February 28, 2022

Fortify Security Team
Feb 28, 2022

Title: Ukraine recruits “IT Army” to Hack Russian Entities, Lists 31 Targets
Date Published: February 26, 2022

https://www.bleepingcomputer.com/news/security/ukraine-recruits-it-army-to-hack-russian-entities-lists-31-targets/

Excerpt: “Ukraine is recruiting a volunteer “IT army” of security researchers and hackers to conduct cyberattacks on thirty-one Russian entities, including government agencies, critical infrastructure, and banks.Saturday afternoon, Ukraine’s Minister for Digital Transformation Mykhaylo Fedorov announced that they need volunteer “digital talents” for an “IT Army” to conduct operational tasks against Russia on the cyber frontline.”

Title: Chipmaker Giant Nvidia Hit by a Ransomware Attack
Date Published: February 27, 2022

https://securityaffairs.co/wordpress/128456/cyber-crime/nvidia-ransomware-attack.html

Excerpt:The chipmaker giant Nvidia was victim of a ransomware attack that impacted some of its systems for two days. The security breach is not connected to the ongoing crisis in Ukraine, according to a person familiar with the incident. The incident also impacted the company’s developer tools and email systems, but business and commercial activities were not affected.”

Title: Belarusian Spearphishing Campaign Targets Ukraine Military
Date Published: February 26, 2022

https://www.bankinfosecurity.com/belarusian-spearphishing-campaign-targets-ukraine-military-a-18617

Excerpt: “The Computer Emergency Response Team of Ukraine is warning of a massive spearphishing campaign targeting private accounts of Ukrainian military personnel and related individuals. CERT-UA attributes the activities to the UNC1151 group, which consists of officers of the Ministry of Defense of the Republic of Belarus.”

Title: Reborn of Emotet: New Features of the Botnet and How to Detect it
Date Published: February 28, 2022

https://thehackernews.com/2022/02/reborn-of-emotet-new-features-of-botnet.html

Excerpt: “One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet’s executables. And it looked like the end of the trojan’s story. But the malware never ceased to surprise. November 2021, it was reported that TrickBot no longer works alone and delivers Emotet. And ANY.RUN with colleagues in the industry were among the first to notice the emergence of Emotet’s malicious documents.”

Title: Stealthy Daxin is China’s ‘Most Advanced Piece of Malware’
Date Published: February 28, 2022

https://www.scmagazine.com/analysis/cyberespionage/stealthy-daxin-is-chinas-most-advanced-piece-of-malware

Excerpt: “New malware attributed to China – more technologically advanced, stealthy and long-lasting than any seen before from the country – is challenging the orthodoxy of Chinese threat intelligence. Researchers at Broadcom’s Symantec division on Monday detailed and attributed the malware they have dubbed Daxin, which has been used in attacks in some form since at least 2013. Nine years is extreme longevity for any threat actor, especially China – not regarded as a nation interested primarily in staying under the radar. In its report, Symantec dubs Daxin “the most advanced piece of malware Symantec researchers have seen from China-linked actors.””

Title: Conti Ransomware’s Internal Chats Leaked After Siding with Russia
Date Published: February 27, 2022

https://www.bleepingcomputer.com/news/security/conti-ransomwares-internal-chats-leaked-after-siding-with-russia/

Excerpt: “A Ukrainian security researcher has leaked over 60,000 internal messages belonging to the Conti ransomware operation after the gang sided with Russia over the invasion of Ukraine. BleepingComputer has independently confirmed the validity of these messages from internal conversations previously shared with BleepingComputer regarding Conti’s attack on Shutterfly.”

Title: Iran-linked UNC3313 APT Employed Two Custom Backdoors Against a Middle East Gov Entity
Date Published: February 28, 2022

https://securityaffairs.co/wordpress/128493/malware/unc3313-apt-two-backdoors.html

Excerpt: “UNC3313 is an Iran-linked threat actor that was linked with “moderate confidence” to the MuddyWater nation-state actor (aka Static Kitten, Seedworm, TEMP.Zagros, or Mercury) by cybersecurity firm Mandiant. UNC3313 was observed deploying two new custom backdoors, tracked as GRAMDOOR and STARWHALE, as part of an attack against an unnamed government entity in the Middle East in November 2021.”

Title: Feds Advise ‘Shields Up’ as Russian Cyberattack Defense
Date Published: February 27, 2022

https://www.bankinfosecurity.com/feds-advise-shields-up-as-russian-cyberattack-defense-a-18619

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency, along with the FBI, issued a joint advisory on Saturday pointing to Russian state-sponsored activity using WhisperGate and HermeticWiper malware to target Ukrainian organizations. The agency has also updated the Shields Up webpage to include new information, recommendations for corporate leaders and actions to protect critical assets.”

Title: CISA Warns of High-Severity Flaws in Schneider and GE Digital’s SCADA Software
Date Published: February 28, 2022

https://thehackernews.com/2022/02/cisa-warns-of-high-severity-flaws-in.html

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) last week published an industrial control system (ICS) advisory related to multiple vulnerabilities impacting Schneider Electric’s Easergy medium voltage protection relays.”

Title: 2022 May be the Year Cybercrime Returns its Focus to Consumer
Date Published: February 27, 2022

https://www.bleepingcomputer.com/news/security/2022-may-be-the-year-cybercrime-returns-its-focus-to-consumers/

Excerpt: “Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers. This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...