February 7, 2022

Fortify Security Team
Feb 7, 2022

Title: FBI Shares Lockbit Ransomware Technical Details, Defense Tips
Date Published: February 5, 2022


Excerpt: “The Federal Bureau of Investigation (FBI) has released technical details and indicators of compromise associated with LockBit ransomware attacks in a new flash alert published this Friday. It also provided information to help organizations block this adversary’s attempts to breach their networks and asked victims to urgently report such incidents to their local FBI Cyber Squad. The LockBit ransomware gang has been very active since September 2019 when it launched as a ransomware-as-a-service (RaaS), with gang representatives promoting the operation, providing support on Russian-language hacking forums, and recruiting threat actors to breach and encrypt networks.”

Title: Argo CD Flaw Could Allow Stealing Sensitive Data from Kubernetes Apps
Date Published: February 6, 2022


Excerpt: “A zero-day vulnerability, tracked as CVE-2022-24348, in the Argo CD tool for Kubernetes could be exploited by attackers to steal sensitive data from Kubernetes Apps, including passwords and API keys. The flaw received a CVSS score of 7.7 and affects all versions, it was addressed with the release of versions 2.3.0, 2.2.4, and 2.1.9. Argo CD (Continuous Deployment) automates the deployment of the desired application states in the specified target environments. Argo CD is used by hundreds of organizations, including Alibaba Group, BMW Group, Deloitte, IBM, Intuit, Red Hat, Skyscanner, and Swisscom. The vulnerability is a path-traversal vulnerability that could allow attackers to pass arbitrary values files to be consumed by Helm charts.”

Title: Attacks Against Health Plans Up Nearly 35%
Date Published: February 7, 2022


Excerpt: “Critical Insight announced the release of a report which analyzes breach data reported to the U.S. Department of Health and Human Services by healthcare organizations. As we entered the second year of the pandemic in 2021, healthcare systems found themselves under unprecedented and unrelenting stress. Frontline healthcare workers continued to be understaffed and overworked. Hospitals were so overcrowded that they have been forced to postpone routine medical procedures until the latest surge of COVID-19 cases subsides.”

Title: Chinese Hackers Target Taiwanese Financial Institutions with a new Stealthy Backdoor
Date Published: February 6, 2022


Excerpt: “A Chinese advanced persistent threat (APT) group has been targeting Taiwanese financial institutions as part of a “persistent campaign” that lasted for at least 18 months. The intrusions, whose primary intent was espionage, resulted in the deployment of a backdoor called xPack, granting the adversary extensive control over compromised machines, Broadcom-owned Symantec said in a report published last week.What’s notable about this campaign is the amount of time the threat actor lurked on victim networks, affording the operators ample opportunity for detailed reconnaissance and exfiltrate potentially sensitive information pertaining to business contacts and investments without raising any red flag”

Title: BlackCat (ALPHV) Ransomware Linked to BlackMatter, DarkSide gangs
Date Published: February 5, 2022


Excerpt: “The Black Cat ransomware gang, also known as ALPHV, has confirmed they are former members of the notorious BlackMatter/DarkSide ransomware operation. BlackCat/ALPHV is a new feature-rich ransomware operation launched in November 2021 and developed in the Rust programming language, which is unusual for ransomware infections. The ransomware executable is highly customizable, with different encryption methods and options allowing for attacks on a wide range of corporate environments.”

Title: Hackers Breached a Server of National Games of China Days Before the Event
Date Published: February 7, 2022


Excerpt: “Researchers at cybersecurity firm Avast discovered that a Chinese-language-speaking threat actor has compromised systems at National Games of China in 2021. The event took place on September 15, 2021 in Shaanxi (China), it is a national version of the Olympics with only local athletes. The attackers breached a web server on September 3rd and deployed multiple reverse web shells to establish a permanent foothold in the target network. Experts noticed that the threat actors started a reconnaissance phase in August, they have done some tests to determine which type of file was possible to upload to the server. In order to perform the tests, attackers seem to have exploited a vulnerability in the webserver.”

Title: Contextualizing Supply Chain Risks in a SaaS Environment
Date Published: February 7, 2022


Excerpt: “In the wake of the SolarWinds and Kaseya attacks, third-party cybersecurity risks remain top of mind for security leaders. Nonetheless, CISOs continue to experience significant friction with third-party risk management (TPRM). According to the latest CISO Circuit by YL Ventures, 70% of the surveyed leaders do not believe that TPRM solutions have meaningfully helped them avoid risk. Much of their doubt is rooted in their concerns over lacking context in current TPRM processes. This is significant for a solution utilized by 83% of respondents.”

Title: New CapraRAT Android Malware Targets Indian Government and Military Personnel
Date Published: February 7, 2022


Excerpt: “A politically motivated advanced persistent threat (APT) group has expanded its malware arsenal to include a new remote access trojan (RAT) in its espionage attacks aimed at Indian military and diplomatic entities. Called CapraRAT by Trend Micro, the implant is an Android RAT that exhibits a high “degree of crossover” with another Windows malware known as CrimsonRAT that’s associated with Earth Karkaddan, a threat actor that’s also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, and Transparent Tribe.”

Title: Roaming Mantis Android Malware Campaign Sets Sights on Europe
Date Published: February 7, 2022


Excerpt: “The Roaming Mantis SMS phishing campaign has finally reached Europe, as researchers detect campaigns targeting Android and iPhone users in Germany and France with malicious apps and phishing pages. Roaming Mantis is a credential theft and malware distribution campaign that uses SMS phishing (smishing) to distribute malicious Android apps as standalone APK files outside the Google Play Store. Over the past four years, the campaign has been under constant evolution and was first spotted in 2018, targeting Android smartphone users in Japan via DNS hacking.”

Title: IoT/connected Device Discovery and Security Auditing in Corporate Networks
Date Published: February 7, 2022


Excerpt: “Today’s enterprise networks are complex environments with different types of wired and wireless devices being connected and disconnected. The current device discovery solutions have been mainly focused on identifying and monitoring servers, workstation PCs, laptops and infrastructure devices such as network firewalls, switches and routers, because the most valuable information assets of organizations are being stored, processed and transferred over those devices, hence making them the prime target of security breaches and intrusions.”

Recent Posts

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...