February 23, 2022

Fortify Security Team
Feb 23, 2022

Title: Entropy Ransomware Linked to Dridex Malware Downloader

Date Published: February 23, 2022

https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-dridex-malware-downloader/

Excerpt: “Analysis of the recently-emerged Entropy ransomware reveals code-level similarities with the general purpose Dridex malware that started as a banking trojan. Two Entropy ransomware attacks against different organizations allowed researchers to connect the dots and establish a connection between the two pieces of malware.”

Title: Iranian Broadcaster IRIB hit by Wiper Malware

Date Published: February 23, 2022

https://securityaffairs.co/wordpress/128309/hacking/irib-hit-by-wiper-malware.html

Excerpt: “An investigation into the attack that hit the Islamic Republic of Iran Broadcasting (IRIB) in late January, revealed the involvement of a disruptive wiper malware along with other custom-made backdoors, and scripts and configuration files used to install and configure the malicious executables.
Researchers from CheckPoint that investigated the attack reported that the attackers used a wiper malware to disrupt the state’s broadcasting networks, damaging both TV and radio networks.”

Title: EU Activates Cyber Rapid Response Team Amid Ukraine Crisis

Date Published: February 22, 2022

https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584

Excerpt: “Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.”

Title: 9-Year-Old Unpatched Email Hacking Bug Uncovered in Horde Webmail Software

Date Published: February 22, 2022

https://thehackernews.com/2022/02/9-year-old-unpatched-email-hacking-bug.html

Excerpt: “Users of Horde Webmail are being urged to disable a feature to contain a nine-year-old unpatched security vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment. “This gives the attacker access to all sensitive and perhaps secret information a victim has stored in their email account and could allow them to gain further access to the internal services of an organization,” SonarSource vulnerability researcher, Simon Scannell, said in a report.”

Title: Three New ICS Threat Groups Discovered, one Primed to Disrupt Energy Targets

Date Published: February 23, 2022

https://www.scmagazine.com/analysis/apt/dragos-finds-three-new-ics-threat-groups-one-primed-to-disrupt-energy-targets

Excerpt: “Dragos detailed three new threat groups targeting industrial control systems in its annual report, including one technologically adept group that seems to be scouting out potential disruptive attacks in the energy sector.”

Title: Log4j Remediation Took Weeks or More for Over 50% of Organizations

Date Published: February 22, 2022

https://www.darkreading.com/attacks-breaches/log4j-remediation-took-weeks-or-more-for-more-than-50-of-organizations

Excerpt: “It indeed was an all-hands-on-deck job for organizations around the globe when the Log4j vulnerability was exposed: a new (ISC)² study found that 52% of security teams spent weeks or more than a month fixing the flaw in their networks — and some 48% did so on weekends and during their holiday time.”

Title: FTC: Americans Report Losing Over $5.8 Billion to Fraud in 2021

Date Published: February 23, 2022

https://www.bleepingcomputer.com/news/security/ftc-americans-report-losing-over-58-billion-to-fraud-in-2021/

Excerpt: “The US Federal Trade Commission (FTC) said today that Americans reported losses of more than $5.8 billion to fraud during last year, a massive total increase of over 70% compared to the losses reported in 2020. The FTC added a total of roughly 5.7 million consumer reports to its Consumer Sentinel Network (Sentinel) secure online database in 2021.”

Title: Gaming, Banking Trojans Dominate Mobile Malware Scene

Date Published: February 22, 2022

https://threatpost.com/gaming-banking-trojans-mobile-malware/178571/

Excerpt: “The number of cyberattacks launched against mobile users was down last year, researchers have found — but don’t pop the champagne just yet. The decline was offset by jacked-up, more sophisticated, more nimble mobile nastiness. In a Monday report, Kaspersky said that its researchers have observed a downward trend in the number of attacks on mobile users, as shown in the chart below. However, “attacks are becoming more sophisticated in terms of both malware functionality and vectors,” according to Kaspersky experts Tatyana Shiskova and Anton Kivva.”

Title: Chinese Experts Uncover Details of Equation Group’s Bvp47 Covert Hacking Tool

Date Published: February 22, 2022

https://thehackernews.com/2022/02/chinese-experts-uncover-details-of.html

Excerpt: “Researchers from China’s Pangu Lab have disclosed details of a “top-tier” backdoor put to use by the Equation Group, an advanced persistent threat (APT) with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency (NSA). Dubbed “Bvp47” owing to numerous references to the string “Bvp” and the numerical value “0x47” used in the encryption algorithm, the backdoor was extracted from Linux systems “during an in-depth forensic investigation of a host in a key domestic department” in 2013.”

Title: Microsoft Defender for Cloud Can Now Protect Google Cloud Resources

Date Published: February 23, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-cloud-can-now-protect-google-cloud-resources/

Excerpt: “Microsoft announced today that Microsoft Defender for Cloud now also comes with native protection for Google Cloud Platform (GCP) environments, providing security recommendations and threat detection across clouds. Defender for Cloud (formerly known as Azure Security Center and Azure Defender) is a security solution that monitors cloud services for threats, makes recommendations to harden security posture, and detects and warns of vulnerabilities in protected multi-cloud and hybrid environments.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...