March 10, 2022

Fortify Security Team
Mar 10, 2022

Title: Nearly 30% of Critical WordPress Plugin Bugs Don’t Get a Patch

Date Published: March 9, 2022

https://www.bleepingcomputer.com/news/security/nearly-30-percent-of-critical-wordpress-plugin-bugs-dont-get-a-patch/

Excerpt: “Patchstack, a leader in WordPress security and threat intelligence, has released a whitepaper to present the state of WordPress security in 2021, and the report paints a dire picture. More specifically, 2021 has seen a growth of 150% in the reported vulnerabilities compared to the previous year, while 29% of the critical flaws in WordPress plugins never received a security update.”

Title: TLStorm Flaws Allow to Remotely Manipulate the Power of Millions of Enterprise UPS Devices

Date Published: March 10, 2022

https://securityaffairs.co/wordpress/128867/hacking/tlstorm-flaws-ups-devices.html

Excerpt: “Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Smart-UPS devices. The flaws can allow remote attackers to manipulate the power of millions of enterprise devices carrying out extreme cyber-physical attacks.”

Title: APT41 Spies Broke Into 6 US State Networks via a Livestock App

Date Published: March 9, 2022

https://threatpost.com/apt41-spies-broke-into-6-us-state-networks-via-livestock-app/178838/

Excerpt: “USAHerds – an app used (PDF) by farmers to speed their response to diseases and other threats to their livestock – has itself become an infection vector, used to pry open at least six U.S. state networks by one of China’s most prolific state-sponsored espionage groups. In a report published by Mandiant on Tuesday, researchers described a prolonged incursion conducted by APT41. They detected the activity in May 2021 and tracked it through last month, February 2022, observing the spy group pry open vulnerable, internet-facing web apps that were often written in ASP.NET.”

Title: ITOps Teams are Getting Buried Beneath too Many Disparate Solutions for Endpoint Management

Date Published: March 10, 2022

https://www.helpnetsecurity.com/2022/03/10/keeping-endpoints-updated/

Excerpt: “Automox released the findings of a report which revealed that keeping endpoints continuously updated and secure has become even more challenging since the Automox 2021 report, and that organizations are continuing to struggle with the complexity of using multiple legacy tools to manage and secure today’s anywhere-everywhere work environment.”

Title: Former US Cyber Official Warns of Russian War Repercussions

Date Published: March 9, 2022

https://www.bankinfosecurity.com/former-us-cyber-official-warns-russian-war-repercussions-a-18687

Excerpt: “A former top U.S. cybersecurity official warns that the conflict in Ukraine will likely worsen before showing any signs of improvement, including potential cyber escalation with the U.S. and its NATO allies.”

Title: New Exploit Bypasses Existing Spectre-v2 Mitigations in Intel, AMD, Arm CPUs

Date Published: March 10,  2022

https://thehackernews.com/2022/03/new-exploit-bypasses-existing-spectre.html

Excerpt: “Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm and stage speculative execution attacks such as Spectre to leak sensitive information from host memory. Attacks like Spectre are designed to break the isolation between different applications by taking advantage of an optimization technique called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets.”

Title: Finance Among Best-Prepared Sectors for Cyberattacks, but Falls Short in Other Areas

Date Published: March 10, 2022

https://www.scmagazine.com/analysis/training/finance-among-best-prepared-sectors-for-cyberattacks-but-falls-short-in-other-areas

Excerpt: “IT security professionals at financial institutions are better-prepared than their peers in many other industries, but they are still not performing as well as they should be when responding to cyberattacks, according to a report released Wednesday. Lack of speed in response to major hacks typically causes large enterprises overall to be “left exposed by a three-month gap in human cyber capabilities after threats break,” according to a release announcing the findings of the inaugural “Cyber Workforce Benchmark” report by Immersive Labs, which develops platforms to track and analyze the productivity of enterprise cyber professionals. (Log4j is an exception. Cybersecurity teams across the board were able to develop their cyber workers to respond within just two days to this recent pervasive threat.)”

Title: CISA Updates Conti Ransomware Alert with Nearly 100 Domain Names

Date Published: March 9, 2022

https://www.bleepingcomputer.com/news/security/cisa-updates-conti-ransomware-alert-with-nearly-100-domain-names/

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated the alert on Conti ransomware with indicators of compromise (IoCs) consisting of close to 100 domain names used in malicious operations. Originally published on September 22, 2021, the advisory includes details observed by CISA and the Federal Bureau of Investigation (FBI) in Conti ransomware attacks targeting organizations in the U.S. The updated cybersecurity advisory contains data from the U.S. Secret Service.”

Title: New Emotet Botnet is Rapidly Growing, with +130K Unique Bots Spread Across 179 Countries

Date Published: March 10, 2022

https://securityaffairs.co/wordpress/128879/breaking-news/emotet-botnet-rapidly-growing.html

Excerpt: “The Emotet botnet continues to grow and has infected approximately 130,000 hosts since its resurrection in November 2021.Early 2021, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action.”

Title: Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads

Date Published: March 10, 2022

https://threatpost.com/qakbot-botnet-sprouts-fangs-injects-malware-into-email-threads/178845/

Excerpt: “The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet’s powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacking – an attack in which malware operators malspam replies to ongoing email threads.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...