February 22, 2022

Fortify Security Team
Feb 22, 2022

Title: Cookware Giant Meyer Discloses Cyberattack that Impacted Employees
Date Published: February 21, 2022

https://www.bleepingcomputer.com/news/security/cookware-giant-meyer-discloses-cyberattack-that-impacted-employees/

Excerpt: “Meyer Corporation, the largest cookware distributor in the U.S., and the second-largest globally, has informed U.S. Attorney General offices of a data breach affecting thousands of its employees. According to the notification letter shared with the U.S. Attorney General offices of Maine and California, Meyer fell victim to a cyberattack on October 25, 2021. In response, the firm launched an investigation that was concluded on December 1, 2021, revealing that threat actors gained access to personal information belonging to employees of Meyer and its subsidiaries.”

Title: A Cyber Attack Heavily Impacted Operations of Expeditors International
Date Published: February 22, 2022

https://securityaffairs.co/wordpress/128268/hacking/expeditors-international-cyber-attack.html

Excerpt: “Expeditors company has over 18,000 employees worldwide and has annual gross revenue of around $10 billion. The company discovered the attack on February 20, 2022, it doesn’t provide details about the attack and announced to have launched an investigation into the incident.”

Title: Social Media Attacks Surged in 2021, Financial Institutions Targeted the Most
Date Published: February 21, 2022

https://www.helpnetsecurity.com/2022/02/21/social-media-attacks-2021/

Excerpt: “Social media as a threat channel saw a two-fold increase in attacks throughout 2021, according to a report from PhishLabs. In Q4 and throughout 2021, PhishLabs analysed hundreds of thousands of phishing and social media attacks targeting enterprises, their employees, and brands. The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape.”

Title: NFT Investors Lose $1.7M in OpenSea Phishing Attack
Date Published: February 21, 2022

https://threatpost.com/nft-investors-lose-1-7m-in-opensea-phishing-attack/178558/

Excerpt: “Over the weekend, hackers stole millions of dollars worth of non-fungible tokens (NFTs) belonging to 17 members of the OpenSea NFT marketplace. On Saturday, a small number of OpenSea users noticed their NFTs were missing. (NFTs are digital tokens on the blockchain that represent ownership over virtual assets, such as digital drawings or music.)”

Title: Revamped CryptBot Malware Spread by Pirated Software Sites
Date Published: February 21, 2022

https://www.bleepingcomputer.com/news/security/revamped-cryptbot-malware-spread-by-pirated-software-sites/

Excerpt: “A new version of the CryptBot info stealer was seen in distribution via multiple websites that offer free downloads of cracks for games and pro-grade software. CryptBot is a Windows malware that steals information from infected devices, including saved browser credentials, cookies, browser history, cryptocurrency wallets, credit cards, and files.”

Title: As Russia Invades Ukraine, Cyber Escalation Threat Looms
Date Published: February 22, 2022

https://www.bankinfosecurity.com/as-russia-invades-ukraine-cyber-escalation-threat-looms-a-18575

Excerpt: “Russian troops have entered Ukraine. But it’s not clear if that military incursion alone will trigger strong sanctions by the U.S. and NATO allies, or be backed by cyberattacks that target Ukraine or its allies.”

Title: New Android Banking Trojan Spreading via Google Play Store Targets Europeans
Date Published: February 21, 2022

https://thehackernews.com/2022/02/xenomorph-android-banking.html

Excerpt: “A new Android banking trojan with over 50,000 installations has been observed distributed via the official Google Play Store with the goal of targeting 56 European banks and carrying out harvesting sensitive information from compromised devices. Dubbed Xenomorph by Dutch security firm ThreatFabric, the in-development malware is said to share overlaps with another banking trojan tracked under the moniker Alien while also being “radically different” from its predecessor in terms of the functionalities offered.”

Title: Police Bust Phishing Group that Used 40 Sites to Steal Credit Cards
Date Published: February 22, 2022

https://www.bleepingcomputer.com/news/security/police-bust-phishing-group-that-used-40-sites-to-steal-credit-cards/

Excerpt: “The Ukrainian cyberpolice have arrested a group of phishing actors who managed to steal payment card data from at least 70,000 people after luring them to fake mobile service top up sites. According to the announcement from law enforcement, the actors used the stolen information to empty their victims’ bank accounts.”

Title: China-linked APT10 Target Taiwan’s Financial Trading Industry
Date Published: February 22, 2022

https://securityaffairs.co/wordpress/128273/apt/apt10-targets-taiwan-financial-trading.html

Excerpt: “The campaign was launched by the APT10 group started in November 2021, but it hit a peak between 10 and 13 2022, Taiwanese cybersecurity firm CyCraft reported. The group (also known as Cicada, Stone Panda, MenuPass group, Bronze Riverside, and Cloud Hopper) has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper, targeting managed service providers (MSPs) in multiple countries worldwide. In November 2020, researchers uncovered a large-scale campaign conducted by China-linked APT10 targeting businesses using the recently-disclosed ZeroLogon vulnerability.”

Title: Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike
Date Published: February 21, 2022

https://thehackernews.com/2022/02/hackers-backdoor-unpatched-microsoft.html

Excerpt: “Vulnerable internet-facing Microsoft SQL (MS SQL) Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. “Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and dictionary attack against poorly managed servers,” South Korean cybersecurity company AhnLab Security Emergency Response Center (ASEC) said in a report published Monday.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...