March 15, 2022

Fortify Security Team
Mar 15, 2022

Title: New CaddyWiper Data Wiping Malware Hits Ukrainian Networks
Date Published: March 14, 2022

https://www.bleepingcomputer.com/news/security/new-caddywiper-data-wiping-malware-hits-ukrainian-networks/

Excerpt: “Newly discovered data-destroying malware was observed earlier today in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks. “This new malware erases user data and partition information from attached drives,” ESET Research Labs explained. “ESET telemetry shows that it was seen on a few dozen systems in a limited number of organizations.””

Title: The German BSI Agency Recommends Replacing Kaspersky Antivirus Software
Date Published: March 14, 2022

https://securityaffairs.co/wordpress/129085/intelligence/bsi-recommends-replace-kaspersky-av.html

Excerpt: “The German Federal Office for Information Security agency, aka BSI, recommends consumers uninstall Kaspersky anti-virus software. The Agency warns the cybersecurity firm could be implicated in hacking attacks during the ongoing Russian invasion of Ukraine.According to §7 BSI law, the BSI warns against the use of Kaspersky Antivirus and recommends replacing it asap with defense solutions from other vendors.”

Title: Pandora Ransomware Hits Giant Automotive Supplier Denso
Date Published: March 15, 2022

https://threatpost.com/pandora-ransomware-hits-giant-automotive-supplier-denso/178911/

Excerpt: “A multibillion supplier to key automotive companies like Toyota, Mercedes-Benz and Ford confirmed Monday that it was the target of a cyberattack over the weekend – confirmation that came after the Pandora ransomware group began leaking data that attackers claimed was stolen in the incident.”

Title: Financially Motivated Threat Actors Willing to go After Russian Targets
Date Published: March 15, 2022

https://www.helpnetsecurity.com/2022/03/15/threat-actors-russian-targets/

Excerpt: “As Ukrainian organizations are getting hit with yet another data-wiping malware, financially motivated threat actors are choosing sides and some of them are expressing their willingness to target Russian targets.”

Title: Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021
Date Published: March 15, 2022

https://thehackernews.com/2022/03/nearly-34-ransomware-variants-observed.html
Excerpt: “As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471.The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively. In all, 34 different ransomware variants were detected during the three-month-period between October and December 2021.”

Title: Not another NotPetya: Ukraine conflict renews calls from CISOs for healthcare threat sharing
Date Published: March 14,  2022

https://www.scmagazine.com/feature/risk-management/not-another-notpetya-ukraine-conflict-renews-calls-from-cisos-for-healthcare-threat-sharing

Excerpt: “Healthcare chief information security officers are raising red flags to threat sharing groups about an alarming increase in cyberattacks amid the ongoing conflict in Ukraine – most notably by way of phishing incidents. Like many organizations across critical verticals, healthcare leaders recognize the threat posed by geopolitical tensions in Eastern Europe against the healthcare sector, notifying peers and communicating with sector specific information sharing centers about increased targeting of executives.”

Title: Mobile Threats Skyrocket
Date Published: March 14, 2022

https://www.darkreading.com/endpoint/mobile-threats-skyrocket

Excerpt: “The volume of mobile threats is increasing and attackers are growing more sophisticated, with almost a third of zero-day attacks now targeting mobile devices, new data shows.In its annual mobile threats report published this week, cybersecurity firm Zimperium says data from its services shows that nearly a quarter of mobile devices encountered malware last year, while 13% had their data intercepted by a machine-in-the-middle attack and 12% were directed to a malicious website. The rising cyber-risk comes as the attack surface area of mobile applications has grown, with more than 900 Common Vulnerabilities and Exposures (CVEs) reported in 2021 that directly affect Apple iOS or Google Android. In addition, risks have risen from the third-party components used by developers, and a variety of misconfigurations have undermined the security of the cloud services underpinning mobile applications.”

Title: Fake Antivirus Updates Used to Deploy Cobalt Strike in Ukraine
Date Published: March 14, 2022

https://www.bleepingcomputer.com/news/security/fake-antivirus-updates-used-to-deploy-cobalt-strike-in-ukraine/

Excerpt: “Ukraine’s Computer Emergency Response Team is warning that threat actors are distributing fake Windows antivirus updates that install Cobalt Strike and other malware. The phishing emails impersonate Ukrainian government agencies offering ways to increase network security and advise recipients to download “critical security updates,” which come in the form of a 60 MB file named “BitdefenderWindowsUpdatePackage.exe.””

Title: Dirty Pipe Linux Flaw Impacts Most QNAP NAS Devices
Date Published: March 15, 2022

https://securityaffairs.co/wordpress/129076/hacking/qnap-nas-dirty-pipe.html

Excerpt: “Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by the recently discovered Linux vulnerability ‘Dirty Pipe.’ An attacker with local access can exploit the high-severity vulnerability Dirty Pipe to gain root privileges.”

Title: Massive DDoS Attack Knocked Israeli Government Websites Offline
Date Published: March 15, 2022

https://thehackernews.com/2022/03/massive-ddos-attack-knocked-israeli.html

Excerpt: “A number of websites belonging to the Israeli government were felled in a distributed denial-of-service (DDoS) attack on Monday, rendering the portals inaccessible for a short period of time. “In the past few hours, a DDoS attack against a communications provider was identified,” the Israel National Cyber Directorate (INCD) said in a tweet. “As a result, access to several websites, among them government websites, was denied for a short time. As of now, all of the websites have returned to normal activity.””

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...