February 1, 2022

Fortify Security Team
Feb 1, 2022

Title: MuddyWater Hacking Group Targets Turkey in New Campaign
Date Published: February 1, 2022


Excerpt: “The Iranian-backed MuddyWater hacking group is conducting a new malicious campaign targeting private Turkish organizations and governmental institutions. This cyber-espionage group (aka Mercury, SeedWorm, and TEMP.Zagros) was linked this month to Iran’s Ministry of Intelligence and Security (MOIS) by the US Cyber Command (USCYBERCOM). The hacking group has been attributed to attacks against entities in Central and Southwest Asia and numerous public and privately-held organizations from Europe, Asia, and North America in the telecommunications, government (IT services), oil, and airline industry sectors.”

Title: Samba Fixed CVE-2021-44142 Remote Code Execution Flaw
Date Published: January 31, 2022


Excerpt: “Samba has addressed a critical vulnerability, tracked as CVE-2021-44142, that can be exploited by remote attackers to gain code execution with root privileges on servers running vulnerable software. Samba is a free software re-implementation of the SMB networking protocol that provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. Samba runs on most Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple’s macOS Server, and macOS client (Mac OS X 10.2 and greater).”

Title: OpenSSF’s Alpha-Omega Project to Target Vulnerabilities From Beginning to End
Date Published: February 1, 2022


Excerpt: “The effort, backed by a $5 million grant from Microsoft and Google, will be known as the Alpha-Omega Project. The “Alpha” side will emphasize vulnerability testing by hand in the most popular open-source projects, developing close working relationships with a handful of the top 200 projects for testing each year. “Omega” will look more at the broader landscape of open source, running automated testing on the top 10,000. “They will find a vulnerability and try to answer how many other bugs are there like this?” said Brian Behlendorf, OpenSSF general manager. “Can you find some way to characterize that bug in some way a script could scan for it? How many of the other things like this are happening at other open-source projects, and when we find them, how do we connect to those those developers and try to engage them in fixing in a constructive way, rather than simply dumping a CVE on their shoulders.””

Title: Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks
Date Published: February 1, 2022


Excerpt: “An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the backdoor’s evasive PowerShell execution.”

Title: Aggressive BlackCat Ransomware on the Rise
Date Published: January 31, 2022


Excerpt: “BlackCat, the latest ransomware threat touted on underground forums, has quickly made inroads into the ransomware-as-a-service cybercriminal marketplace by offering 80% to 90% of ransoms to “affiliates” and aggressively outing victims on a name-and-shame blog. In less than a month, the BlackCat group has purportedly compromised more than a dozen victims, named those victims on its blog, and broken into the top 10 threats as measured by victim count, according to recent analysis of the malware by researchers at Palo Alto Networks. The ransomware program seems well-designed and is written in Rust, an efficient programming language that has gained popularity over the past decade.”

Title: Telco Fined €9 Million for Hiding Cyberattack Impact to Customers
Date Published: February 1, 2022


Excerpt: “The Greek data protection authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication due to a cyberattack. As the agency says in an announcement, COSMOTE infringed at least eight articles of the GDPR, including violating its duty to inform affected customers of the true impact of the incident. OTE (Hellenic Telecommunications Organization) and COSMOTE belong to the same entity, OTE Group, which is the largest technology company in Greece, offering fixed and mobile telephony, broadband, and network communication services.”

Title: RCE in WordPress Plugin Essential Addons for Elementor Impacts Hundreds of Thousands of Websites
Date Published: February 1, 2022


Excerpt: “Essential Addons for Elementor is a popular WordPress plugin used in over a million sites that provides easy-to-use and creative elements to improve the appearance of the pages. The plugin is affected by a critical remote code execution (RCE) vulnerability that impacts version 5.0.4 and older.
An unauthenticated user can exploit the vulnerability to perform a local file inclusion attack, such as a PHP file, to remotely gain code execution on sites running a vulnerable version of the plugin.”

Title: NSO Group Pegasus Spyware Aims at Finnish Diplomats
Date Published: January 31, 2022


Excerpt: “The controversial Pegasus spyware, developed by NSO Group, has been found on the devices of Finland’s diplomatic corps serving outside the country as part of a wide-ranging espionage campaign, according to Finnish officials. They also said the infections were of the zero-click variety. “The highly sophisticated malware has infected users’ Apple or Android telephones without their noticing and without any action from the user’s part,” Finland’s Ministry for Foreign Affairs announced.  “Through the spyware, the perpetrators may have been able to harvest data from the device and exploit its features.””

Title: Solarmarker Malware Uses Novel Techniques to Persist on Hacked Systems
Date Published: February 1, 2022


Excerpt: “In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy tricks to establish long-term persistence on compromised systems. Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted networks despite the campaign witnessing a decline in November 2021. Boasting of information harvesting and backdoor capabilities, the .NET-based malware has been linked to at least three different attack waves in 2021. The first set, reported in April, took advantage of search engine poisoning techniques to trick business professionals into visiting sketchy Google sites that installed SolarMarker on the victim’s machines.”

Title: German Petrol Supply Firm Oiltanking Paralyzed by Cyber attackE
Date Published: February 1, 2022


Excerpt: “Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations. Additionally, the attack has also affected Mabanaft GmbH, an oil supplier. Both entities are subsidiaries of the Marquard & Bahls group, which may have been the breach point. Because the firm supplies a total of 26 companies in the country with fuel, German media raised worries about shortages immediately, but officials came forth to appease them.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...