February 10, 2022

Fortify Security Team
Feb 10, 2022

Title: CISA Warns Admins to Patch Maximum Severity SAP Vulnerability

Date Published: February 9, 2022


Excerpt: “The US Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to patch a set of severe security flaws dubbed ICMAD (Internet Communication Manager Advanced Desync) and impacting SAP business apps using Internet Communication Manager (ICM). CISA added that failing to patch these vulnerabilities exposes organizations with vulnerable servers to data theft, financial fraud risks, disruptions of mission-critical business processes, ransomware attacks, and a halt of all operations.”

Title: Critical RCE Flaws in PHP Everywhere WordPress Plugin Affect Thousands of Sites

Date Published: February 10, 2022


Excerpt: “Wordfence experts found three critical remote code execution vulnerabilities in the PHP Everywhere WordPress plugin, all the issues have received a CVSS score of 9.9.The plugin that allows WordPress admins to insert PHP code in pages, posts, the sidebar, or any Gutenberg block, to display dynamic content based on evaluated PHP expressions.”

Title: Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware

Date Published: February 9, 2022


Excerpt: “A Windows living-off-the-land binary (LOLBin) known as Regsvr32 is seeing a big uptick in abuse of late, researchers are warning, mainly spreading trojans like Lokibot and Qbot. LOLBins are legitimate, native utilities used daily in various computing environments, that cybercriminals use to evade detection by blending into normal traffic patterns. In this case, Regsvr32 is aMicrosoft-signed command line utility in Windows that allows users to register and unregister libraries. By registering a .DLL file, information is added to the central directory (the Registry) so that it can be used by Windows and shared among programs.”

Title: Ransomware Attacks, and Ransom Payments, are Rampant Among Critical Infrastructure Organizations

Date Published: February 10, 2022


Excerpt: “80% of critical infrastructure organizations experienced a ransomware attack in the last year, with an equal number reporting that their security budgets have risen since 2020, a Claroty report reveals.The report is based on an independent global survey of 1,100 information technology (IT) and operational technology (OT) professionals who work in critical infrastructure sectors, exploring how they have dealt with the significant challenges in 2021, their levels of resiliency, and priorities moving forward.”

Title: Russia Cracks Down on 4 Dark Web Marketplaces for Stolen Credit Cards

Date Published: February 9, 2022


Excerpt: ““A special law enforcement operation undertaken by Russia has led to the seizure and shutdown of four online bazaars that specialized in the theft and sales of stolen credit cards, as the government continues to take active measures against harboring cybercriminals on its territory. To that end, the domains operated by the card fraud forms and marketplaces, Ferum Shop, Sky-Fraud, Trump’s Dumps, and UAS, were confiscated and plastered with a banner that warned “theft of funds from bank cards is illegal.” Also embedded into the HTML source code was a message asking, “Which one of you is next?””

Title: Microsoft Will Block Macros by Default from Internet Downloads

Date Published: February 9, 2022


Excerpt: “Microsoft will make it even more difficult to download and run malicious Office documents from the internet, the company announced this week. It’s a change welcomed by security pros. Office macros, which provide programming functions for use in common workplace documents, have been a launching pad for malicious actors since the Clinton administration. The Concept Virus first appeared in 1995. Nearly thirty years later, it is still a problem, despite Microsoft’s previous efforts to curb adversarial use.”

Title: Linux Malware on the Rise

Date Published: February 9, 2022


Excerpt: ““With Linux frequently used as the basis for cloud services, virtual-machine hosts, and container-based infrastructure, attackers have increasingly targeted Linux environments with sophisticated exploits and malware. New analysis, based on telemetry collected from attacks on VMware customers, shows an increasing number of ransomware programs targeting Linux hosts to infect virtual-machine images or containers; more use of cryptojacking to monetize illicit access; and more than 14,000 instances of Cobalt Strike — 56% of which are pirated copies used by criminals or thrifty companies that have not bought licenses. The red-team tool has become so popular as a way to manage compromised machines that underground developers created their own protocol-compatible version of the Windows program for Linux, VMware states in a newly released report, “Exposing Malware in Linux-based Multi-Cloud Environments.””

Title: FritzFrog Botnet Grows 10x, Hits Healthcare, EDU, and Govt Systems

Date Published: February 10, 2022


Excerpt: “The FritzFrog botnet that’s been active for more than two years has resurfaced with an alarming infection rate, growing ten times in just a month of hitting healthcare, education, and government systems with an exposed SSH server. Discovered in August 2020, the malware is written in Golang and is considered to be a sophisticated threat that relies on custom code, runs in memory, and is decentralized — peer-to-peer (P2P), so it does not need a central management server.”

Title: CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks

Date Published: February 10, 2022


Excerpt: “Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021. The incidents singled out a broad range of sectors, including defense, emergency services, agriculture, government facilities, IT, healthcare, financial services, education, energy, charities, legal institutions, and public services.”

Title: Cloud Migrations are Taking Longer, and Require Bigger Budgets than Expected

Date Published: February 10, 2022


Excerpt: 84% of IT decision-makers across the US and UK say their organization is currently using more than one cloud platform, as businesses’ demands for more choice, flexibility, and agility pushes multi-cloud mainstream in the year ahead, according to a Wanclouds report. The report found that of companies using multiple cloud platforms, 48% are also taking a hybrid approach by utilizing both public and private clouds.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...