February 18, 2022

Fortify Security Team
Feb 18, 2022

Title: Malicious Emails Can Crash Cisco Email Security Appliances
Date Published: February 17, 2022

https://www.securityweek.com/malicious-emails-can-crash-cisco-email-security-appliances

Excerpt: “Cisco this week informed customers that its Email Security Appliance (ESA) product is affected by a high-severity denial of service (DoS) vulnerability that can be exploited using specially crafted emails.

The flaw, tracked as CVE-2022-20653, affects the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA. It can be exploited remotely without authentication.”;

Title: DoJ Announces New Cyber Initiatives, Including New Cryptocurrency Unit
Date Published: February 17, 2022

https://www.scmagazine.com/analysis/cryptocurrency/doj-announces-new-cyber-initiatives-including-new-cryptocurrency-group?mkt_tok=MTg4LVVOWi02NjAAAAGCq3Z0ajxOopF5DTrk7cQCyl8TVxnj04blxnzkWI0IMWlYkoy-0tn72swgF2OHiy_Ig0wfjT4asbC7iasIoUgf-TR5tQIGCGNsR7H2Wg

Excerpt: “Deputy Attorney General Lisa Monaco announced a series of new Department of Justice cybercrime initiatives Thursday at the Munich Cyber Security Conference, including a new, centralized FBI unit to combat cryptocurrency-dependent crime.”

Title: Microsoft Teams Targeted With Takeover Trojans
Date Published: February 17, 2022

https://threatpost.com/microsoft-teams-targeted-takeover-trojans/178497/

Excerpt: “Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found.”

Title: MFA Fatigue Attacks: Users Tricked Into Allowing Device Access Due to Overload of Push Notifications
Date Published: February 16, 2022

https://portswigger.net/daily-swig/mfa-fatigue-attacks-users-tricked-into-allowing-device-access-due-to-overload-of-push-notifications

Excerpt: “Malicious hackers are targeting Office 365 users with a spare of ‘MFA fatigue attacks’, bombarding victims with 2FA push notifications to trick them into authenticating their login attempts.”

Title: Global Hybrid Warfare Introduces Cyber Threats to Companies Amid the Russia-Ukraine Crisis
Date Published: February 17, 2022

https://www.securitymagazine.com/articles/97103-global-hybrid-warfare-introduces-cyber-threats-to-companies-amid-the-russia-ukraine-crisis

Excerpt: “Rhetoric from leaders around the world has signaled that it is no longer a question of if Russia will invade Ukraine, but when and how. Geopolitical tensions are palpably high, which has introduced the potential for a longtime cold war between the U.S. and Russia (and their respective allies) to turn hot.”

Title: Stop Vaping: Major e-Cigarette Store Hacked to Steal Credit Cards
Date Published: February 18, 2022

https://www.bleepingcomputer.com/news/security/stop-vaping-major-e-cigarette-store-hacked-to-steal-credit-cards/

Excerpt: “BleepingComputer has confirmed Element Vape, a prominent online seller of e-cigarettes and vaping kits is serving a credit card skimmer on its live site, likely after getting hacked.”

Title: Aviation Attacks Tied To Single APT – TA2541
Date Published: February 17, 2022

https://www.bankinfosecurity.com/aviation-attacks-tied-to-single-apt-ta2541-a-18536

Excerpt: “Cyberattacks in the aviation sector over the past several years have been tied to a single advanced persistent threat group named TA2541, which – since at least 2017 – has used more than a dozen remote access Trojans to control compromised machines, according to a report from cybersecurity firm Proofpoint.”

Title: NSA Issues Guidance for Selecting Strong Cisco Password Types
Date Published: February 17, 2022

https://www.darkreading.com/vulnerabilities-threats/nsa-issues-guidance-for-selecting-strong-cisco-password-types

Excerpt: “The US National Security Agency (NSA) has issued fresh guidance for organizations on selecting strong passwords for Cisco devices, citing an increase in the number of compromises involving poorly protected network infrastructure.”

Title: Severe WordPress Plug-In UpdraftPlus Bug Threatens Backups
Date Published: February 18, 2022

https://threatpost.com/severe-wordpress-plug-in-updraftplus-bug-threatens-backups/178528/

Excerpt: “The WordPress plug-in “UpdraftPlus” was patched on Wednesday to correct a vulnerability that left sensitive backups at risk, potentially exposing personal information and authentication data.

UpdraftPlus is a tool for creating, restoring and migrating backups for WordPress files, databases, plug-ins and themes. According to its website, UpdraftPlus is used by more than three million WordPress websites, including those from organizations like Microsoft, Cisco and NASA.”

Title: Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware
Date Published: February 17, 2022

https://thehackernews.com/2022/02/iranian-hackers-targeting-vmware.html

Excerpt: “A “potentially destructive actor” aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware.

Cybersecurity firm SentinelOne dubbed the group “TunnelVision” owing to their heavy reliance on tunneling tools, with overlaps in tactics observed to that of a broader group tracked under the moniker Phosphorus as well as Charming Kitten and Nemesis Kitten.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...