February 17, 2022

Fortify Security Team
Feb 17, 2022

Title: FBI Warns of BEC attackers Impersonating CEOs in Virtual Meetings
Date Published: February 16, 2022

https://www.bleepingcomputer.com/news/security/fbi-warns-of-bec-attackers-impersonating-ceos-in-virtual-meetings/

Excerpt: “State-sponsored actors backed by the Russian government regularly targeted the networks of several U.S. cleared defense contractors (CDCs) to acquire proprietary documents and other confidential information pertaining to the country’s defense and intelligence programs and capabilities. The sustained espionage campaign is said to have commenced at least two years ago from January 2020, according to a joint advisory published by the U.S. Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA).”

Title: U.S. Says Russian Hackers Stealing Sensitive Data from Defense Contractors
Date Published: February 16, 2022

https://thehackernews.com/2022/02/us-says-russian-hackers-stealing.html

Excerpt: “VMware addressed several high-severity vulnerabilities that were demonstrated by Kunlun Lab team during China’s Tianfu Cup 2021 hacking contest. The vulnerabilities impact VMware ESXi, Workstation, and Fusion.”

Title: The International Committee of the Red Cross (ICRC) Revealed that the Attack that Breached its Network in January was Conducted by a Nation-state Actor That Exploited a Zoho Vulnerability
Date Published: February 17, 2022

https://securityaffairs.co/wordpress/128110/hacking/nation-state-actors-hacked-red-cross-exploiting-a-zoho-bug.html

Excerpt: “In January, a cyberattack on a Red Cross contactor resulted in the theft of personal data for more than 515,000 highly vulnerable people seeking missing families. The attack was disclosed by the ICRC, which confirmed that the data originated from at least 60 different Red Cross and Red Crescent National Societies worldwide.”

Title: FBI, US Secret Service Issue Mitigations for BlackByte Ransomware
Date Published: February 15, 2022

https://www.darkreading.com/threat-intelligence/blackbyte-ransomware-alert-issued-by-us-secret-service-fbi

Excerpt: “The FBI and US Secret Service today released a joint cybersecurity advisory on pervasive ransomware-as-a-service group BlackByte, warning that attackers deploying the ransomware had infected organizations in at least three US critical infrastructure sectors —  government facilities, financial, and food and agriculture — as well as others outside the US.”

Title: Global Hybrid Warfare Introduces Cyber Threats to Companies Amid the Russia-Ukraine Crisis
Date Published: February 17, 2022

https://www.securitymagazine.com/articles/97103-global-hybrid-warfare-introduces-cyber-threats-to-companies-amid-the-russia-ukraine-crisis

Excerpt: “Rhetoric from leaders around the world has signaled that it is no longer a question of if Russia will invade Ukraine, but when and how. Geopolitical tensions are palpably high, which has introduced the potential for a longtime cold war between the U.S. and Russia (and their respective allies) to turn hot.”

Title: Canada’s Major Banks go Offline in Mysterious Hours-long Outage
Date Published: February 17, 2022

https://www.bleepingcomputer.com/news/security/canadas-major-banks-go-offline-in-mysterious-hours-long-outage/

Excerpt: “Five major Canadian banks went offline for hours blocking access to online and mobile banking as well as e-transfers for customers. The banks hit by the outage include Royal Bank of Canada (RBC), BMO (Bank of Montreal), Scotiabank, TD Bank Canada, and the Canadian Imperial Bank of Commerce (CIBC).”

Title: Moses Staff Hackers Targeting Israeli Organizations for Cyber Espionage
Date Published: February 16, 2022

https://thehackernews.com/2022/02/moses-staff-hackers-targeting-israeli.html

Excerpt: “The politically motivated Moses Staff hacker group has been observed using a custom multi-component toolset with the goal of carrying out espionage against its targets as part of a new campaign that exclusively singles out Israeli organizations. First publicly documented in late 2021, Moses Staff is believed to be sponsored by the Iranian government, with attacks reported against entities in Israel, Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.”

Title: Supply Chain Shortages Create a Cybersecurity Nightmare
Date Published: February 16, 2022

https://www.helpnetsecurity.com/2022/02/16/manufacturers-supply-chains/

Excerpt: “The White House has recently issued alerts noting that many manufacturers suffer from disrupted supply chains, and rebuilding supply chains is a major priority. Some analysts are suggesting that many months, and perhaps years are likely to transpire before the chaos subsides.”

Title: Mozilla Warns Chrome, Firefox ‘100’ User Agents May Break Sites
Date Published: February 16, 2022

https://www.bleepingcomputer.com/news/software/mozilla-warns-chrome-firefox-100-user-agents-may-break-sites/

Excerpt: “Mozilla is warning website developers that the upcoming Firefox 100 and Chrome 100 versions may break websites when parsing user-agent strings containing three-digit version numbers. A user-agent is a string used by a web browser that includes information about the software, such as the browser name, its version number, and the various technologies it uses.”

Title: Emotet Now Spreading Through Malicious Excel Files
Date Published: February 16, 2022

https://threatpost.com/emotet-spreading-malicious-excel-files/178444/

Excerpt: “The infamous Emotet malware has switched tactics yet again, in an email campaign propagating through malicious Excel files, researchers have found. Researchers at Palo Alto Networks Unit 42 have observed a new infection approach for the high-volume malware, which is known to modify and change its attack vectors to avoid detection so it can continue to do its nefarious work, they wrote in a report published online Tuesday.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...