February 23, 2022

Fortify Security Team
Feb 23, 2022

Title: Entropy Ransomware Linked to Dridex Malware Downloader

Date Published: February 23, 2022

https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-dridex-malware-downloader/

Excerpt: “Analysis of the recently-emerged Entropy ransomware reveals code-level similarities with the general purpose Dridex malware that started as a banking trojan. Two Entropy ransomware attacks against different organizations allowed researchers to connect the dots and establish a connection between the two pieces of malware.”

Title: Iranian Broadcaster IRIB hit by Wiper Malware

Date Published: February 23, 2022

https://securityaffairs.co/wordpress/128309/hacking/irib-hit-by-wiper-malware.html

Excerpt: “An investigation into the attack that hit the Islamic Republic of Iran Broadcasting (IRIB) in late January, revealed the involvement of a disruptive wiper malware along with other custom-made backdoors, and scripts and configuration files used to install and configure the malicious executables.
Researchers from CheckPoint that investigated the attack reported that the attackers used a wiper malware to disrupt the state’s broadcasting networks, damaging both TV and radio networks.”

Title: EU Activates Cyber Rapid Response Team Amid Ukraine Crisis

Date Published: February 22, 2022

https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584

Excerpt: “Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.”

Title: 9-Year-Old Unpatched Email Hacking Bug Uncovered in Horde Webmail Software

Date Published: February 22, 2022

https://thehackernews.com/2022/02/9-year-old-unpatched-email-hacking-bug.html

Excerpt: “Users of Horde Webmail are being urged to disable a feature to contain a nine-year-old unpatched security vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment. “This gives the attacker access to all sensitive and perhaps secret information a victim has stored in their email account and could allow them to gain further access to the internal services of an organization,” SonarSource vulnerability researcher, Simon Scannell, said in a report.”

Title: Three New ICS Threat Groups Discovered, one Primed to Disrupt Energy Targets

Date Published: February 23, 2022

https://www.scmagazine.com/analysis/apt/dragos-finds-three-new-ics-threat-groups-one-primed-to-disrupt-energy-targets

Excerpt: “Dragos detailed three new threat groups targeting industrial control systems in its annual report, including one technologically adept group that seems to be scouting out potential disruptive attacks in the energy sector.”

Title: Log4j Remediation Took Weeks or More for Over 50% of Organizations

Date Published: February 22, 2022

https://www.darkreading.com/attacks-breaches/log4j-remediation-took-weeks-or-more-for-more-than-50-of-organizations

Excerpt: “It indeed was an all-hands-on-deck job for organizations around the globe when the Log4j vulnerability was exposed: a new (ISC)² study found that 52% of security teams spent weeks or more than a month fixing the flaw in their networks — and some 48% did so on weekends and during their holiday time.”

Title: FTC: Americans Report Losing Over $5.8 Billion to Fraud in 2021

Date Published: February 23, 2022

https://www.bleepingcomputer.com/news/security/ftc-americans-report-losing-over-58-billion-to-fraud-in-2021/

Excerpt: “The US Federal Trade Commission (FTC) said today that Americans reported losses of more than $5.8 billion to fraud during last year, a massive total increase of over 70% compared to the losses reported in 2020. The FTC added a total of roughly 5.7 million consumer reports to its Consumer Sentinel Network (Sentinel) secure online database in 2021.”

Title: Gaming, Banking Trojans Dominate Mobile Malware Scene

Date Published: February 22, 2022

https://threatpost.com/gaming-banking-trojans-mobile-malware/178571/

Excerpt: “The number of cyberattacks launched against mobile users was down last year, researchers have found — but don’t pop the champagne just yet. The decline was offset by jacked-up, more sophisticated, more nimble mobile nastiness. In a Monday report, Kaspersky said that its researchers have observed a downward trend in the number of attacks on mobile users, as shown in the chart below. However, “attacks are becoming more sophisticated in terms of both malware functionality and vectors,” according to Kaspersky experts Tatyana Shiskova and Anton Kivva.”

Title: Chinese Experts Uncover Details of Equation Group’s Bvp47 Covert Hacking Tool

Date Published: February 22, 2022

https://thehackernews.com/2022/02/chinese-experts-uncover-details-of.html

Excerpt: “Researchers from China’s Pangu Lab have disclosed details of a “top-tier” backdoor put to use by the Equation Group, an advanced persistent threat (APT) with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency (NSA). Dubbed “Bvp47” owing to numerous references to the string “Bvp” and the numerical value “0x47” used in the encryption algorithm, the backdoor was extracted from Linux systems “during an in-depth forensic investigation of a host in a key domestic department” in 2013.”

Title: Microsoft Defender for Cloud Can Now Protect Google Cloud Resources

Date Published: February 23, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-cloud-can-now-protect-google-cloud-resources/

Excerpt: “Microsoft announced today that Microsoft Defender for Cloud now also comes with native protection for Google Cloud Platform (GCP) environments, providing security recommendations and threat detection across clouds. Defender for Cloud (formerly known as Azure Security Center and Azure Defender) is a security solution that monitors cloud services for threats, makes recommendations to harden security posture, and detects and warns of vulnerabilities in protected multi-cloud and hybrid environments.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...