February 8, 2022

Fortify Security Team
Feb 8, 2022

Title: Puma Hit by Data Breach After Kronos Ransomware Attack
Date Published: February 7, 2022


Excerpt: “Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021. The data breach notification filed with several attorney generals’ offices earlier this month says the attackers also stole personal information belonging to Puma employees and their dependents from the Kronos Private Cloud (KPC) cloud environment before encrypting the data.”

Title: Avast Released a Free Decryptor for TargetCompany Ransomware
Date Published: February 7, 2022


Excerpt: “Czech cybersecurity software firm Avast has released a decryption tool that could allow victims of the TargetCompany ransomware to recover their files for free under certain circumstances. The experts warn that the decryptor consumes most of the processor’s computing power in order to retrieve the password, the cracking process may take up to tens of hours. The decryptor allows users to periodically save the progress to interrupt and restart the decryption process and resume the previously started cracking process.”

Title: CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug
Date Published: February 7, 2022


Excerpt: “CISA is putting the thumbscrews on federal agencies to get them to patch an actively exploited Windows vulnerability. On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it added the vulnerability – tracked as CVE-2022-21882 and with a CVSS criticality rating of 7.0 – to its Known Exploited Vulnerabilities Catalog. The move means that Federal Civilian Executive Branch (FCEB) agencies have until Feb. 18, 2022 to remediate the vulnerability, which affects all unpatched versions of Windows 10.”

Title: Highly Evasive Adaptive Threats (HEAT) bypassing traditional security defenses
Date Published: February 8, 2022


Excerpt: “Menlo Security announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defenses. HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used to deliver malware or to compromise credentials, that in many cases leads to ransomware attacks.”

Title: Medusa Android Banking Trojan Spreading Through Flubot’s Attacks Network
Date Published: February 8, 2022


Excerpt: “Two different Android banking Trojans, FluBot and Medusa, are relying on the same delivery vehicle as part of a simultaneous attack campaign, according to new research published by ThreatFabric. The ongoing side-by-side infections, facilitated through the same smishing (SMS phishing) infrastructure, involved the overlapping usage of “app names, package names, and similar icons,” the Dutch mobile security firm said. Medusa, first discovered targeting Turkish financial organizations in July 2020, has undergone several iterations, chief among which is the ability to abuse accessibility permissions in Android to siphon funds from banking apps to an account controlled by the attacker.”

Title: UnitedHealthcare tied to RIPTA data theft incident as breach tally rises to 22K
Date Published: February 7, 2022


Excerpt: “New information has come to light in the ongoing investigation into the Rhode Island Public Transportation Authority (RIPTA), after it was revealed that the data of 5,015 health plan beneficiaries was stolen during an August hack. The breach notice soon caught the attention of the state’s attorney general and American Civil Liberties Union over privacy and security concerns. A state hearing into the incident last week showed United Healthcare has been named as part of the state’s investigation, as it was the former health plan administrator for Rhode Island. Local news outlets revealed the health plan leadership did not show for the hearing, the absence explained by the ongoing state investigations.”

Title: Qbot Needs Only 30 minutes to Steal Your Credentials, Emails
Date Published: February 8, 2022


Excerpt: “The widespread malware known as Qbot (aka Qakbot or QuakBot) has recently returned to light-speed attacks, and according to analysts, it only takes around 30 minutes to steal sensitive data after the initial infection. According to a new report by DFIR, Qbot was performing these quick data-snatching strikes back in October 2021, and it now appears that the threat actors behind it have returned to similar tactics. More specifically, the analysts report that it takes half an hour for the adversaries to steal browser data and emails from Outlook and 50 minutes before they jump to an adjacent workstation.”

Title: Russian Police Arrested Six People Involved in the Theft and Selling of Stolen Credit Cards
Date Published: February 8, 2022


Excerpt: Another success of Russian police that arrested six people allegedly members of a crime gang involved in the theft and selling of stolen credit cards. The arrests were ordered by the Ministry of Internal Affairs of the Russian Federation through the Tverskoy Court of Moscow. “The Tverskoy Court of Moscow received petitions from the investigation to select a measure of restraint in the form of detention against six people suspected of committing a crime under Part 2 of Article 187 of the Criminal Code of the Russian Federation (“Illegal circulation of means of payment”),” – said the press court clerk Ksenia Rozina. According to her, court hearings will begin in the near future.”

Title: Several Malware Families Using Pay-Per-Install Service to Expand Their Targets
Date Published: February 8, 2022


Excerpt: “A detailed examination of a Pay-per-install (PPI) malware service called PrivateLoader has revealed its crucial role in the delivery of a variety of malware such as SmokeLoader, RedLine Stealer, Vidar, Raccoon, and GCleaner since at least May 2021. Loaders are malicious programs used for loading additional executables onto the infected machine. With PPI malware services such as PrivateLoader, malware operators pay the service owners to get their payloads “installed” based on the targets provided.”

Title: Google Sees 50% Security Boost for 150M Users After 2FA Enroll
Date Published: February 8, 2022


Excerpt: “After accelerating its efforts to auto-enroll as many accounts as possible in two-factor authentication (2FA), Google announced that an additional 150 million users now have 2FA enabled. Google first announced that it strives to push all its users to start using 2FA (or two-step verification as Google calls it) in May 2021, as part of a broader move to secure as many accounts as possible from attacks that use compromised credentials or guess passwords to hijack accounts.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...