February 8, 2022

Fortify Security Team
Feb 8, 2022

Title: Puma Hit by Data Breach After Kronos Ransomware Attack
Date Published: February 7, 2022

https://www.bleepingcomputer.com/news/security/puma-hit-by-data-breach-after-kronos-ransomware-attack/

Excerpt: “Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021. The data breach notification filed with several attorney generals’ offices earlier this month says the attackers also stole personal information belonging to Puma employees and their dependents from the Kronos Private Cloud (KPC) cloud environment before encrypting the data.”

Title: Avast Released a Free Decryptor for TargetCompany Ransomware
Date Published: February 7, 2022

https://securityaffairs.co/wordpress/127761/malware/targetcompany-ransomware-decryptor.html

Excerpt: “Czech cybersecurity software firm Avast has released a decryption tool that could allow victims of the TargetCompany ransomware to recover their files for free under certain circumstances. The experts warn that the decryptor consumes most of the processor’s computing power in order to retrieve the password, the cracking process may take up to tens of hours. The decryptor allows users to periodically save the progress to interrupt and restart the decryption process and resume the previously started cracking process.”

Title: CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug
Date Published: February 7, 2022

https://threatpost.com/cisa-orders-federal-agencies-to-fix-actively-exploited-windows-bug/178270/

Excerpt: “CISA is putting the thumbscrews on federal agencies to get them to patch an actively exploited Windows vulnerability. On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it added the vulnerability – tracked as CVE-2022-21882 and with a CVSS criticality rating of 7.0 – to its Known Exploited Vulnerabilities Catalog. The move means that Federal Civilian Executive Branch (FCEB) agencies have until Feb. 18, 2022 to remediate the vulnerability, which affects all unpatched versions of Windows 10.”

Title: Highly Evasive Adaptive Threats (HEAT) bypassing traditional security defenses
Date Published: February 8, 2022

https://www.helpnetsecurity.com/2022/02/08/cyberthreats-bypass-security-defenses/

Excerpt: “Menlo Security announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defenses. HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used to deliver malware or to compromise credentials, that in many cases leads to ransomware attacks.”

Title: Medusa Android Banking Trojan Spreading Through Flubot’s Attacks Network
Date Published: February 8, 2022

https://thehackernews.com/2022/02/medusa-android-banking-trojan-spreading.html

Excerpt: “Two different Android banking Trojans, FluBot and Medusa, are relying on the same delivery vehicle as part of a simultaneous attack campaign, according to new research published by ThreatFabric. The ongoing side-by-side infections, facilitated through the same smishing (SMS phishing) infrastructure, involved the overlapping usage of “app names, package names, and similar icons,” the Dutch mobile security firm said. Medusa, first discovered targeting Turkish financial organizations in July 2020, has undergone several iterations, chief among which is the ability to abuse accessibility permissions in Android to siphon funds from banking apps to an account controlled by the attacker.”

Title: UnitedHealthcare tied to RIPTA data theft incident as breach tally rises to 22K
Date Published: February 7, 2022

https://www.scmagazine.com/analysis/breach/unitedhealthcare-tied-to-ripta-data-theft-incident-as-breach-tally-rises-to-22k

Excerpt: “New information has come to light in the ongoing investigation into the Rhode Island Public Transportation Authority (RIPTA), after it was revealed that the data of 5,015 health plan beneficiaries was stolen during an August hack. The breach notice soon caught the attention of the state’s attorney general and American Civil Liberties Union over privacy and security concerns. A state hearing into the incident last week showed United Healthcare has been named as part of the state’s investigation, as it was the former health plan administrator for Rhode Island. Local news outlets revealed the health plan leadership did not show for the hearing, the absence explained by the ongoing state investigations.”

Title: Qbot Needs Only 30 minutes to Steal Your Credentials, Emails
Date Published: February 8, 2022

https://www.bleepingcomputer.com/news/security/qbot-needs-only-30-minutes-to-steal-your-credentials-emails/

Excerpt: “The widespread malware known as Qbot (aka Qakbot or QuakBot) has recently returned to light-speed attacks, and according to analysts, it only takes around 30 minutes to steal sensitive data after the initial infection. According to a new report by DFIR, Qbot was performing these quick data-snatching strikes back in October 2021, and it now appears that the threat actors behind it have returned to similar tactics. More specifically, the analysts report that it takes half an hour for the adversaries to steal browser data and emails from Outlook and 50 minutes before they jump to an adjacent workstation.”

Title: Russian Police Arrested Six People Involved in the Theft and Selling of Stolen Credit Cards
Date Published: February 8, 2022

https://securityaffairs.co/wordpress/127785/cyber-crime/russian-police-dismantled-carding-forums.html

Excerpt: Another success of Russian police that arrested six people allegedly members of a crime gang involved in the theft and selling of stolen credit cards. The arrests were ordered by the Ministry of Internal Affairs of the Russian Federation through the Tverskoy Court of Moscow. “The Tverskoy Court of Moscow received petitions from the investigation to select a measure of restraint in the form of detention against six people suspected of committing a crime under Part 2 of Article 187 of the Criminal Code of the Russian Federation (“Illegal circulation of means of payment”),” – said the press court clerk Ksenia Rozina. According to her, court hearings will begin in the near future.”

Title: Several Malware Families Using Pay-Per-Install Service to Expand Their Targets
Date Published: February 8, 2022

https://thehackernews.com/2022/02/several-malware-families-using-pay-per.html

Excerpt: “A detailed examination of a Pay-per-install (PPI) malware service called PrivateLoader has revealed its crucial role in the delivery of a variety of malware such as SmokeLoader, RedLine Stealer, Vidar, Raccoon, and GCleaner since at least May 2021. Loaders are malicious programs used for loading additional executables onto the infected machine. With PPI malware services such as PrivateLoader, malware operators pay the service owners to get their payloads “installed” based on the targets provided.”

Title: Google Sees 50% Security Boost for 150M Users After 2FA Enroll
Date Published: February 8, 2022

https://www.bleepingcomputer.com/news/google/google-sees-50-percent-security-boost-for-150m-users-after-2fa-enroll/

Excerpt: “After accelerating its efforts to auto-enroll as many accounts as possible in two-factor authentication (2FA), Google announced that an additional 150 million users now have 2FA enabled. Google first announced that it strives to push all its users to start using 2FA (or two-step verification as Google calls it) in May 2021, as part of a broader move to secure as many accounts as possible from attacks that use compromised credentials or guess passwords to hijack accounts.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...