March 11, 2022

Fortify Security Team
Mar 11, 2022

Title: REvil Ransomware Member Extradited to U.S. to Stand Trial for Kaseya Attack
Date Published: March 10, 2022

Excerpt: “The U.S. Department of Justice announced that alleged REvil ransomware affiliate, Yaroslav Vasinskyi, was extradited to the United States last week to stand trial for the Kaseya cyberattack. Vasinkyi, a 22-year-old Ukrainian national, was arrested in November 2021 while entering Poland for his cybercrime activities as a REvil member.”

Title:Anonymous Hacked Roskomnadzor Agency Revealing Russian Disinformation
Date Published: March 11, 2022

Excerpt: “Anonymous announced to have hacked the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, also known as Roskomnadzor. The agency is responsible for monitoring, controlling and censoring Russian mass media and according to Anonymous, it is controlling the disinformation campaign about the ongoing invasion of Ukraine.”

Title: Raccoon Stealer Crawls Into Telegram
Date Published: March 11, 2022

Excerpt: “A credential stealer that first rose to popularity a couple of years ago is now abusing Telegram for command-and-control (C2). A range of cybercriminals continue to widen its attack surface through creative distribution means like this, researchers have reported. Raccoon Stealer, which first appeared on the scene in April 2019, has added the ability to store and update its own actual C2 addresses on Telegram’s infrastructure, according to a blog post published by Avast Threat Labs this week. This gives them a “convenient and reliable” command center on the platform that they can update on the fly, researchers said.”

Title: Consumers Demand a Digital Banking Experience with Security at its Foundation
Date Published: March 11, 2022

Excerpt: “The global transformation of banking and payments has only accelerated over the past few years, and between web trends and a global pandemic, the industry has seen disruption from all angles. Consumers are digitally connected in almost all facets of their lives — and it’s evident they expect the same from their banks and payment experiences, with consumers overwhelmingly expressing a preference for digital offerings from their financial institutions.”

Title: Internet Experts Propose Blocking Culpable Russian Sites
Date Published: March 10, 2022

Excerpt: “In an open letter addressing last week’s request by the Ukrainian government to the web governance entity the Internet Corporation for Assigned Names and Numbers, dozens of researchers, internet activists, politicians and academics voiced their disapproval, instead calling for precise, measured sanctions that could more effectively weaken Russian military and propaganda efforts.”

Title: Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign
Date Published: March 10,  2022

Excerpt: “The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems. “The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy ransomware and destructive malware in an enterprise,” Cisco Talos researchers Asheer Malhotra, Vitor Ventura, and Arnaud Zobec said in a report published today.”

Title: CISA Official: Lower Reporting Thresholds for Cyber Incidents and Get Your CEO and Board Invested in Security
Date Published: March 10, 2022

Excerpt: “A top official at the Cybersecurity and Infrastructure Security Agency cited increased visibility over cyber intrusions in the private sector, cultivating a stronger digital security workforce and making cybersecurity a top-of-mind issue for corporate board rooms as priorities. During a March 10 event hosted by Billington Cybersecurity, CISA Executive Assistant Director Eric Goldstein said it is important the agency (as well as the FBI) receive reporting from organizations who may be hit with a cyberattack from a foreign government or criminal enterprise.”

Title: Over 40% of Log4j Downloads Are Vulnerable Versions of the Software
Date Published: March 10, 2022

Excerpt: “Three months after the Apache Foundation disclosed the infamous Lo4j vulnerability [CVE-2021-44228] and issued a fix for it, more than 4 in 10 downloads of the logging tool from the Maven Central Java package repository continue to be known vulnerable versions.”

Title: Russian Defense Firm Rostec Shuts Down Website After DDoS Attack
Date Published: March 11, 2022

Excerpt: “Rostec, a Russian state-owned aerospace and defense conglomerate, said its website was taken down today following what it described as a “cyberattack.” The state defense company says its website has been under constant siege since late February when Russia invaded its neighbor Ukraine without provocation.”

Title: Vodafone Investigates Claims of a Data Breach Made by Lapsus$ Gang
Date Published: March 11, 2022

Excerpt: “Vodafone announced to have launched an investigation after the Lapsus$ cybercrime group claimed to have stolen its source code. The Lapsus$ gang claims to have stolen approximately 200 GB of source code files, allegedly contained in 5,000 GitHub repositories.”

Recent Posts

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 Excerpt: “The duration of ransomware attacks in 2021...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 Excerpt: “Microsoft has shared mitigation...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 Excerpt: “Microsoft has shared mitigation...

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 Excerpt: “The Tor Project has published details about a...