February 23, 2022

Fortify Security Team
Feb 23, 2022

Title: Entropy Ransomware Linked to Dridex Malware Downloader

Date Published: February 23, 2022


Excerpt: “Analysis of the recently-emerged Entropy ransomware reveals code-level similarities with the general purpose Dridex malware that started as a banking trojan. Two Entropy ransomware attacks against different organizations allowed researchers to connect the dots and establish a connection between the two pieces of malware.”

Title: Iranian Broadcaster IRIB hit by Wiper Malware

Date Published: February 23, 2022


Excerpt: “An investigation into the attack that hit the Islamic Republic of Iran Broadcasting (IRIB) in late January, revealed the involvement of a disruptive wiper malware along with other custom-made backdoors, and scripts and configuration files used to install and configure the malicious executables.
Researchers from CheckPoint that investigated the attack reported that the attackers used a wiper malware to disrupt the state’s broadcasting networks, damaging both TV and radio networks.”

Title: EU Activates Cyber Rapid Response Team Amid Ukraine Crisis

Date Published: February 22, 2022


Excerpt: “Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.”

Title: 9-Year-Old Unpatched Email Hacking Bug Uncovered in Horde Webmail Software

Date Published: February 22, 2022


Excerpt: “Users of Horde Webmail are being urged to disable a feature to contain a nine-year-old unpatched security vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment. “This gives the attacker access to all sensitive and perhaps secret information a victim has stored in their email account and could allow them to gain further access to the internal services of an organization,” SonarSource vulnerability researcher, Simon Scannell, said in a report.”

Title: Three New ICS Threat Groups Discovered, one Primed to Disrupt Energy Targets

Date Published: February 23, 2022


Excerpt: “Dragos detailed three new threat groups targeting industrial control systems in its annual report, including one technologically adept group that seems to be scouting out potential disruptive attacks in the energy sector.”

Title: Log4j Remediation Took Weeks or More for Over 50% of Organizations

Date Published: February 22, 2022


Excerpt: “It indeed was an all-hands-on-deck job for organizations around the globe when the Log4j vulnerability was exposed: a new (ISC)² study found that 52% of security teams spent weeks or more than a month fixing the flaw in their networks — and some 48% did so on weekends and during their holiday time.”

Title: FTC: Americans Report Losing Over $5.8 Billion to Fraud in 2021

Date Published: February 23, 2022


Excerpt: “The US Federal Trade Commission (FTC) said today that Americans reported losses of more than $5.8 billion to fraud during last year, a massive total increase of over 70% compared to the losses reported in 2020. The FTC added a total of roughly 5.7 million consumer reports to its Consumer Sentinel Network (Sentinel) secure online database in 2021.”

Title: Gaming, Banking Trojans Dominate Mobile Malware Scene

Date Published: February 22, 2022


Excerpt: “The number of cyberattacks launched against mobile users was down last year, researchers have found — but don’t pop the champagne just yet. The decline was offset by jacked-up, more sophisticated, more nimble mobile nastiness. In a Monday report, Kaspersky said that its researchers have observed a downward trend in the number of attacks on mobile users, as shown in the chart below. However, “attacks are becoming more sophisticated in terms of both malware functionality and vectors,” according to Kaspersky experts Tatyana Shiskova and Anton Kivva.”

Title: Chinese Experts Uncover Details of Equation Group’s Bvp47 Covert Hacking Tool

Date Published: February 22, 2022


Excerpt: “Researchers from China’s Pangu Lab have disclosed details of a “top-tier” backdoor put to use by the Equation Group, an advanced persistent threat (APT) with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency (NSA). Dubbed “Bvp47” owing to numerous references to the string “Bvp” and the numerical value “0x47” used in the encryption algorithm, the backdoor was extracted from Linux systems “during an in-depth forensic investigation of a host in a key domestic department” in 2013.”

Title: Microsoft Defender for Cloud Can Now Protect Google Cloud Resources

Date Published: February 23, 2022


Excerpt: “Microsoft announced today that Microsoft Defender for Cloud now also comes with native protection for Google Cloud Platform (GCP) environments, providing security recommendations and threat detection across clouds. Defender for Cloud (formerly known as Azure Security Center and Azure Defender) is a security solution that monitors cloud services for threats, makes recommendations to harden security posture, and detects and warns of vulnerabilities in protected multi-cloud and hybrid environments.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...