February 22, 2022

Fortify Security Team
Feb 22, 2022

Title: Cookware Giant Meyer Discloses Cyberattack that Impacted Employees
Date Published: February 21, 2022

https://www.bleepingcomputer.com/news/security/cookware-giant-meyer-discloses-cyberattack-that-impacted-employees/

Excerpt: “Meyer Corporation, the largest cookware distributor in the U.S., and the second-largest globally, has informed U.S. Attorney General offices of a data breach affecting thousands of its employees. According to the notification letter shared with the U.S. Attorney General offices of Maine and California, Meyer fell victim to a cyberattack on October 25, 2021. In response, the firm launched an investigation that was concluded on December 1, 2021, revealing that threat actors gained access to personal information belonging to employees of Meyer and its subsidiaries.”

Title: A Cyber Attack Heavily Impacted Operations of Expeditors International
Date Published: February 22, 2022

https://securityaffairs.co/wordpress/128268/hacking/expeditors-international-cyber-attack.html

Excerpt: “Expeditors company has over 18,000 employees worldwide and has annual gross revenue of around $10 billion. The company discovered the attack on February 20, 2022, it doesn’t provide details about the attack and announced to have launched an investigation into the incident.”

Title: Social Media Attacks Surged in 2021, Financial Institutions Targeted the Most
Date Published: February 21, 2022

https://www.helpnetsecurity.com/2022/02/21/social-media-attacks-2021/

Excerpt: “Social media as a threat channel saw a two-fold increase in attacks throughout 2021, according to a report from PhishLabs. In Q4 and throughout 2021, PhishLabs analysed hundreds of thousands of phishing and social media attacks targeting enterprises, their employees, and brands. The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape.”

Title: NFT Investors Lose $1.7M in OpenSea Phishing Attack
Date Published: February 21, 2022

https://threatpost.com/nft-investors-lose-1-7m-in-opensea-phishing-attack/178558/

Excerpt: “Over the weekend, hackers stole millions of dollars worth of non-fungible tokens (NFTs) belonging to 17 members of the OpenSea NFT marketplace. On Saturday, a small number of OpenSea users noticed their NFTs were missing. (NFTs are digital tokens on the blockchain that represent ownership over virtual assets, such as digital drawings or music.)”

Title: Revamped CryptBot Malware Spread by Pirated Software Sites
Date Published: February 21, 2022

https://www.bleepingcomputer.com/news/security/revamped-cryptbot-malware-spread-by-pirated-software-sites/

Excerpt: “A new version of the CryptBot info stealer was seen in distribution via multiple websites that offer free downloads of cracks for games and pro-grade software. CryptBot is a Windows malware that steals information from infected devices, including saved browser credentials, cookies, browser history, cryptocurrency wallets, credit cards, and files.”

Title: As Russia Invades Ukraine, Cyber Escalation Threat Looms
Date Published: February 22, 2022

https://www.bankinfosecurity.com/as-russia-invades-ukraine-cyber-escalation-threat-looms-a-18575

Excerpt: “Russian troops have entered Ukraine. But it’s not clear if that military incursion alone will trigger strong sanctions by the U.S. and NATO allies, or be backed by cyberattacks that target Ukraine or its allies.”

Title: New Android Banking Trojan Spreading via Google Play Store Targets Europeans
Date Published: February 21, 2022

https://thehackernews.com/2022/02/xenomorph-android-banking.html

Excerpt: “A new Android banking trojan with over 50,000 installations has been observed distributed via the official Google Play Store with the goal of targeting 56 European banks and carrying out harvesting sensitive information from compromised devices. Dubbed Xenomorph by Dutch security firm ThreatFabric, the in-development malware is said to share overlaps with another banking trojan tracked under the moniker Alien while also being “radically different” from its predecessor in terms of the functionalities offered.”

Title: Police Bust Phishing Group that Used 40 Sites to Steal Credit Cards
Date Published: February 22, 2022

https://www.bleepingcomputer.com/news/security/police-bust-phishing-group-that-used-40-sites-to-steal-credit-cards/

Excerpt: “The Ukrainian cyberpolice have arrested a group of phishing actors who managed to steal payment card data from at least 70,000 people after luring them to fake mobile service top up sites. According to the announcement from law enforcement, the actors used the stolen information to empty their victims’ bank accounts.”

Title: China-linked APT10 Target Taiwan’s Financial Trading Industry
Date Published: February 22, 2022

https://securityaffairs.co/wordpress/128273/apt/apt10-targets-taiwan-financial-trading.html

Excerpt: “The campaign was launched by the APT10 group started in November 2021, but it hit a peak between 10 and 13 2022, Taiwanese cybersecurity firm CyCraft reported. The group (also known as Cicada, Stone Panda, MenuPass group, Bronze Riverside, and Cloud Hopper) has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper, targeting managed service providers (MSPs) in multiple countries worldwide. In November 2020, researchers uncovered a large-scale campaign conducted by China-linked APT10 targeting businesses using the recently-disclosed ZeroLogon vulnerability.”

Title: Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike
Date Published: February 21, 2022

https://thehackernews.com/2022/02/hackers-backdoor-unpatched-microsoft.html

Excerpt: “Vulnerable internet-facing Microsoft SQL (MS SQL) Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. “Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and dictionary attack against poorly managed servers,” South Korean cybersecurity company AhnLab Security Emergency Response Center (ASEC) said in a report published Monday.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...