ransomware program Phobos, belonging to the Faust family. Perpetrators utilize modified MS Office documents for infiltration and compromise, resulting in encrypted files bearing the extension .faust.
The attack initiates through an infected Microsoft Excel document in the ".XLAM" format, containing an embedded VBA script. Culprits leverage the Gitea service for storing Base64-encoded files, each harboring malicious binary code.
Distinguishing itself, Phobos Faust ransomware can persist in the infected system for an extended duration post-initial intrusion, generating numerous threads for operation and even facilitating communication via TOX. Thus, assailants can circumvent external defense perimeters, traversing DMZs, and remain undetected.
Source: https://www.fortinet.com/blog/threat-research/phobos-ransomware-variant-launches-attack-faust

More than 133,000 Fortinet devices remain vulnerable to a critical month-old bug
The number of publicly accessible Fortinet devices susceptible to a critical security flaw in FortiOS from a month ago remains extraordinarily high, despite a gradual increase in patches.
Fortinet addressed CVE-2024-21762 in early February, over a month ago. This vulnerability, rated at 9.6 out of 10, leads to remote code execution (RCE) and topped the charts during Fortinet's weekly report last month.
According to data, the highest number of infections occurs in Asia, where 54,310 devices remain vulnerable to the critical RCE flaw. North America and Europe follow closely with 34,945 and 28,058 respectively.
Source: https://www.theregister.com/2024/03/18/more_than_133000_fortinet_appliances/

PCI DSS 4.0: 4 Key Updates
As of March 31st, the latest version of PCI DSS will be version 4.0. The updated PCI DSS offers a comprehensive set of requirements aimed at assisting companies in better safeguarding payment card data.

This refreshed standard focuses on four key areas:● Protection against malicious scripts;● Skimming detection;● API security;● Logging and monitoring.
For more detailed information on the updates, refer to our article (https://my-itspecialist.com/changes-to-the-pci-dss-v4-0-standard-and-their-impact-on-your-organization-in-2024)

Source: https://www.darkreading.com/cybersecurity-operations/pci-dss-4-0-is-good-security-guidance-for-everyone

Malicious Software Exploits WordPress Popup Builder Plugin to Infect Over 3900 Websites
A recent campaign utilizing malicious software has struck over 3900 websites, leveraging a critical vulnerability in the Popup Builder plugin for WordPress to inject malicious JavaScript code.
This vulnerability, identified as CVE-2023-6000, allows the creation of unauthorized administrative accounts and installing malicious plugins. Attacks are orchestrated from domains registered no earlier than February 2024. The malicious code operates in two variants, redirecting visitors to phishing and fraudulent web pages.
Additionally, a significant vulnerability in the Ultimate Member plugin, known as CVE-2024-2123, poses a risk of injecting malicious web scripts, affecting all plugin versions up to 2.8.3.
Source: https://thehackernews.com/2024/03/malware-campaign-exploits-popup-builder.html

Hackers Utilize Steganography Techniques to Conceal Malware within PNG Files
Security analysts from Morphisec Threat Labs recently uncovered that hackers are actively employing steganography methods to conceal malicious software within PNG files.
The IDAT loader attack utilized steganography to hide malicious code in images or videos. Stego-technologies, such as embedding code into the least significant bits, enable evade detection by obfuscating the payload.
The modular operation of the IDAT loader leverages steganography with PNG to extract the payload. An embedded value of 0xEA79A5C6 serves as the starting point. The primary objective is to load "PLA.dll" and employ "Module Stomping," injecting code for the next stage to bypass security systems.
Source: https://cybersecuritynews.com/hackers-steganography-png-malware/