December 15, 2021

Fortify Security Team
Dec 15, 2021

Title: Volatile and Adaptable: Tracking the Movements of Modern Ransomware
Date Published: December 15, 2021

https://www.trendmicro.com/en_us/research/21/l/volatile-and-adaptable-tracking-the-movements-of-modern-ransomware.html

Excerpt: “Post-intrusion ransomware groups use various tools and compromised accounts for access and lateral movement — and these families are generally more sophisticated than traditional ransomware. We saw that the detections for post-intrusion ransomware were consistent from 2019 up until the third quarter of 2020. However, in the fourth quarter of 2020, we saw a dramatic increase. While post-intrusion ransomware in 2021 decreased compared to the fourth quarter of 2020, it is still significantly higher when compared to detections from the first to the third quarter of 2020.”

Title: Immediate Steps to Strengthen Critical Infrastructure against Potential Cyberattacks
Date Published: December 15, 2021

https://www.cisa.gov/uscert/ncas/current-activity/2021/12/15/immediate-steps-strengthen-critical-infrastructure-against

Excerpt: “In light of persistent and ongoing cyber threats, CISA urges critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential cyberattacks. CISA has released CISA Insights: Preparing For and Mitigating Potential Cyber Threats to provide critical infrastructure leaders with steps to proactively strengthen their organization’s operational resiliency against sophisticated threat actors, including nation-states and their proxies. CISA encourages leadership at all organizations—and critical infrastructure owners and operators in particular—to review the CISA Insights and adopt a heightened state of awareness.”

Title: Log4j & The Maryland Health Agency Attack
Date Published: December 15, 2021

https://medium.com/hubsecurity/log4j-maryland-health-agency-attack-abb65f035ce7

Excerpt: “Like any other vulnerability this one needs to be prioritized by either patching, reconfiguring, or using an alternative mitigating control. In this case, the vulnerability is easy to exploit and is already being exploited, reducing the time organizations have to respond to the new threat. This is another reason why any organization should put extra controls, like HUB Security, to protect its critical assets with additional and alternative controls. HUB Security secure computing would prevent an unknown remote attacker from communicating with the protected server.”

Title: Hackers Steal Microsoft Exchange Credentials Using IIS Module
Date Published: December 14, 2021

https://www.bleepingcomputer.com/news/security/hackers-steal-microsoft-exchange-credentials-using-iis-module/

Excerpt: “Threat actors are installing a malicious IIS web server module named ‘Owowa’ on Microsoft Exchange Outlook Web Access servers to steal credentials and execute commands on the server remotely. The development of Owowa likely started in late 2020 based on compilation data and when it was uploaded to the VirtusTotal malware scanning service. Based on Kaspersky’s telemetry data, the most recent sample in circulation is from April 2021, targeting servers in Malaysia, Mongolia, Indonesia, and the Philippines.”

Title: Log4j Flaw: Now State-Backed Hackers Are Using Bugs as Part of Attacks, Warns Microsoft
Date Published: December 15, 2021

https://www.zdnet.com/article/log4j-flaw-now-state-backed-hackers-are-using-bug-as-part-of-attacks-warns-microsoft/

Excerpt: “State-sponsored hackers from China, Iran, North Korea and Turkey have started testing, exploiting and using the Log4j bug to deploy malware, including ransomware, according to Microsoft.    As predicted by officials at the US Cybersecurity and Infrastructure Security Agency (CISA), more sophisticated attackers have now started exploiting the so-called Log4Shell bug (CVE-2021-44228), which affects devices and applications running vulnerable versions of the Log4j Java library. It’s a potent flaw that allows remote attackers to take over a device after compromise.”

Title: Nation State Threat Group Targets Airline with Aclip Backdoor
Date Published: December 15, 2021

https://securityintelligence.com/posts/nation-state-threat-group-targets-airline-aclip-backdoor/

Excerpt: “In March 2021, IBM Security X-Force observed an attack on an Asian airline that we assess was likely compromised by a state-sponsored adversary using a new backdoor that utilizes Slack. The adversary leveraged free workspaces on Slack, a legitimate messaging and collaboration application likely to obfuscate operational communications, allowing malicious traffic, or traffic with underlying malicious intent, to go unnoticed. It is unclear if the adversary was able to successfully exfiltrate data from the victim environment, though files found on the threat actor’s command and control (C2) server suggest the possibility that they may have accessed reservation data.”

Title: Government Experts in Last Minute Seasonal Scam Warning
Date Published: December 15, 2021

https://www.infosecurity-magazine.com/news/government-experts-seasonal-scam/

Excerpt: “Consumers may also be approached online via emails and social media messages with “too good to be true” offers for discounted popular gift items, including electronics. If they fall for these, the victims not only lose the money spent on the non-existent item, but their bank or card details will also end up in the hands of the threat actors. The NCSC said the last-minute rush to buy presents online before the Christmas delivery deadline peaks this Saturday, making many shoppers more vulnerable to such scams.”

Title: DHS Announces Its ‘Hack DHS’ Bug Bounty Program
Date Published: December 15, 2021

https://securityaffairs.co/wordpress/125646/security/hack-dhs-bug-bounty-program.html

Excerpt: “The Hack DHS bug bounty program will occur in three phases throughout Fiscal Year 2022. During the first phase, researchers will perform remote vulnerability assessments on certain DHS external systems. In the second phase, the experts will participate in a live, in-person hacking event, while in the third phase, DHS will identify and review lessons learned, and plan for future bug bounties.
Hack DHS will use a platform created by the Department’s Cybersecurity and Infrastructure Security Agency (CISA), and will be monitored by the DHS Office of the Chief Information Officer.
The new bug bounty program will use a platform developed by the Cybersecurity and Infrastructure Security Agency (CISA) and will be monitored by the DHS Office of the Chief Information Officer.”

Title: Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware
Date Published: December 14, 2021

https://thehackernews.com/2021/12/microsoft-issues-windows-update-to.html

Excerpt: “The most critical of the lot is CVE-2021-43890 (CVSS score: 7.1), a Windows AppX installer spoofing vulnerability that Microsoft said could be exploited to achieve arbitrary code execution. The lower severity rating is indicative of the fact that code execution hinges on the logged-on user level, meaning “users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

Title: Ground Labs Research Reveals 71% Of American Consumers Are Unaware of Data Protection Laws
Date Published: December 14, 2021

https://www.darkreading.com/risk/ground-labs-research-reveals-71-of-american-consumers-are-unaware-of-data-protection-laws

Excerpt: “According to global management consulting firm McKinsey, 87% of consumers would not do business with a company if they had concerns about its security practices, and 71% said they would stop doing business with a company if it gave away their sensitive data without permission. Considering the recent incline of data breaches — with a 141% increase in compromised records due to breaches in 2020 compared to 2019 — the stakes are high for businesses when it comes to remaining compliant, keeping personal information safe and secure, and ultimately, cultivating customer trust.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...