January 4, 2021

Fortify Security Team
Jan 4, 2022

Title: Purple Fox Malware Distributed via Malicious Telegram Installers

Date Published:  January 4, 2022

https://www.bleepingcomputer.com/news/security/purple-fox-malware-distributed-via-malicious-telegram-installers/

Excerpt:  “A malicious Telegram for Desktop installer distributes the Purple Fox malware to install further malicious payloads on infected devices.  The installer is a compiled AutoIt script named “Telegram Desktop.exe” that drops two files, an actual Telegram installer, and a malicious downloader.  While the legitimate Telegram installer dropped alongside the downloader isn’t executed, the AutoIT program does run the downloader (TextInputh.exe).”

Title: Broward Health Discloses Data Breach Affecting 1.3 Million People

Date Published:  January 4, 2022

https://www.bleepingcomputer.com/news/security/broward-health-discloses-data-breach-affecting-13-million-people/

Excerpt:  “The Broward Health public health system has disclosed a large-scale data breach incident impacting 1,357,879 individuals.  Broward Health is a Florida-based healthcare system with over thirty locations offering a wide range of medical services and receives over 60,000 admissions per year.  The healthcare system disclosed a cyberattack on October 15, 2021, when an intruder gained unauthorized access to the hospital’s network and patient data.”

Title: Hospitality Chain McMenamins Discloses Data Breach after Ransomware Attack

Date Published:  January 4, 2022

https://securityaffairs.co/wordpress/126293/data-breach/hospitality-chain-mcmenamins-data-breach.html

Excerpt:  “Hospitality chain McMenamins discloses a data breach after a ransomware attack that took place on December 12.  McMenamins is a family-owned chain of brewpubs, breweries, music venues, historic hotels, and theater pubs in Oregon and Washington.  According to the company, threat actors have stolen data of individuals employed between July 1, 2010, and December 12, 2021.  Stolen employees’ data potentially included names, addresses, telephone numbers, email addresses, dates of birth, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, Social Security numbers, health insurance plan elections, income amounts, and retirement contribution amounts.”

Title: Log4j Flaw Attack Levels Remain High, Microsoft Warns

Date Published:  January 4, 2022

https://www.zdnet.com/article/log4j-flaw-attacks-are-causing-lots-of-problems-microsoft-warns/

Excerpt:  “Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j ‘Log4Shell’ flaw through December.  Disclosed by the Apache Software Foundation on December 9, Log4Shell will likely take years to remediate because of how widely the error-logging software component is used in applications and services.  Microsoft warns that customers might not be aware of how widespread the Log4j issue is in their environment. Over the past month, Microsoft has released numerous updates, including to its Defender security software, to help customers identify the issue as attackers stepped up scanning activity.”

Title: Cyberattack Against UK Ministry of Defence Training Academy Revealed

Date Published:  January 4, 2022

https://www.zdnet.com/article/ex-officer-reveals-cyberattack-against-uk-ministry-of-defence-training-academy/

Excerpt:  “A retired military officer has disclosed a cyberattack that struck the UK Ministry of Defence (MoD) academy and had a “significant” impact on the organization.  Air Marshal Edward Stringer, an officer in charge at the time, told Sky News that the cyberattack was discovered in March 2021.  According to the retired officer, “unusual activity” was detected by IT outsourcer Serco but originally it was thought that this may have been due to some form of IT error rather than something malicious.  The Defence Academy of the United Kingdom was the target. The organization is responsible for teaching and training thousands of military personnel, MoD employees, wider government figures, and overseas students. Courses on offer relate to topics including security, strategy, languages, and information warfare.”

Title: Money Launderers Get 33 Years for £70m Criminal Scheme

Date Published:  January 4, 2022

https://www.infosecurity-magazine.com/news/money-launderers-33-years-70m/

Excerpt:  “Two foreign nationals have been handed down what are believed to be among the most severe sentences on record for money laundering.  Artem Terzyan, 38, from Russia, was jailed for 17 years, while 44-year-old Lithuanian national Deivis Grochiatskij received 16 years following a four-year operation by the National Crime Agency (NCA) and Metropolitan Police Service unit.  Reporting restrictions were recently lifted following their December sentencing at Kingston Crown Court.  Officers first caught wind of their illegal activity after tracking a car linked to a money laundering gang back to a luxury East London apartment block the pair lived in.  Large bags of cash were observed being transferred to the building. The duo subsequently opened multiple bank accounts under the names of fake businesses and deposited tens of thousands of pounds at a time.”

