March 17, 2022

Fortify Security Team
Mar 17, 2022

Title: Unsecured Microsoft SQL, MySQL Servers Hit by Gh0stCringe Malware

Date Published: March 16, 2022

https://www.bleepingcomputer.com/news/security/unsecured-microsoft-sql-mysql-servers-hit-by-gh0stcringe-malware/

Excerpt: “Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices. Gh0stCringe, aka CirenegRAT, is a variant of Gh0st RAT malware that was most recently deployed in 2020 Chinese cyber-espionage operations but dates as far back as 2018.”

Title: B1txor20 Linux Botnet use DNS Tunnel and Log4J Exploit

Date Published: March 17, 2022

https://securityaffairs.co/wordpress/129130/malware/b1txor20-linux-botnet-dns-tunnel.html

Excerpt: “Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. The name B1txor20 is based on the file name “b1t” used for the propagation and the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes.”

Title: ‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps

Date Published: March 16, 2022

https://threatpost.com/cryptorom-crypto-scam-side-loaded-apple-apps/178942/

Excerpt: “For about a year now, crypto-traders and lovelorn singles alike have been losing their money to CryptoRom, a malware campaign that combines catfishing with crypto-scamming. According to research from Sophos, CryptoRom’s perpetrators have now improved their techniques. They’re leveraging new iOS features – TestFlight and WebClips – to get fake apps onto victims’ phones without being subject to the rigorous app store approval process.”

Title: Severity of Mobile Threats rising, 10+ Million Mobile Endpoints Impacted

Date Published: March 17, 2022

https://www.helpnetsecurity.com/2022/03/17/state-of-mobile-security/

Excerpt: “Zimperium published a report unveiling new data and comprehensive analysis of the state of mobile security worldwide. In 2021, the Zimperium zLabs team discovered threats impacting 10 million mobile devices in at least 214 countries. Mobile malware was the most prevalent threat, encountered by nearly 1 in 4 mobile endpoints within the global customer base. Throughout the year, the team detected 2,034,217 new mobile malware samples in the wild, equating to an average of nearly 36,000 new strains of malware a week and over 5,000 a day.”

Title: Ukrainian Cyber Official Offers Update on ‘IT Army’

Date Published: March 16, 2022

https://www.bankinfosecurity.com/ukrainian-cyber-official-offers-update-on-it-army-a-18731

Excerpt: War in Ukraine continues into its third week, and Russia is closing in on major Ukrainian cities, upping its targeting of civilian infrastructure. In the U.S., cybersecurity officials continue to urge a “Shields Up” approach – while the digital conflict has devolved deeply into the underground.

Title: Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion

Date Published: March 17, 2022

https://thehackernews.com/2022/03/popular-npm-package-updated-to-wipe.html

Excerpt: “In what’s yet another act of sabotage, the developer behind the popular “node-ipc” NPM package shipped a new version to protest Russia’s invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users with IP addresses located either in Russia or Belarus, and wiping arbitrary file contents and replacing it with a heart emoji.”

Title: ‘Security issue’ at East Tennessee Children’s Hospital Disrupts Services

Date Published: March 16, 2022

https://www.scmagazine.com/analysis/incident-response/security-issue-at-east-tennessee-childrens-hospital-disrupts-services

Excerpt: “East Tennessee Children’s Hospital in Knoxville is currently facing disruptions to several key care services at its downtown location, including email, after a “security issue,” according to multiple social media posts and a website notice. The hospital “has been a victim of an information technology security issue” launched in the evening hours of Sunday, March 13, officials said in a statement. “Maintaining the safety and security of our patients and their care is our top priority. We are still able to care for our patients.””

Title: Microsoft Creates Tool to Scan MikroTik Routers for TrickBot Infections

Date Published: March 17, 2022

https://www.bleepingcomputer.com/news/security/microsoft-creates-tool-to-scan-mikrotik-routers-for-trickbot-infections/

Excerpt: “Microsoft released a scanner that detects MikroTik routers hacked by the TrickBot gang to act as proxies for command and control servers. TrickBot is a malware botnet distributed via phishing emails or dropped by other malware that has already infected a device. Once executed, TrickBot will connect to a remote command and control server to receive commands and download further payloads to run on the infected machine.”

Title: Ukraine SBU Arrested a Hacker Who Supported Russia During the Invasion

Date Published: March 17, 2022

https://securityaffairs.co/wordpress/129145/cyber-warfare-2/ukraine-sbu-arrested-hacker-helping-russia.html

Excerpt: “The Security Service of Ukraine (SBU) announced to have arrested a hacker who provided technical support to Russian troops during the invasion, the man provided mobile communication services inside the Ukrainian territory. The man has broadcasted text messages to Ukrainian officials asking them to lay down the weapons and join Russia.”

Title: DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly

Date Published: March 17, 2022

https://thehackernews.com/2022/03/dirtymoe-botnet-gains-new-exploits-in.html

Excerpt: “The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. “The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation,” Avast researcher Martin Chlumecký said in a report published Wednesday.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...