February 17, 2022

Fortify Security Team
Feb 17, 2022

Title: FBI Warns of BEC attackers Impersonating CEOs in Virtual Meetings
Date Published: February 16, 2022

https://www.bleepingcomputer.com/news/security/fbi-warns-of-bec-attackers-impersonating-ceos-in-virtual-meetings/

Excerpt: “State-sponsored actors backed by the Russian government regularly targeted the networks of several U.S. cleared defense contractors (CDCs) to acquire proprietary documents and other confidential information pertaining to the country’s defense and intelligence programs and capabilities. The sustained espionage campaign is said to have commenced at least two years ago from January 2020, according to a joint advisory published by the U.S. Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA).”

Title: U.S. Says Russian Hackers Stealing Sensitive Data from Defense Contractors
Date Published: February 16, 2022

https://thehackernews.com/2022/02/us-says-russian-hackers-stealing.html

Excerpt: “VMware addressed several high-severity vulnerabilities that were demonstrated by Kunlun Lab team during China’s Tianfu Cup 2021 hacking contest. The vulnerabilities impact VMware ESXi, Workstation, and Fusion.”

Title: The International Committee of the Red Cross (ICRC) Revealed that the Attack that Breached its Network in January was Conducted by a Nation-state Actor That Exploited a Zoho Vulnerability
Date Published: February 17, 2022

https://securityaffairs.co/wordpress/128110/hacking/nation-state-actors-hacked-red-cross-exploiting-a-zoho-bug.html

Excerpt: “In January, a cyberattack on a Red Cross contactor resulted in the theft of personal data for more than 515,000 highly vulnerable people seeking missing families. The attack was disclosed by the ICRC, which confirmed that the data originated from at least 60 different Red Cross and Red Crescent National Societies worldwide.”

Title: FBI, US Secret Service Issue Mitigations for BlackByte Ransomware
Date Published: February 15, 2022

https://www.darkreading.com/threat-intelligence/blackbyte-ransomware-alert-issued-by-us-secret-service-fbi

Excerpt: “The FBI and US Secret Service today released a joint cybersecurity advisory on pervasive ransomware-as-a-service group BlackByte, warning that attackers deploying the ransomware had infected organizations in at least three US critical infrastructure sectors —  government facilities, financial, and food and agriculture — as well as others outside the US.”

Title: Global Hybrid Warfare Introduces Cyber Threats to Companies Amid the Russia-Ukraine Crisis
Date Published: February 17, 2022

https://www.securitymagazine.com/articles/97103-global-hybrid-warfare-introduces-cyber-threats-to-companies-amid-the-russia-ukraine-crisis

Excerpt: “Rhetoric from leaders around the world has signaled that it is no longer a question of if Russia will invade Ukraine, but when and how. Geopolitical tensions are palpably high, which has introduced the potential for a longtime cold war between the U.S. and Russia (and their respective allies) to turn hot.”

Title: Canada’s Major Banks go Offline in Mysterious Hours-long Outage
Date Published: February 17, 2022

https://www.bleepingcomputer.com/news/security/canadas-major-banks-go-offline-in-mysterious-hours-long-outage/

Excerpt: “Five major Canadian banks went offline for hours blocking access to online and mobile banking as well as e-transfers for customers. The banks hit by the outage include Royal Bank of Canada (RBC), BMO (Bank of Montreal), Scotiabank, TD Bank Canada, and the Canadian Imperial Bank of Commerce (CIBC).”

Title: Moses Staff Hackers Targeting Israeli Organizations for Cyber Espionage
Date Published: February 16, 2022

https://thehackernews.com/2022/02/moses-staff-hackers-targeting-israeli.html

Excerpt: “The politically motivated Moses Staff hacker group has been observed using a custom multi-component toolset with the goal of carrying out espionage against its targets as part of a new campaign that exclusively singles out Israeli organizations. First publicly documented in late 2021, Moses Staff is believed to be sponsored by the Iranian government, with attacks reported against entities in Israel, Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S.”

Title: Supply Chain Shortages Create a Cybersecurity Nightmare
Date Published: February 16, 2022

https://www.helpnetsecurity.com/2022/02/16/manufacturers-supply-chains/

Excerpt: “The White House has recently issued alerts noting that many manufacturers suffer from disrupted supply chains, and rebuilding supply chains is a major priority. Some analysts are suggesting that many months, and perhaps years are likely to transpire before the chaos subsides.”

Title: Mozilla Warns Chrome, Firefox ‘100’ User Agents May Break Sites
Date Published: February 16, 2022

https://www.bleepingcomputer.com/news/software/mozilla-warns-chrome-firefox-100-user-agents-may-break-sites/

Excerpt: “Mozilla is warning website developers that the upcoming Firefox 100 and Chrome 100 versions may break websites when parsing user-agent strings containing three-digit version numbers. A user-agent is a string used by a web browser that includes information about the software, such as the browser name, its version number, and the various technologies it uses.”

Title: Emotet Now Spreading Through Malicious Excel Files
Date Published: February 16, 2022

https://threatpost.com/emotet-spreading-malicious-excel-files/178444/

Excerpt: “The infamous Emotet malware has switched tactics yet again, in an email campaign propagating through malicious Excel files, researchers have found. Researchers at Palo Alto Networks Unit 42 have observed a new infection approach for the high-volume malware, which is known to modify and change its attack vectors to avoid detection so it can continue to do its nefarious work, they wrote in a report published online Tuesday.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...