Title: Instagram Copyright Infringment Scams – Don’t Get Sucked In!

Date Published:  December 30, 2021

https://nakedsecurity.sophos.com/2021/12/30/instagram-copyright-infringment-scams-dont-get-sucked-in/

Excerpt:  “As you can imagine, cybercriminals have learned how to use copyright infringement notices as bait in phishing scams.  By pretending to be a social network such as Instagram, they try to scare you into thinking that there’s an official copyright complaint against you whilst at the same time giving you a quick and easy way of replying with a counter-claim of your own.  The criminals know that the complaint is totally bogus, and they know that you know it’s bogus.  But instead of leaving you to figure out that it’s bogus because there was no complaint in the first place, they trick you into thinking that the complaint was real, but that the bogus part was the accusation made by the complainer.  To do this, they don’t accuse you themselves, and they don’t threaten to sue; instead, they offer you an easy way to “prove” your “innocence” by providing a link to object to the “complaint”.”

Title: Log4j Highlights Need for Better Handle on Software Dependencies

Date Published:  January 3, 2022

https://www.darkreading.com/application-security/log4j-highlights-need-for-better-handle-on-software-dependencies

Excerpt:  “It’s a new year and the cybersecurity community now faces the long-term consequences of yet another software supply chain security nightmare. After a year full of application security zero-day fallout, the Log4j vulnerability debacle (also referred to as Log4Shell) was like a thematic bookend for 2021 that closed out the year much in the way SolarWinds started it.  The real-world consequences of these incidents schooled enterprise IT teams in too many ways to count. But perhaps the most important lesson to bubble up is how much work many organizations need to do to truly understand and manage what code is running under the hood across their software portfolios. Like the SolarWinds incident before it, the Log4j fiasco highlighted how many hidden software dependencies exist in enterprise software — and how hard it is to stamp out critical underlying flaws when these dependencies aren’t sufficiently understood.  A big part of this comes from the natural progression of modern development techniques, including microservices and componentization of software, whereby much of today’s software is made up of prefabricated open source and third-party code. Rather than reinventing the wheel by creating a new body of code for each app they develop, software engineers essentially mix-and-match existing libraries and packages for common functions to create the bulk of the codebase that runs applications.”

Title: Breaking the Habit: Top 10 Bad Cybersecurity Habits to Shed in 2022

Date Published:  January 3, 2022

https://www.welivesecurity.com/2022/01/03/breaking-habit-top-10-bad-cybersecurity-habits-shed-2022/

Excerpt:  “The new year is a new opportunity to rewire your digital life. An increasingly important part of this is cybersecurity. In fact, 2021 is already shaping up to have been one of the most prolific years yet for cybercriminals. Almost 19 billion records were exposed in the first half of the year alone.  Better security should mean you’re more insulated from the risk of identity fraud and financial loss. The cost of these scams reached a record $56bn in 2020, with most of this coming online. Although the organizations you interact with have a duty, and often a legal responsibility, to keep your data protected, it’s important to do your bit.  If you’re still feeling reluctant to find new ways to protect your digital world, consider this: a third of US identity crime victims have claimed they didn’t have enough money to buy food or pay for utilities last year as a result of fraud, according to the U.S. Identity Theft Resource Center.  Be alert, be proactive and break these 10 bad habits to improve your cyber-hygiene in 2022.”

Title: Not IT vs OT, but IT and OT

Date Published:  January 3, 2022

https://www.tripwire.com/state-of-security/ics-security/not-it-vs-ot-but-it-and-ot/

Excerpt:  “IT environments have always been considered the forefront when it comes to cybersecurity, and OT environments have been the forefront when it comes to physical security.  As more and more cyber threats are taking place, and with an increasing number recently focused on OT environments, everyone seems to be concerned with how to upscale and secure their OT estates in terms of cybersecurity. However, rather than saying that OT dominions are the only ones that need to be upgraded, perhaps it is a good time to also review their IT holdings and look towards OT in terms of upscaling their physical environment and protecting the devices in scope.  OT environments have always focused on protecting physical entities such as walls, gates, doors, keys, and network hardware. To some extent, many have not even been protected with basic effective username and password authentication security. Although this has historically been a good enough practice, with newer communication methodologies being introduced to make remote management and vendor access easier, this has now opened up a whole bunch of new cyber threats. The OT world is now looking towards the IT world for help.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...