February 15, 2022

Fortify Security Team
Feb 15, 2022

Title: BlackCat (ALPHV) Claims Swissport Ransomware Attack, Leaks Data
Date Published: February 15, 2022

https://www.bleepingcomputer.com/news/security/blackcat-alphv-claims-swissport-ransomware-attack-leaks-data/

Excerpt: “The BlackCat ransomware group, aka ALPHV, has claimed responsibility for the recent cyber attack on Swissport that caused flight delays and service disruptions. The €3 billion revenue firm, Swissport, has a presence across 310 airports in 50 countries and provides cargo handling, maintenance, cleaning, and lounge hospitality services. BlackCat has now been seen by BleepingComputer to leak a minuscule set of terabytes of data supposedly obtained from the recent ransomware attack.”

Title: SSU: Russia-Linked Actors are Targeting Ukraine with ‘Massive Wave of Hybrid Warfare’
Date Published: February 14, 2022

https://securityaffairs.co/wordpress/128019/cyber-warfare-2/russia-targets-ukraine-hybrid-warfare.html

Excerpt: “The Security Service of Ukraine (SSU) today revealed the country is the target of an ongoing “wave of hybrid warfare” conducted by Russia-linked malicious actors. Threat actors aim at destabilizing the social contest in the country and instilling fear and untrust in the country’s government. “Ukraine is facing attempts to systemically sow panic, spread fake information and distort the real state of affairs. All this combined is nothing more than another massive wave of hybrid warfare,” states the SSU. “The SSU is seeing such manifestations of hybrid warfare in social networks, some mass media, in the spread of narratives of the aggressor state by certain politicians, etc. The SSU is not just observing these, but also actively counteracting to them.””

Title: ‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware
Date Published: February 14, 2022

https://threatpost.com/cities-skylines-modder-banned-over-hidden-malware/178403/

Excerpt: “The developer of several popular mods for the Cities: Skylines city-building game has been banned after malware was discovered hidden in their wares. The modder, who goes by the handle Chaos as well as Holy Water, reportedly tucked an automatic updater into several mods that enabled the author to deliver malware to anybody who downloaded them.”

Title: Soaring Losses Accelerate Investments in Anti-Fraud Tech
Date Published: February 15, 2022

https://www.helpnetsecurity.com/2022/02/15/anti-fraud-analytics-doubled/

Excerpt: “The pandemic has opened a Pandora’s box of global fraud. Faced with a seemingly endless onslaught of schemes and scams, anti-fraud pros have doubled down on analytics, finds the latest anti-fraud technology study by the Association of Certified Fraud Examiners (ACFE) and SAS. Based on survey responses from nearly 900 ACFE members worldwide, the report illuminates how organizations across sectors are using technology to fight fraud.”

Title: CISA Warns Orgs to Prep for Potential Russian Cyberattacks
Date Published: February 14, 2022

https://www.bankinfosecurity.com/cisa-warns-orgs-to-prep-for-potential-russian-cyberattacks-a-18511

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency has issued a “Shields Up” alert to U.S. organizations to protect against potential retaliatory cyberattacks at the hands of the Russians – especially if the Biden administration intervenes in the country’s conflict with Ukraine, where Russia has massed some 100,000 troops.”

Title: New MyloBot Malware Variant Sends Sextortion Emails Demanding $2,732 in Bitcoin
Date Published: February 15, 2022

https://thehackernews.com/2022/02/new-mylobot-malware-variant-sends.html

Excerpt: “A new version of the MyloBot malware has been observed to deploy malicious payloads that are being used to send sextortion emails demanding victims to pay $2,732 in digital currency. MyloBot, first detected in 2018, is known to feature an array of sophisticated anti-debugging capabilities and propagation techniques to rope infected machines into a botnet, not to mention remove traces of other competing malware from the systems.”

Title: South Shore Hospital Network Hack Impacts Data of 116K Patients
Date Published: February 14, 2022

https://www.scmagazine.com/analysis/breach/south-shore-hospital-network-hack-impacts-data-of-116k-patients

Excerpt: “South Shore Hospital in Chicago recently notified 115,670 current and former patients and employees that their data was affected after a hack of the non profit’s network in early December. On Dec. 10, 2021, SSH discovered suspicious activity on its network and “activated its emergency operating protocols to continue providing safe patient- and family-centered care.” While the incident sounds like a ransomware attack, the notice provides no further details into the hack.”

Title: Hackers Use Simple Methods to Target Orgs in the Aviation Sector
Date Published: February 15, 2022

https://www.bleepingcomputer.com/news/security/hackers-use-simple-methods-to-target-orgs-in-the-aviation-sector/

Excerpt: “For years, a low-skilled attacker has been using off-the-shelf malware in malicious campaigns aimed at companies in the aviation sector as well as in other sensitive industries. The threat actor has been active since at least 2017, targeting entities in the aviation, aerospace, transportation, manufacturing, and defense industries. Tracked as TA2541 by cybersecurity company Proofpoint, the adversary is believed to operate from Nigeria and its activity has been documented before in analysis of separate campaigns.”

Title: Google Fixes A Chrome Zero-Day Flaw Actively Exploited in Attacks
Date Published: February 15, 2022

https://securityaffairs.co/wordpress/128035/hacking/chrome-zero-day-2022.html

Excerpt: “Google fixed a high-severity zero-day flaw, tracked as CVE-2022-0609, actively exploited with the release of Chrome emergency update for Windows, Mac, and Linux. This is the first Chome zero-day fixed this year by Google. The zero-day is a use after free issue that resides in Animation, the bug was reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group.”

Title: Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA
Date Published: February 15, 2022

https://thehackernews.com/2022/02/researchers-link-shadowpad-malware.html

Excerpt: “Cybersecurity researchers have detailed the inner workings of ShadowPad, a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country’s civilian and military intelligence agencies. “ShadowPad is decrypted in memory using a custom decryption algorithm,” researchers from Secureworks said in a report shared with The Hacker News. “ShadowPad extracts information about the host, executes commands, interacts with the file system and registry, and deploys new modules to extend functionality.” ShadowPad is a modular malware platform sharing noticeable overlaps to the PlugX malware and which has been put to use in high-profile attacks against NetSarang, CCleaner, and ASUS, causing the operators to shift tactics and update their defensive measures.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...