March 17, 2022

Fortify Security Team
Mar 17, 2022

Title: Unsecured Microsoft SQL, MySQL Servers Hit by Gh0stCringe Malware

Date Published: March 16, 2022

https://www.bleepingcomputer.com/news/security/unsecured-microsoft-sql-mysql-servers-hit-by-gh0stcringe-malware/

Excerpt: “Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices. Gh0stCringe, aka CirenegRAT, is a variant of Gh0st RAT malware that was most recently deployed in 2020 Chinese cyber-espionage operations but dates as far back as 2018.”

Title: B1txor20 Linux Botnet use DNS Tunnel and Log4J Exploit

Date Published: March 17, 2022

https://securityaffairs.co/wordpress/129130/malware/b1txor20-linux-botnet-dns-tunnel.html

Excerpt: “Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. The name B1txor20 is based on the file name “b1t” used for the propagation and the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes.”

Title: ‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps

Date Published: March 16, 2022

https://threatpost.com/cryptorom-crypto-scam-side-loaded-apple-apps/178942/

Excerpt: “For about a year now, crypto-traders and lovelorn singles alike have been losing their money to CryptoRom, a malware campaign that combines catfishing with crypto-scamming. According to research from Sophos, CryptoRom’s perpetrators have now improved their techniques. They’re leveraging new iOS features – TestFlight and WebClips – to get fake apps onto victims’ phones without being subject to the rigorous app store approval process.”

Title: Severity of Mobile Threats rising, 10+ Million Mobile Endpoints Impacted

Date Published: March 17, 2022

https://www.helpnetsecurity.com/2022/03/17/state-of-mobile-security/

Excerpt: “Zimperium published a report unveiling new data and comprehensive analysis of the state of mobile security worldwide. In 2021, the Zimperium zLabs team discovered threats impacting 10 million mobile devices in at least 214 countries. Mobile malware was the most prevalent threat, encountered by nearly 1 in 4 mobile endpoints within the global customer base. Throughout the year, the team detected 2,034,217 new mobile malware samples in the wild, equating to an average of nearly 36,000 new strains of malware a week and over 5,000 a day.”

Title: Ukrainian Cyber Official Offers Update on ‘IT Army’

Date Published: March 16, 2022

https://www.bankinfosecurity.com/ukrainian-cyber-official-offers-update-on-it-army-a-18731

Excerpt: War in Ukraine continues into its third week, and Russia is closing in on major Ukrainian cities, upping its targeting of civilian infrastructure. In the U.S., cybersecurity officials continue to urge a “Shields Up” approach – while the digital conflict has devolved deeply into the underground.

Title: Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion

Date Published: March 17, 2022

https://thehackernews.com/2022/03/popular-npm-package-updated-to-wipe.html

Excerpt: “In what’s yet another act of sabotage, the developer behind the popular “node-ipc” NPM package shipped a new version to protest Russia’s invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users with IP addresses located either in Russia or Belarus, and wiping arbitrary file contents and replacing it with a heart emoji.”

Title: ‘Security issue’ at East Tennessee Children’s Hospital Disrupts Services

Date Published: March 16, 2022

https://www.scmagazine.com/analysis/incident-response/security-issue-at-east-tennessee-childrens-hospital-disrupts-services

Excerpt: “East Tennessee Children’s Hospital in Knoxville is currently facing disruptions to several key care services at its downtown location, including email, after a “security issue,” according to multiple social media posts and a website notice. The hospital “has been a victim of an information technology security issue” launched in the evening hours of Sunday, March 13, officials said in a statement. “Maintaining the safety and security of our patients and their care is our top priority. We are still able to care for our patients.””

Title: Microsoft Creates Tool to Scan MikroTik Routers for TrickBot Infections

Date Published: March 17, 2022

https://www.bleepingcomputer.com/news/security/microsoft-creates-tool-to-scan-mikrotik-routers-for-trickbot-infections/

Excerpt: “Microsoft released a scanner that detects MikroTik routers hacked by the TrickBot gang to act as proxies for command and control servers. TrickBot is a malware botnet distributed via phishing emails or dropped by other malware that has already infected a device. Once executed, TrickBot will connect to a remote command and control server to receive commands and download further payloads to run on the infected machine.”

Title: Ukraine SBU Arrested a Hacker Who Supported Russia During the Invasion

Date Published: March 17, 2022

https://securityaffairs.co/wordpress/129145/cyber-warfare-2/ukraine-sbu-arrested-hacker-helping-russia.html

Excerpt: “The Security Service of Ukraine (SBU) announced to have arrested a hacker who provided technical support to Russian troops during the invasion, the man provided mobile communication services inside the Ukrainian territory. The man has broadcasted text messages to Ukrainian officials asking them to lay down the weapons and join Russia.”

Title: DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly

Date Published: March 17, 2022

https://thehackernews.com/2022/03/dirtymoe-botnet-gains-new-exploits-in.html

Excerpt: “The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. “The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation,” Avast researcher Martin Chlumecký said in a report published Wednesday.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...