February 10, 2022

Fortify Security Team
Feb 10, 2022

Title: CISA Warns Admins to Patch Maximum Severity SAP Vulnerability

Date Published: February 9, 2022


Excerpt: “The US Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to patch a set of severe security flaws dubbed ICMAD (Internet Communication Manager Advanced Desync) and impacting SAP business apps using Internet Communication Manager (ICM). CISA added that failing to patch these vulnerabilities exposes organizations with vulnerable servers to data theft, financial fraud risks, disruptions of mission-critical business processes, ransomware attacks, and a halt of all operations.”

Title: Critical RCE Flaws in PHP Everywhere WordPress Plugin Affect Thousands of Sites

Date Published: February 10, 2022


Excerpt: “Wordfence experts found three critical remote code execution vulnerabilities in the PHP Everywhere WordPress plugin, all the issues have received a CVSS score of 9.9.The plugin that allows WordPress admins to insert PHP code in pages, posts, the sidebar, or any Gutenberg block, to display dynamic content based on evaluated PHP expressions.”

Title: Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware

Date Published: February 9, 2022


Excerpt: “A Windows living-off-the-land binary (LOLBin) known as Regsvr32 is seeing a big uptick in abuse of late, researchers are warning, mainly spreading trojans like Lokibot and Qbot. LOLBins are legitimate, native utilities used daily in various computing environments, that cybercriminals use to evade detection by blending into normal traffic patterns. In this case, Regsvr32 is aMicrosoft-signed command line utility in Windows that allows users to register and unregister libraries. By registering a .DLL file, information is added to the central directory (the Registry) so that it can be used by Windows and shared among programs.”

Title: Ransomware Attacks, and Ransom Payments, are Rampant Among Critical Infrastructure Organizations

Date Published: February 10, 2022


Excerpt: “80% of critical infrastructure organizations experienced a ransomware attack in the last year, with an equal number reporting that their security budgets have risen since 2020, a Claroty report reveals.The report is based on an independent global survey of 1,100 information technology (IT) and operational technology (OT) professionals who work in critical infrastructure sectors, exploring how they have dealt with the significant challenges in 2021, their levels of resiliency, and priorities moving forward.”

Title: Russia Cracks Down on 4 Dark Web Marketplaces for Stolen Credit Cards

Date Published: February 9, 2022


Excerpt: ““A special law enforcement operation undertaken by Russia has led to the seizure and shutdown of four online bazaars that specialized in the theft and sales of stolen credit cards, as the government continues to take active measures against harboring cybercriminals on its territory. To that end, the domains operated by the card fraud forms and marketplaces, Ferum Shop, Sky-Fraud, Trump’s Dumps, and UAS, were confiscated and plastered with a banner that warned “theft of funds from bank cards is illegal.” Also embedded into the HTML source code was a message asking, “Which one of you is next?””

Title: Microsoft Will Block Macros by Default from Internet Downloads

Date Published: February 9, 2022


Excerpt: “Microsoft will make it even more difficult to download and run malicious Office documents from the internet, the company announced this week. It’s a change welcomed by security pros. Office macros, which provide programming functions for use in common workplace documents, have been a launching pad for malicious actors since the Clinton administration. The Concept Virus first appeared in 1995. Nearly thirty years later, it is still a problem, despite Microsoft’s previous efforts to curb adversarial use.”

Title: Linux Malware on the Rise

Date Published: February 9, 2022


Excerpt: ““With Linux frequently used as the basis for cloud services, virtual-machine hosts, and container-based infrastructure, attackers have increasingly targeted Linux environments with sophisticated exploits and malware. New analysis, based on telemetry collected from attacks on VMware customers, shows an increasing number of ransomware programs targeting Linux hosts to infect virtual-machine images or containers; more use of cryptojacking to monetize illicit access; and more than 14,000 instances of Cobalt Strike — 56% of which are pirated copies used by criminals or thrifty companies that have not bought licenses. The red-team tool has become so popular as a way to manage compromised machines that underground developers created their own protocol-compatible version of the Windows program for Linux, VMware states in a newly released report, “Exposing Malware in Linux-based Multi-Cloud Environments.””

Title: FritzFrog Botnet Grows 10x, Hits Healthcare, EDU, and Govt Systems

Date Published: February 10, 2022


Excerpt: “The FritzFrog botnet that’s been active for more than two years has resurfaced with an alarming infection rate, growing ten times in just a month of hitting healthcare, education, and government systems with an exposed SSH server. Discovered in August 2020, the malware is written in Golang and is considered to be a sophisticated threat that relies on custom code, runs in memory, and is decentralized — peer-to-peer (P2P), so it does not need a central management server.”

Title: CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks

Date Published: February 10, 2022


Excerpt: “Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021. The incidents singled out a broad range of sectors, including defense, emergency services, agriculture, government facilities, IT, healthcare, financial services, education, energy, charities, legal institutions, and public services.”

Title: Cloud Migrations are Taking Longer, and Require Bigger Budgets than Expected

Date Published: February 10, 2022


Excerpt: 84% of IT decision-makers across the US and UK say their organization is currently using more than one cloud platform, as businesses’ demands for more choice, flexibility, and agility pushes multi-cloud mainstream in the year ahead, according to a Wanclouds report. The report found that of companies using multiple cloud platforms, 48% are also taking a hybrid approach by utilizing both public and private clouds.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...