February 25, 2022

Fortify Security Team
Feb 25, 2022

Title: US and UK Expose New Malware Used by MuddyWater Hackers
Date Published: February 24, 2022


Excerpt: “US and UK cybersecurity and law enforcement agencies today shared information on new malware deployed by the Iranian-backed MuddyWatter hacking group in attacks targeting critical infrastructure worldwide. This was revealed today in a joint advisory issued by CISA, the Federal Bureau of Investigation (FBI), the US Cyber Command’s Cyber National Mission Force (CNMF), UK’s National Cyber Security Centre (NCSC-UK), and the National Security Agency (NSA).”

Title: Data Wiper Attacks on Ukraine Were Planned at least in November and Used Ransomware as Decoy
Date Published: February 24, 2022


Excerpt:Yesterday, researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data wiper malware that was employed in a recent wave of attacks that hit hundreds of machines in Ukraine. A tweet from ESET revealed that the company’s telemetry shows the presence of the wiper, tracked as “HermeticWiper” (aka KillDisk.NCV), on hundreds of machines in the country. According to the security firm, the infections followed the DDoS attacks against several Ukrainian websites, including Ministry of Foreign Affairs, Cabinet of Ministers, and Rada.”

Title: Cybercriminals Seeking More than just Ransomware Payment
Date Published: February 25, 2022


Excerpt: “Venafi announced the findings of a global survey of IT decision-makers looking into the use of double and triple extortion as part of ransomware attacks. The data reveals that 83% of successful ransomware attacks now include alternative extortion methods, such as using the stolen data to extort customers (38%), exposing data on the dark web (35%), and informing customers that their data has been stolen (32%).”

Title: Putin Warns Russian Critical Infrastructure to Brace for Potential Cyber Attacks
Date Published: February 25, 2022


Excerpt: “The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country’s full-blown invasion of Ukraine enters the second day. In addition to cautioning of the “threat of an increase in the intensity of computer attacks,” Russia’s National Computer Incident Response and Coordination Center said that the “attacks can be aimed at disrupting the functioning of important information resources and services, causing reputational damage, including for political purposes.””

Title: Popular Banking Trojan Reemerges in Major Bank Attacks
Date Published: February 25, 2022


Excerpt: “The TrickBot malware has reemerged in recent weeks, hitting customers of at least 60 major U.S. financial firms, including Bank of America and Wells Fargo & Co., with phishing attacks through web injections. While this banking trojan posed a relatively simple onslaught, it has evolved into a more modular malware that can adapt to a “wide range of attacks,” according to Check Point Research.”

Title: Fears Rise of Potential Russian Cyberattacks on US, Allies Over Sanctions
Date Published: February 24, 2022


Excerpt: “Tension is mounting over the potential for Russia’s cyberattacks in Ukraine to spread to organizations in the US and other countries that have imposed economic and other sanctions on Russia over its invasion of Ukraine this week. The fears are being fueled both by recent precedent and by the nature of the malicious activity directed at organizations in Ukraine over the past several weeks and months by cyber threat actors believed to be affiliated with the Russian government.”

Title: Microsoft: January Windows Server Updates Cause Netlogon Issues
Date Published: February 25, 2022


Excerpt: “Microsoft says Windows Server security updates released on and since the January 2022 Patch Tuesday might prevent applications and network appliances from creating Netlogon secure channels if installed on domain controllers. Netlogon is a remote procedure call (RPC) interface and Windows Server process that authenticates services and users on Windows domain-based networks.”

Title: Zenly Social-Media App Bugs Allow Account Takeover
Date Published: February 24, 2022


Excerpt: “Zenly, a social app from Snap that allows users to see the locations of friends and family on a live map, contains a pair of vulnerabilities that could endanger those being tracked. According to the Checkmarx Security Research Team, the bugs are a user-data exposure vulnerability and an account-takeover vulnerability. Both have been patched, and users should upgrade their apps to the latest version to avoid compromise.”

Title: Data Leaks and Shadow Assets Greatly Exposing Organizations to Cyberattacks
Date Published: February 25, 2022


Excerpt: “CybelAngel published a research revealing that data leaks and shadow assets are the greatest source of exposure to cyberattacks faced by large organizations across the globe. The report also highlights how the market pressures of 2021 led to an increase of such risks, with cloud storage leaks increasing by 150% compared to 2020.”??

Title: New Flaws Discovered in Cisco’s Network Operating System for Switches
Date Published: February 24, 2022


Excerpt: “Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems. The most critical of the flaws is CVE-2022-20650 (CVSS score: 8.8), which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of user-supplied data.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...