March 17, 2022

Fortify Security Team
Mar 17, 2022

Title: Unsecured Microsoft SQL, MySQL Servers Hit by Gh0stCringe Malware

Date Published: March 16, 2022

https://www.bleepingcomputer.com/news/security/unsecured-microsoft-sql-mysql-servers-hit-by-gh0stcringe-malware/

Excerpt: “Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices. Gh0stCringe, aka CirenegRAT, is a variant of Gh0st RAT malware that was most recently deployed in 2020 Chinese cyber-espionage operations but dates as far back as 2018.”

Title: B1txor20 Linux Botnet use DNS Tunnel and Log4J Exploit

Date Published: March 17, 2022

https://securityaffairs.co/wordpress/129130/malware/b1txor20-linux-botnet-dns-tunnel.html

Excerpt: “Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. The name B1txor20 is based on the file name “b1t” used for the propagation and the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes.”

Title: ‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps

Date Published: March 16, 2022

https://threatpost.com/cryptorom-crypto-scam-side-loaded-apple-apps/178942/

Excerpt: “For about a year now, crypto-traders and lovelorn singles alike have been losing their money to CryptoRom, a malware campaign that combines catfishing with crypto-scamming. According to research from Sophos, CryptoRom’s perpetrators have now improved their techniques. They’re leveraging new iOS features – TestFlight and WebClips – to get fake apps onto victims’ phones without being subject to the rigorous app store approval process.”

Title: Severity of Mobile Threats rising, 10+ Million Mobile Endpoints Impacted

Date Published: March 17, 2022

https://www.helpnetsecurity.com/2022/03/17/state-of-mobile-security/

Excerpt: “Zimperium published a report unveiling new data and comprehensive analysis of the state of mobile security worldwide. In 2021, the Zimperium zLabs team discovered threats impacting 10 million mobile devices in at least 214 countries. Mobile malware was the most prevalent threat, encountered by nearly 1 in 4 mobile endpoints within the global customer base. Throughout the year, the team detected 2,034,217 new mobile malware samples in the wild, equating to an average of nearly 36,000 new strains of malware a week and over 5,000 a day.”

Title: Ukrainian Cyber Official Offers Update on ‘IT Army’

Date Published: March 16, 2022

https://www.bankinfosecurity.com/ukrainian-cyber-official-offers-update-on-it-army-a-18731

Excerpt: War in Ukraine continues into its third week, and Russia is closing in on major Ukrainian cities, upping its targeting of civilian infrastructure. In the U.S., cybersecurity officials continue to urge a “Shields Up” approach – while the digital conflict has devolved deeply into the underground.

Title: Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion

Date Published: March 17, 2022

https://thehackernews.com/2022/03/popular-npm-package-updated-to-wipe.html

Excerpt: “In what’s yet another act of sabotage, the developer behind the popular “node-ipc” NPM package shipped a new version to protest Russia’s invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users with IP addresses located either in Russia or Belarus, and wiping arbitrary file contents and replacing it with a heart emoji.”

Title: ‘Security issue’ at East Tennessee Children’s Hospital Disrupts Services

Date Published: March 16, 2022

https://www.scmagazine.com/analysis/incident-response/security-issue-at-east-tennessee-childrens-hospital-disrupts-services

Excerpt: “East Tennessee Children’s Hospital in Knoxville is currently facing disruptions to several key care services at its downtown location, including email, after a “security issue,” according to multiple social media posts and a website notice. The hospital “has been a victim of an information technology security issue” launched in the evening hours of Sunday, March 13, officials said in a statement. “Maintaining the safety and security of our patients and their care is our top priority. We are still able to care for our patients.””

Title: Microsoft Creates Tool to Scan MikroTik Routers for TrickBot Infections

Date Published: March 17, 2022

https://www.bleepingcomputer.com/news/security/microsoft-creates-tool-to-scan-mikrotik-routers-for-trickbot-infections/

Excerpt: “Microsoft released a scanner that detects MikroTik routers hacked by the TrickBot gang to act as proxies for command and control servers. TrickBot is a malware botnet distributed via phishing emails or dropped by other malware that has already infected a device. Once executed, TrickBot will connect to a remote command and control server to receive commands and download further payloads to run on the infected machine.”

Title: Ukraine SBU Arrested a Hacker Who Supported Russia During the Invasion

Date Published: March 17, 2022

https://securityaffairs.co/wordpress/129145/cyber-warfare-2/ukraine-sbu-arrested-hacker-helping-russia.html

Excerpt: “The Security Service of Ukraine (SBU) announced to have arrested a hacker who provided technical support to Russian troops during the invasion, the man provided mobile communication services inside the Ukrainian territory. The man has broadcasted text messages to Ukrainian officials asking them to lay down the weapons and join Russia.”

Title: DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly

Date Published: March 17, 2022

https://thehackernews.com/2022/03/dirtymoe-botnet-gains-new-exploits-in.html

Excerpt: “The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. “The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation,” Avast researcher Martin Chlumecký said in a report published Wednesday.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...