February 16, 2022

Fortify Security Team
Feb 16, 2022

Title: Google Almost Doubles Linux Kernel, Kubernetes Zero-Day Rewards
Date Published: February 15, 2022

https://www.bleepingcomputer.com/news/google/google-almost-doubles-linux-kernel-kubernetes-zero-day-rewards/

Excerpt: “Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine (GKE), or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques. “We increased our rewards because we recognized that in order to attract the attention of the community we needed to match our rewards to their expectations,” Google Vulnerability Matchmaker Eduardo Vela explained. “We consider the expansion to have been a success, and because of that we would like to extend it even further to at least until the end of the year (2022).”

Title: VMware Fixes Flaws Demonstrated at Chinese Tianfu Cup Hacking Contest
Date Published: February 16, 2022

https://securityaffairs.co/wordpress/128063/security/vmware-fixes-flaws-demonstrated-at-chinese-tianfu-cup-hacking-contest.html

Excerpt: “VMware addressed several high-severity vulnerabilities that were demonstrated by Kunlun Lab team during China’s Tianfu Cup 2021 hacking contest. The vulnerabilities impact VMware ESXi, Workstation, and Fusion.”

Title: Emotet Now Spreading Through Malicious Excel Files
Date Published: February 16, 2022

https://threatpost.com/emotet-spreading-malicious-excel-files/178444/

Excerpt: “The infamous Emotet malware has switched tactics yet again, in an email campaign propagating through malicious Excel files, researchers have found. Researchers at Palo Alto Networks Unit 42 have observed a new infection approach for the high-volume malware, which is known to modify and change its attack vectors to avoid detection so it can continue to do its nefarious work, they wrote in a report published online Tuesday.”

Title: Traditional MFA is Creating a False Sense of Security
Date Published: February 16, 2022

https://www.helpnetsecurity.com/2022/02/16/insufficient-mfa-methods/

Excerpt: “A report from HYPR and Cybersecurity Insiders, reveals that despite the zero trust initiative, many organizations are still highly exposed to credential attacks due to insufficient multi-factor authentication (MFA) methods and overall lack of urgency after potential exposure. In fact, 64% of those hacked did not enhance or improve their authentication controls following the attack.”

Title: BlockFi to Pay SEC, State Regulators $100M in Penalties
Date Published: February 15, 2022

https://www.bankinfosecurity.com/blockfi-to-pay-sec-state-regulators-100m-in-penalties-a-18514

Excerpt: “The U.S. Securities and Exchange Commission has confirmed that BlockFi, a cryptocurrency lending platform based in Jersey City, N.J., has been charged with failing to register its lending product and violating registration provisions. To settle the SEC’s charges, it will pay a $50 million penalty, cease unregistered offers and sales of the product, and comply with the law within 60 days. In parallel actions announced on Monday, the platform agreed to pay an additional $50 million in fines to 32 states to settle similar charges. And according to SEC officials, BlockFi will also register a new crypto lending product.”

Title: EU Data Protection Watchdog Calls for Ban on Pegasus-like Commercial Spyware
Date Published: February 16, 2022

https://thehackernews.com/2022/02/eu-data-protection-watchdog-calls-for.html

Excerpt: “The European Union’s data protection authority on Tuesday called for a ban on the development and the use of Pegasus-like commercial spyware in the region, calling out the technology’s “unprecedented level of intrusiveness” that could endanger users’ right to privacy. “Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy,” the European Data Protection Supervisor (EDPS) said in its preliminary remarks. “This fact makes its use incompatible with our democratic values.””

Title:  Forcing ‘gotcha’ Security Adherence can Backfire, Leaving Financial Organization Even More Vulnerable
Date Published: February 16, 2022

https://www.scmagazine.com/analysis/training/forcing-gotcha-security-adherence-can-backfire-focus-on-teamwork-instead-experts-say

Excerpt: “You can lead a person to security awareness, but you can’t make them think. With an ever-growing expectation of convenience outpacing their security concerns, financial customers and employees may never achieve what cyber-wonks would like to see in terms of how people protect themselves, their firm and data in general.”

Title: CISA Added 9 New Flaws to the Known Exploited Vulnerabilities Catalog, Including Magento E Chrome Bugs
Date Published: February 16, 2022

https://securityaffairs.co/wordpress/128070/hacking/known-exploited-vulnerabilities-catalog-chrome-magento.html

Excerpt: “US Cybersecurity and Infrastructure Security Agency (CISA) added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including two recently patched zero-day issues affecting Adobe Commerce/Magento Open Source and Google Chrome. CISA orders all Federal Civilian Executive Branch Agencies (FCEB) agencies to address both security vulnerabilities by March 1st, 2022. The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies.”

Title: Fraud and Scam Activity Hits All-Time High
Date Published: February 16, 2022

https://www.helpnetsecurity.com/2022/02/16/fraud-activity-level/

Excerpt: “Bolster published a report which shows an unprecedented level of fraud activity, spurred by the continuing growth of digital commerce, leading to an explosion of companies’ external attack surfaces. Using data gathered from analyzing more than one billion sites, the 2022 State of Phishing and Online Fraud Report highlights the trends that drove digital scams in 2021. In this, the company’s third year of tracking phishing and scam data, we can see with no uncertainty how the pandemic has impacted, and in fact accelerated, digital adoption and, as a result, cyber fraud.”

Title: Trickbot Malware Targeted Customers of 60 High-Profile Companies Since 2020
Date Published: February 16, 2022

https://thehackernews.com/2022/02/trickbot-malware-targeted-customers-of.html

Excerpt: “The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. “TrickBot is a sophisticated and versatile malware with more than 20 modules that can be downloaded and executed on demand,” Check Point researchers Aliaksandr Trafimchuk and Raman Ladutska said in a report published today.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...