February 10, 2022

Fortify Security Team
Feb 10, 2022

Title: CISA Warns Admins to Patch Maximum Severity SAP Vulnerability

Date Published: February 9, 2022

https://www.bleepingcomputer.com/news/security/cisa-warns-admins-to-patch-maximum-severity-sap-vulnerability/

Excerpt: “The US Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to patch a set of severe security flaws dubbed ICMAD (Internet Communication Manager Advanced Desync) and impacting SAP business apps using Internet Communication Manager (ICM). CISA added that failing to patch these vulnerabilities exposes organizations with vulnerable servers to data theft, financial fraud risks, disruptions of mission-critical business processes, ransomware attacks, and a halt of all operations.”

Title: Critical RCE Flaws in PHP Everywhere WordPress Plugin Affect Thousands of Sites

Date Published: February 10, 2022

https://securityaffairs.co/wordpress/127848/hacking/rce-php-everywhere-wordpress-plugin.html

Excerpt: “Wordfence experts found three critical remote code execution vulnerabilities in the PHP Everywhere WordPress plugin, all the issues have received a CVSS score of 9.9.The plugin that allows WordPress admins to insert PHP code in pages, posts, the sidebar, or any Gutenberg block, to display dynamic content based on evaluated PHP expressions.”

Title: Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware

Date Published: February 9, 2022

https://threatpost.com/cybercriminals-windows-utility-regsvr32-malware/178333/

Excerpt: “A Windows living-off-the-land binary (LOLBin) known as Regsvr32 is seeing a big uptick in abuse of late, researchers are warning, mainly spreading trojans like Lokibot and Qbot. LOLBins are legitimate, native utilities used daily in various computing environments, that cybercriminals use to evade detection by blending into normal traffic patterns. In this case, Regsvr32 is aMicrosoft-signed command line utility in Windows that allows users to register and unregister libraries. By registering a .DLL file, information is added to the central directory (the Registry) so that it can be used by Windows and shared among programs.”

Title: Ransomware Attacks, and Ransom Payments, are Rampant Among Critical Infrastructure Organizations

Date Published: February 10, 2022

https://www.helpnetsecurity.com/2022/02/10/critical-infrastructure-ransomware/

Excerpt: “80% of critical infrastructure organizations experienced a ransomware attack in the last year, with an equal number reporting that their security budgets have risen since 2020, a Claroty report reveals.The report is based on an independent global survey of 1,100 information technology (IT) and operational technology (OT) professionals who work in critical infrastructure sectors, exploring how they have dealt with the significant challenges in 2021, their levels of resiliency, and priorities moving forward.”

Title: Russia Cracks Down on 4 Dark Web Marketplaces for Stolen Credit Cards

Date Published: February 9, 2022

https://thehackernews.com/2022/02/russia-cracks-down-on-4-dark-web.html

Excerpt: ““A special law enforcement operation undertaken by Russia has led to the seizure and shutdown of four online bazaars that specialized in the theft and sales of stolen credit cards, as the government continues to take active measures against harboring cybercriminals on its territory. To that end, the domains operated by the card fraud forms and marketplaces, Ferum Shop, Sky-Fraud, Trump’s Dumps, and UAS, were confiscated and plastered with a banner that warned “theft of funds from bank cards is illegal.” Also embedded into the HTML source code was a message asking, “Which one of you is next?””

Title: Microsoft Will Block Macros by Default from Internet Downloads

Date Published: February 9, 2022

https://www.scmagazine.com/analysis/application-security/microsoft-will-block-macros-by-default-from-internet-downloads

Excerpt: “Microsoft will make it even more difficult to download and run malicious Office documents from the internet, the company announced this week. It’s a change welcomed by security pros. Office macros, which provide programming functions for use in common workplace documents, have been a launching pad for malicious actors since the Clinton administration. The Concept Virus first appeared in 1995. Nearly thirty years later, it is still a problem, despite Microsoft’s previous efforts to curb adversarial use.”

Title: Linux Malware on the Rise

Date Published: February 9, 2022

https://www.darkreading.com/cloud/linux-malware-on-the-rise-including-illicit-use-of-cobalt-strike

Excerpt: ““With Linux frequently used as the basis for cloud services, virtual-machine hosts, and container-based infrastructure, attackers have increasingly targeted Linux environments with sophisticated exploits and malware. New analysis, based on telemetry collected from attacks on VMware customers, shows an increasing number of ransomware programs targeting Linux hosts to infect virtual-machine images or containers; more use of cryptojacking to monetize illicit access; and more than 14,000 instances of Cobalt Strike — 56% of which are pirated copies used by criminals or thrifty companies that have not bought licenses. The red-team tool has become so popular as a way to manage compromised machines that underground developers created their own protocol-compatible version of the Windows program for Linux, VMware states in a newly released report, “Exposing Malware in Linux-based Multi-Cloud Environments.””

Title: FritzFrog Botnet Grows 10x, Hits Healthcare, EDU, and Govt Systems

Date Published: February 10, 2022

https://www.bleepingcomputer.com/news/security/fritzfrog-botnet-grows-10x-hits-healthcare-edu-and-govt-systems/

Excerpt: “The FritzFrog botnet that’s been active for more than two years has resurfaced with an alarming infection rate, growing ten times in just a month of hitting healthcare, education, and government systems with an exposed SSH server. Discovered in August 2020, the malware is written in Golang and is considered to be a sophisticated threat that relies on custom code, runs in memory, and is decentralized — peer-to-peer (P2P), so it does not need a central management server.”

Title: CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks

Date Published: February 10, 2022

https://thehackernews.com/2022/02/cisa-fbi-nsa-issue-advisory-on-severe.html

Excerpt: “Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021. The incidents singled out a broad range of sectors, including defense, emergency services, agriculture, government facilities, IT, healthcare, financial services, education, energy, charities, legal institutions, and public services.”

Title: Cloud Migrations are Taking Longer, and Require Bigger Budgets than Expected

Date Published: February 10, 2022

https://www.helpnetsecurity.com/2022/02/10/using-multi-cloud-platform/

Excerpt: 84% of IT decision-makers across the US and UK say their organization is currently using more than one cloud platform, as businesses’ demands for more choice, flexibility, and agility pushes multi-cloud mainstream in the year ahead, according to a Wanclouds report. The report found that of companies using multiple cloud platforms, 48% are also taking a hybrid approach by utilizing both public and private clouds.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...