February 25, 2022

Fortify Security Team
Feb 25, 2022

Title: US and UK Expose New Malware Used by MuddyWater Hackers
Date Published: February 24, 2022

https://www.bleepingcomputer.com/news/security/us-and-uk-expose-new-malware-used-by-muddywater-hackers/

Excerpt: “US and UK cybersecurity and law enforcement agencies today shared information on new malware deployed by the Iranian-backed MuddyWatter hacking group in attacks targeting critical infrastructure worldwide. This was revealed today in a joint advisory issued by CISA, the Federal Bureau of Investigation (FBI), the US Cyber Command’s Cyber National Mission Force (CNMF), UK’s National Cyber Security Centre (NCSC-UK), and the National Security Agency (NSA).”

Title: Data Wiper Attacks on Ukraine Were Planned at least in November and Used Ransomware as Decoy
Date Published: February 24, 2022

https://securityaffairs.co/wordpress/128361/malware/ukraine-ransomware-decoy-wiper.html

Excerpt:Yesterday, researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data wiper malware that was employed in a recent wave of attacks that hit hundreds of machines in Ukraine. A tweet from ESET revealed that the company’s telemetry shows the presence of the wiper, tracked as “HermeticWiper” (aka KillDisk.NCV), on hundreds of machines in the country. According to the security firm, the infections followed the DDoS attacks against several Ukrainian websites, including Ministry of Foreign Affairs, Cabinet of Ministers, and Rada.”

Title: Cybercriminals Seeking More than just Ransomware Payment
Date Published: February 25, 2022

https://www.helpnetsecurity.com/2022/02/25/extortion-ransomware-attacks/

Excerpt: “Venafi announced the findings of a global survey of IT decision-makers looking into the use of double and triple extortion as part of ransomware attacks. The data reveals that 83% of successful ransomware attacks now include alternative extortion methods, such as using the stolen data to extort customers (38%), exposing data on the dark web (35%), and informing customers that their data has been stolen (32%).”

Title: Putin Warns Russian Critical Infrastructure to Brace for Potential Cyber Attacks
Date Published: February 25, 2022

https://thehackernews.com/2022/02/putin-warns-russian-critical.html

Excerpt: “The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country’s full-blown invasion of Ukraine enters the second day. In addition to cautioning of the “threat of an increase in the intensity of computer attacks,” Russia’s National Computer Incident Response and Coordination Center said that the “attacks can be aimed at disrupting the functioning of important information resources and services, causing reputational damage, including for political purposes.””

Title: Popular Banking Trojan Reemerges in Major Bank Attacks
Date Published: February 25, 2022

https://www.scmagazine.com/analysis/malware/popular-banking-trojan-reemerges-in-major-bank-attacks

Excerpt: “The TrickBot malware has reemerged in recent weeks, hitting customers of at least 60 major U.S. financial firms, including Bank of America and Wells Fargo & Co., with phishing attacks through web injections. While this banking trojan posed a relatively simple onslaught, it has evolved into a more modular malware that can adapt to a “wide range of attacks,” according to Check Point Research.”

Title: Fears Rise of Potential Russian Cyberattacks on US, Allies Over Sanctions
Date Published: February 24, 2022

https://www.darkreading.com/attacks-breaches/fears-rise-of-potential-russian-cyberattacks-on-us-allies-over-sanctions

Excerpt: “Tension is mounting over the potential for Russia’s cyberattacks in Ukraine to spread to organizations in the US and other countries that have imposed economic and other sanctions on Russia over its invasion of Ukraine this week. The fears are being fueled both by recent precedent and by the nature of the malicious activity directed at organizations in Ukraine over the past several weeks and months by cyber threat actors believed to be affiliated with the Russian government.”

Title: Microsoft: January Windows Server Updates Cause Netlogon Issues
Date Published: February 25, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-january-windows-server-updates-cause-netlogon-issues/

Excerpt: “Microsoft says Windows Server security updates released on and since the January 2022 Patch Tuesday might prevent applications and network appliances from creating Netlogon secure channels if installed on domain controllers. Netlogon is a remote procedure call (RPC) interface and Windows Server process that authenticates services and users on Windows domain-based networks.”

Title: Zenly Social-Media App Bugs Allow Account Takeover
Date Published: February 24, 2022

https://threatpost.com/zenly-bugs-account-takeover/178646/

Excerpt: “Zenly, a social app from Snap that allows users to see the locations of friends and family on a live map, contains a pair of vulnerabilities that could endanger those being tracked. According to the Checkmarx Security Research Team, the bugs are a user-data exposure vulnerability and an account-takeover vulnerability. Both have been patched, and users should upgrade their apps to the latest version to avoid compromise.”

Title: Data Leaks and Shadow Assets Greatly Exposing Organizations to Cyberattacks
Date Published: February 25, 2022

https://www.helpnetsecurity.com/2022/02/25/cloud-storage-leaks-increasing/

Excerpt: “CybelAngel published a research revealing that data leaks and shadow assets are the greatest source of exposure to cyberattacks faced by large organizations across the globe. The report also highlights how the market pressures of 2021 led to an increase of such risks, with cloud storage leaks increasing by 150% compared to 2020.”??

Title: New Flaws Discovered in Cisco’s Network Operating System for Switches
Date Published: February 24, 2022

https://thehackernews.com/2022/02/new-flaws-discovered-in-ciscos-network.html

Excerpt: “Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems. The most critical of the flaws is CVE-2022-20650 (CVSS score: 8.8), which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of user-supplied data.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...