March 11, 2022

Fortify Security Team
Mar 11, 2022

Title: REvil Ransomware Member Extradited to U.S. to Stand Trial for Kaseya Attack
Date Published: March 10, 2022

https://www.bleepingcomputer.com/news/security/revil-ransomware-member-extradited-to-us-to-stand-trial-for-kaseya-attack/

Excerpt: “The U.S. Department of Justice announced that alleged REvil ransomware affiliate, Yaroslav Vasinskyi, was extradited to the United States last week to stand trial for the Kaseya cyberattack. Vasinkyi, a 22-year-old Ukrainian national, was arrested in November 2021 while entering Poland for his cybercrime activities as a REvil member.”

Title:Anonymous Hacked Roskomnadzor Agency Revealing Russian Disinformation
Date Published: March 11, 2022

https://securityaffairs.co/wordpress/128922/hacking/anonymouys-hacked-russian-roskomnadzor.html

Excerpt: “Anonymous announced to have hacked the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, also known as Roskomnadzor. The agency is responsible for monitoring, controlling and censoring Russian mass media and according to Anonymous, it is controlling the disinformation campaign about the ongoing invasion of Ukraine.”

Title: Raccoon Stealer Crawls Into Telegram
Date Published: March 11, 2022

https://threatpost.com/raccoon-stealer-telegram/178881/

Excerpt: “A credential stealer that first rose to popularity a couple of years ago is now abusing Telegram for command-and-control (C2). A range of cybercriminals continue to widen its attack surface through creative distribution means like this, researchers have reported. Raccoon Stealer, which first appeared on the scene in April 2019, has added the ability to store and update its own actual C2 addresses on Telegram’s infrastructure, according to a blog post published by Avast Threat Labs this week. This gives them a “convenient and reliable” command center on the platform that they can update on the fly, researchers said.”

Title: Consumers Demand a Digital Banking Experience with Security at its Foundation
Date Published: March 11, 2022

https://www.helpnetsecurity.com/2022/03/11/digital-banking-experience/

Excerpt: “The global transformation of banking and payments has only accelerated over the past few years, and between web trends and a global pandemic, the industry has seen disruption from all angles. Consumers are digitally connected in almost all facets of their lives — and it’s evident they expect the same from their banks and payment experiences, with consumers overwhelmingly expressing a preference for digital offerings from their financial institutions.”

Title: Internet Experts Propose Blocking Culpable Russian Sites
Date Published: March 10, 2022

https://www.bankinfosecurity.com/internet-experts-propose-blocking-culpable-russian-sites-a-18695

Excerpt: “In an open letter addressing last week’s request by the Ukrainian government to the web governance entity the Internet Corporation for Assigned Names and Numbers, dozens of researchers, internet activists, politicians and academics voiced their disapproval, instead calling for precise, measured sanctions that could more effectively weaken Russian military and propaganda efforts.”

Title: Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign
Date Published: March 10,  2022

https://thehackernews.com/2022/03/iranian-hackers-targeting-turkey-and.html

Excerpt: “The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems. “The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy ransomware and destructive malware in an enterprise,” Cisco Talos researchers Asheer Malhotra, Vitor Ventura, and Arnaud Zobec said in a report published today.”

Title: CISA Official: Lower Reporting Thresholds for Cyber Incidents and Get Your CEO and Board Invested in Security
Date Published: March 10, 2022

https://www.scmagazine.com/analysis/cloud-security/cisa-official-lower-reporting-thresholds-for-cyber-incidents-and-get-your-ceo-and-board-invested-in-security

Excerpt: “A top official at the Cybersecurity and Infrastructure Security Agency cited increased visibility over cyber intrusions in the private sector, cultivating a stronger digital security workforce and making cybersecurity a top-of-mind issue for corporate board rooms as priorities. During a March 10 event hosted by Billington Cybersecurity, CISA Executive Assistant Director Eric Goldstein said it is important the agency (as well as the FBI) receive reporting from organizations who may be hit with a cyberattack from a foreign government or criminal enterprise.”

Title: Over 40% of Log4j Downloads Are Vulnerable Versions of the Software
Date Published: March 10, 2022

https://www.darkreading.com/vulnerabilities-threats/three-months-later-41-of-log4j-downloads-are-of-vulnerable-versions

Excerpt: “Three months after the Apache Foundation disclosed the infamous Lo4j vulnerability [CVE-2021-44228] and issued a fix for it, more than 4 in 10 downloads of the logging tool from the Maven Central Java package repository continue to be known vulnerable versions.”

Title: Russian Defense Firm Rostec Shuts Down Website After DDoS Attack
Date Published: March 11, 2022

https://www.bleepingcomputer.com/news/security/russian-defense-firm-rostec-shuts-down-website-after-ddos-attack/

Excerpt: “Rostec, a Russian state-owned aerospace and defense conglomerate, said its website was taken down today following what it described as a “cyberattack.” The state defense company says its website has been under constant siege since late February when Russia invaded its neighbor Ukraine without provocation.”

Title: Vodafone Investigates Claims of a Data Breach Made by Lapsus$ Gang
Date Published: March 11, 2022

https://securityaffairs.co/wordpress/128903/cyber-crime/vodafone-investigates-data-breach.html

Excerpt: “Vodafone announced to have launched an investigation after the Lapsus$ cybercrime group claimed to have stolen its source code. The Lapsus$ gang claims to have stolen approximately 200 GB of source code files, allegedly contained in 5,000 GitHub repositories.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...