February 25, 2022

Fortify Security Team
Feb 25, 2022

Title: US and UK Expose New Malware Used by MuddyWater Hackers
Date Published: February 24, 2022


Excerpt: “US and UK cybersecurity and law enforcement agencies today shared information on new malware deployed by the Iranian-backed MuddyWatter hacking group in attacks targeting critical infrastructure worldwide. This was revealed today in a joint advisory issued by CISA, the Federal Bureau of Investigation (FBI), the US Cyber Command’s Cyber National Mission Force (CNMF), UK’s National Cyber Security Centre (NCSC-UK), and the National Security Agency (NSA).”

Title: Data Wiper Attacks on Ukraine Were Planned at least in November and Used Ransomware as Decoy
Date Published: February 24, 2022


Excerpt:Yesterday, researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data wiper malware that was employed in a recent wave of attacks that hit hundreds of machines in Ukraine. A tweet from ESET revealed that the company’s telemetry shows the presence of the wiper, tracked as “HermeticWiper” (aka KillDisk.NCV), on hundreds of machines in the country. According to the security firm, the infections followed the DDoS attacks against several Ukrainian websites, including Ministry of Foreign Affairs, Cabinet of Ministers, and Rada.”

Title: Cybercriminals Seeking More than just Ransomware Payment
Date Published: February 25, 2022


Excerpt: “Venafi announced the findings of a global survey of IT decision-makers looking into the use of double and triple extortion as part of ransomware attacks. The data reveals that 83% of successful ransomware attacks now include alternative extortion methods, such as using the stolen data to extort customers (38%), exposing data on the dark web (35%), and informing customers that their data has been stolen (32%).”

Title: Putin Warns Russian Critical Infrastructure to Brace for Potential Cyber Attacks
Date Published: February 25, 2022


Excerpt: “The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country’s full-blown invasion of Ukraine enters the second day. In addition to cautioning of the “threat of an increase in the intensity of computer attacks,” Russia’s National Computer Incident Response and Coordination Center said that the “attacks can be aimed at disrupting the functioning of important information resources and services, causing reputational damage, including for political purposes.””

Title: Popular Banking Trojan Reemerges in Major Bank Attacks
Date Published: February 25, 2022


Excerpt: “The TrickBot malware has reemerged in recent weeks, hitting customers of at least 60 major U.S. financial firms, including Bank of America and Wells Fargo & Co., with phishing attacks through web injections. While this banking trojan posed a relatively simple onslaught, it has evolved into a more modular malware that can adapt to a “wide range of attacks,” according to Check Point Research.”

Title: Fears Rise of Potential Russian Cyberattacks on US, Allies Over Sanctions
Date Published: February 24, 2022


Excerpt: “Tension is mounting over the potential for Russia’s cyberattacks in Ukraine to spread to organizations in the US and other countries that have imposed economic and other sanctions on Russia over its invasion of Ukraine this week. The fears are being fueled both by recent precedent and by the nature of the malicious activity directed at organizations in Ukraine over the past several weeks and months by cyber threat actors believed to be affiliated with the Russian government.”

Title: Microsoft: January Windows Server Updates Cause Netlogon Issues
Date Published: February 25, 2022


Excerpt: “Microsoft says Windows Server security updates released on and since the January 2022 Patch Tuesday might prevent applications and network appliances from creating Netlogon secure channels if installed on domain controllers. Netlogon is a remote procedure call (RPC) interface and Windows Server process that authenticates services and users on Windows domain-based networks.”

Title: Zenly Social-Media App Bugs Allow Account Takeover
Date Published: February 24, 2022


Excerpt: “Zenly, a social app from Snap that allows users to see the locations of friends and family on a live map, contains a pair of vulnerabilities that could endanger those being tracked. According to the Checkmarx Security Research Team, the bugs are a user-data exposure vulnerability and an account-takeover vulnerability. Both have been patched, and users should upgrade their apps to the latest version to avoid compromise.”

Title: Data Leaks and Shadow Assets Greatly Exposing Organizations to Cyberattacks
Date Published: February 25, 2022


Excerpt: “CybelAngel published a research revealing that data leaks and shadow assets are the greatest source of exposure to cyberattacks faced by large organizations across the globe. The report also highlights how the market pressures of 2021 led to an increase of such risks, with cloud storage leaks increasing by 150% compared to 2020.”??

Title: New Flaws Discovered in Cisco’s Network Operating System for Switches
Date Published: February 24, 2022


Excerpt: “Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems. The most critical of the flaws is CVE-2022-20650 (CVSS score: 8.8), which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of user-supplied data.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...