March 10, 2022

Fortify Security Team
Mar 10, 2022

Title: Nearly 30% of Critical WordPress Plugin Bugs Don’t Get a Patch

Date Published: March 9, 2022

https://www.bleepingcomputer.com/news/security/nearly-30-percent-of-critical-wordpress-plugin-bugs-dont-get-a-patch/

Excerpt: “Patchstack, a leader in WordPress security and threat intelligence, has released a whitepaper to present the state of WordPress security in 2021, and the report paints a dire picture. More specifically, 2021 has seen a growth of 150% in the reported vulnerabilities compared to the previous year, while 29% of the critical flaws in WordPress plugins never received a security update.”

Title: TLStorm Flaws Allow to Remotely Manipulate the Power of Millions of Enterprise UPS Devices

Date Published: March 10, 2022

https://securityaffairs.co/wordpress/128867/hacking/tlstorm-flaws-ups-devices.html

Excerpt: “Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Smart-UPS devices. The flaws can allow remote attackers to manipulate the power of millions of enterprise devices carrying out extreme cyber-physical attacks.”

Title: APT41 Spies Broke Into 6 US State Networks via a Livestock App

Date Published: March 9, 2022

https://threatpost.com/apt41-spies-broke-into-6-us-state-networks-via-livestock-app/178838/

Excerpt: “USAHerds – an app used (PDF) by farmers to speed their response to diseases and other threats to their livestock – has itself become an infection vector, used to pry open at least six U.S. state networks by one of China’s most prolific state-sponsored espionage groups. In a report published by Mandiant on Tuesday, researchers described a prolonged incursion conducted by APT41. They detected the activity in May 2021 and tracked it through last month, February 2022, observing the spy group pry open vulnerable, internet-facing web apps that were often written in ASP.NET.”

Title: ITOps Teams are Getting Buried Beneath too Many Disparate Solutions for Endpoint Management

Date Published: March 10, 2022

https://www.helpnetsecurity.com/2022/03/10/keeping-endpoints-updated/

Excerpt: “Automox released the findings of a report which revealed that keeping endpoints continuously updated and secure has become even more challenging since the Automox 2021 report, and that organizations are continuing to struggle with the complexity of using multiple legacy tools to manage and secure today’s anywhere-everywhere work environment.”

Title: Former US Cyber Official Warns of Russian War Repercussions

Date Published: March 9, 2022

https://www.bankinfosecurity.com/former-us-cyber-official-warns-russian-war-repercussions-a-18687

Excerpt: “A former top U.S. cybersecurity official warns that the conflict in Ukraine will likely worsen before showing any signs of improvement, including potential cyber escalation with the U.S. and its NATO allies.”

Title: New Exploit Bypasses Existing Spectre-v2 Mitigations in Intel, AMD, Arm CPUs

Date Published: March 10,  2022

https://thehackernews.com/2022/03/new-exploit-bypasses-existing-spectre.html

Excerpt: “Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm and stage speculative execution attacks such as Spectre to leak sensitive information from host memory. Attacks like Spectre are designed to break the isolation between different applications by taking advantage of an optimization technique called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets.”

Title: Finance Among Best-Prepared Sectors for Cyberattacks, but Falls Short in Other Areas

Date Published: March 10, 2022

https://www.scmagazine.com/analysis/training/finance-among-best-prepared-sectors-for-cyberattacks-but-falls-short-in-other-areas

Excerpt: “IT security professionals at financial institutions are better-prepared than their peers in many other industries, but they are still not performing as well as they should be when responding to cyberattacks, according to a report released Wednesday. Lack of speed in response to major hacks typically causes large enterprises overall to be “left exposed by a three-month gap in human cyber capabilities after threats break,” according to a release announcing the findings of the inaugural “Cyber Workforce Benchmark” report by Immersive Labs, which develops platforms to track and analyze the productivity of enterprise cyber professionals. (Log4j is an exception. Cybersecurity teams across the board were able to develop their cyber workers to respond within just two days to this recent pervasive threat.)”

Title: CISA Updates Conti Ransomware Alert with Nearly 100 Domain Names

Date Published: March 9, 2022

https://www.bleepingcomputer.com/news/security/cisa-updates-conti-ransomware-alert-with-nearly-100-domain-names/

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated the alert on Conti ransomware with indicators of compromise (IoCs) consisting of close to 100 domain names used in malicious operations. Originally published on September 22, 2021, the advisory includes details observed by CISA and the Federal Bureau of Investigation (FBI) in Conti ransomware attacks targeting organizations in the U.S. The updated cybersecurity advisory contains data from the U.S. Secret Service.”

Title: New Emotet Botnet is Rapidly Growing, with +130K Unique Bots Spread Across 179 Countries

Date Published: March 10, 2022

https://securityaffairs.co/wordpress/128879/breaking-news/emotet-botnet-rapidly-growing.html

Excerpt: “The Emotet botnet continues to grow and has infected approximately 130,000 hosts since its resurrection in November 2021.Early 2021, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action.”

Title: Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads

Date Published: March 10, 2022

https://threatpost.com/qakbot-botnet-sprouts-fangs-injects-malware-into-email-threads/178845/

Excerpt: “The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet’s powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacking – an attack in which malware operators malspam replies to ongoing email threads.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...