March 15, 2022

Fortify Security Team
Mar 15, 2022

Title: New CaddyWiper Data Wiping Malware Hits Ukrainian Networks
Date Published: March 14, 2022

https://www.bleepingcomputer.com/news/security/new-caddywiper-data-wiping-malware-hits-ukrainian-networks/

Excerpt: “Newly discovered data-destroying malware was observed earlier today in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks. “This new malware erases user data and partition information from attached drives,” ESET Research Labs explained. “ESET telemetry shows that it was seen on a few dozen systems in a limited number of organizations.””

Title: The German BSI Agency Recommends Replacing Kaspersky Antivirus Software
Date Published: March 14, 2022

https://securityaffairs.co/wordpress/129085/intelligence/bsi-recommends-replace-kaspersky-av.html

Excerpt: “The German Federal Office for Information Security agency, aka BSI, recommends consumers uninstall Kaspersky anti-virus software. The Agency warns the cybersecurity firm could be implicated in hacking attacks during the ongoing Russian invasion of Ukraine.According to §7 BSI law, the BSI warns against the use of Kaspersky Antivirus and recommends replacing it asap with defense solutions from other vendors.”

Title: Pandora Ransomware Hits Giant Automotive Supplier Denso
Date Published: March 15, 2022

https://threatpost.com/pandora-ransomware-hits-giant-automotive-supplier-denso/178911/

Excerpt: “A multibillion supplier to key automotive companies like Toyota, Mercedes-Benz and Ford confirmed Monday that it was the target of a cyberattack over the weekend – confirmation that came after the Pandora ransomware group began leaking data that attackers claimed was stolen in the incident.”

Title: Financially Motivated Threat Actors Willing to go After Russian Targets
Date Published: March 15, 2022

https://www.helpnetsecurity.com/2022/03/15/threat-actors-russian-targets/

Excerpt: “As Ukrainian organizations are getting hit with yet another data-wiping malware, financially motivated threat actors are choosing sides and some of them are expressing their willingness to target Russian targets.”

Title: Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021
Date Published: March 15, 2022

https://thehackernews.com/2022/03/nearly-34-ransomware-variants-observed.html
Excerpt: “As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471.The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively. In all, 34 different ransomware variants were detected during the three-month-period between October and December 2021.”

Title: Not another NotPetya: Ukraine conflict renews calls from CISOs for healthcare threat sharing
Date Published: March 14,  2022

https://www.scmagazine.com/feature/risk-management/not-another-notpetya-ukraine-conflict-renews-calls-from-cisos-for-healthcare-threat-sharing

Excerpt: “Healthcare chief information security officers are raising red flags to threat sharing groups about an alarming increase in cyberattacks amid the ongoing conflict in Ukraine – most notably by way of phishing incidents. Like many organizations across critical verticals, healthcare leaders recognize the threat posed by geopolitical tensions in Eastern Europe against the healthcare sector, notifying peers and communicating with sector specific information sharing centers about increased targeting of executives.”

Title: Mobile Threats Skyrocket
Date Published: March 14, 2022

https://www.darkreading.com/endpoint/mobile-threats-skyrocket

Excerpt: “The volume of mobile threats is increasing and attackers are growing more sophisticated, with almost a third of zero-day attacks now targeting mobile devices, new data shows.In its annual mobile threats report published this week, cybersecurity firm Zimperium says data from its services shows that nearly a quarter of mobile devices encountered malware last year, while 13% had their data intercepted by a machine-in-the-middle attack and 12% were directed to a malicious website. The rising cyber-risk comes as the attack surface area of mobile applications has grown, with more than 900 Common Vulnerabilities and Exposures (CVEs) reported in 2021 that directly affect Apple iOS or Google Android. In addition, risks have risen from the third-party components used by developers, and a variety of misconfigurations have undermined the security of the cloud services underpinning mobile applications.”

Title: Fake Antivirus Updates Used to Deploy Cobalt Strike in Ukraine
Date Published: March 14, 2022

https://www.bleepingcomputer.com/news/security/fake-antivirus-updates-used-to-deploy-cobalt-strike-in-ukraine/

Excerpt: “Ukraine’s Computer Emergency Response Team is warning that threat actors are distributing fake Windows antivirus updates that install Cobalt Strike and other malware. The phishing emails impersonate Ukrainian government agencies offering ways to increase network security and advise recipients to download “critical security updates,” which come in the form of a 60 MB file named “BitdefenderWindowsUpdatePackage.exe.””

Title: Dirty Pipe Linux Flaw Impacts Most QNAP NAS Devices
Date Published: March 15, 2022

https://securityaffairs.co/wordpress/129076/hacking/qnap-nas-dirty-pipe.html

Excerpt: “Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by the recently discovered Linux vulnerability ‘Dirty Pipe.’ An attacker with local access can exploit the high-severity vulnerability Dirty Pipe to gain root privileges.”

Title: Massive DDoS Attack Knocked Israeli Government Websites Offline
Date Published: March 15, 2022

https://thehackernews.com/2022/03/massive-ddos-attack-knocked-israeli.html

Excerpt: “A number of websites belonging to the Israeli government were felled in a distributed denial-of-service (DDoS) attack on Monday, rendering the portals inaccessible for a short period of time. “In the past few hours, a DDoS attack against a communications provider was identified,” the Israel National Cyber Directorate (INCD) said in a tweet. “As a result, access to several websites, among them government websites, was denied for a short time. As of now, all of the websites have returned to normal activity.””

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...