March 17, 2022

Fortify Security Team
Mar 17, 2022

Title: Unsecured Microsoft SQL, MySQL Servers Hit by Gh0stCringe Malware

Date Published: March 16, 2022

https://www.bleepingcomputer.com/news/security/unsecured-microsoft-sql-mysql-servers-hit-by-gh0stcringe-malware/

Excerpt: “Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices. Gh0stCringe, aka CirenegRAT, is a variant of Gh0st RAT malware that was most recently deployed in 2020 Chinese cyber-espionage operations but dates as far back as 2018.”

Title: B1txor20 Linux Botnet use DNS Tunnel and Log4J Exploit

Date Published: March 17, 2022

https://securityaffairs.co/wordpress/129130/malware/b1txor20-linux-botnet-dns-tunnel.html

Excerpt: “Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. The name B1txor20 is based on the file name “b1t” used for the propagation and the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes.”

Title: ‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps

Date Published: March 16, 2022

https://threatpost.com/cryptorom-crypto-scam-side-loaded-apple-apps/178942/

Excerpt: “For about a year now, crypto-traders and lovelorn singles alike have been losing their money to CryptoRom, a malware campaign that combines catfishing with crypto-scamming. According to research from Sophos, CryptoRom’s perpetrators have now improved their techniques. They’re leveraging new iOS features – TestFlight and WebClips – to get fake apps onto victims’ phones without being subject to the rigorous app store approval process.”

Title: Severity of Mobile Threats rising, 10+ Million Mobile Endpoints Impacted

Date Published: March 17, 2022

https://www.helpnetsecurity.com/2022/03/17/state-of-mobile-security/

Excerpt: “Zimperium published a report unveiling new data and comprehensive analysis of the state of mobile security worldwide. In 2021, the Zimperium zLabs team discovered threats impacting 10 million mobile devices in at least 214 countries. Mobile malware was the most prevalent threat, encountered by nearly 1 in 4 mobile endpoints within the global customer base. Throughout the year, the team detected 2,034,217 new mobile malware samples in the wild, equating to an average of nearly 36,000 new strains of malware a week and over 5,000 a day.”

Title: Ukrainian Cyber Official Offers Update on ‘IT Army’

Date Published: March 16, 2022

https://www.bankinfosecurity.com/ukrainian-cyber-official-offers-update-on-it-army-a-18731

Excerpt: War in Ukraine continues into its third week, and Russia is closing in on major Ukrainian cities, upping its targeting of civilian infrastructure. In the U.S., cybersecurity officials continue to urge a “Shields Up” approach – while the digital conflict has devolved deeply into the underground.

Title: Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion

Date Published: March 17, 2022

https://thehackernews.com/2022/03/popular-npm-package-updated-to-wipe.html

Excerpt: “In what’s yet another act of sabotage, the developer behind the popular “node-ipc” NPM package shipped a new version to protest Russia’s invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users with IP addresses located either in Russia or Belarus, and wiping arbitrary file contents and replacing it with a heart emoji.”

Title: ‘Security issue’ at East Tennessee Children’s Hospital Disrupts Services

Date Published: March 16, 2022

https://www.scmagazine.com/analysis/incident-response/security-issue-at-east-tennessee-childrens-hospital-disrupts-services

Excerpt: “East Tennessee Children’s Hospital in Knoxville is currently facing disruptions to several key care services at its downtown location, including email, after a “security issue,” according to multiple social media posts and a website notice. The hospital “has been a victim of an information technology security issue” launched in the evening hours of Sunday, March 13, officials said in a statement. “Maintaining the safety and security of our patients and their care is our top priority. We are still able to care for our patients.””

Title: Microsoft Creates Tool to Scan MikroTik Routers for TrickBot Infections

Date Published: March 17, 2022

https://www.bleepingcomputer.com/news/security/microsoft-creates-tool-to-scan-mikrotik-routers-for-trickbot-infections/

Excerpt: “Microsoft released a scanner that detects MikroTik routers hacked by the TrickBot gang to act as proxies for command and control servers. TrickBot is a malware botnet distributed via phishing emails or dropped by other malware that has already infected a device. Once executed, TrickBot will connect to a remote command and control server to receive commands and download further payloads to run on the infected machine.”

Title: Ukraine SBU Arrested a Hacker Who Supported Russia During the Invasion

Date Published: March 17, 2022

https://securityaffairs.co/wordpress/129145/cyber-warfare-2/ukraine-sbu-arrested-hacker-helping-russia.html

Excerpt: “The Security Service of Ukraine (SBU) announced to have arrested a hacker who provided technical support to Russian troops during the invasion, the man provided mobile communication services inside the Ukrainian territory. The man has broadcasted text messages to Ukrainian officials asking them to lay down the weapons and join Russia.”

Title: DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly

Date Published: March 17, 2022

https://thehackernews.com/2022/03/dirtymoe-botnet-gains-new-exploits-in.html

Excerpt: “The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. “The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation,” Avast researcher Martin Chlumecký said in a report published Wednesday.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...