March 18, 2022

Fortify Security Team
Mar 18, 2022

Title: CISA, FBI Warn US Critical Orgs of Threats to SATCOM Networks
Date Published: March 17, 2022

https://www.bleepingcomputer.com/news/security/cisa-fbi-warn-us-critical-orgs-of-threats-to-satcom-networks/

Excerpt: “CISA and the FBI said today they’re aware of “possible threats” to satellite communication (SATCOM) networks in the US and worldwide. Today’s security advisory also warned US critical infrastructure organizations of risks to SATCOM providers’ customers following network breaches. “Successful intrusions into SATCOM networks could create risk in SATCOM network providers’ customer environments,” CISA and the FBI said.”

Title: Russia-linked Cyclops Blink Botnet Targeting ASUS Routers
Date Published: March 18, 2022

https://securityaffairs.co/wordpress/129180/apt/cyclops-blink-botnet-targets-asus-routers.html

Excerpt: “The recently discovered Cyclops Blink botnet is now targeting the ASUS routers, reports Trend Micro researchers. The Cyclops Blink malware has been active since at least June 2019, it targets WatchGuard Firebox and other Small Office/Home Office (SOHO) network devices. According to WatchGuard, Cyclops Blink may have affected roughly 1% of all active WatchGuard firewall appliances.”

Title: ‘Misconfigured Firebase Databases Exposing Data in Mobile Apps
Date Published: March 17, 2022

https://threatpost.com/misconfigured-firebase-databases-exposing-data-mobile-apps/178965/

Excerpt: “Thousands of mobile apps – some of which have been downloaded tens of millions of times – are exposing sensitive data from open cloud-based databases due to misconfigured cloud implementations, new research from Check Point has found. Check Point Research (CPR) found that in three months’ time, 2,113 mobile apps using the Firebase cloud-based database exposed data, “leaving victims unprotected and easily accessible for threat actors to exploit,” according to a blog post published this week.”

Title: New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers
Date Published: March 17, 2022

https://thehackernews.com/2022/03/new-vulnerability-in-cri-o-engine-lets.html

Excerpt: “A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host. “Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral movement across pods,” CrowdStrike researchers John Walker and Manoj Ahuje said in an analysis published this week.

Title: Banking Committee Chair: Crypto Can ‘Endanger Security’
Date Published: March 17, 2022

https://www.bankinfosecurity.com/banking-committee-chair-crypto-endanger-security-a-18740

Excerpt: “U.S. lawmakers on Thursday again discussed illicit finance with regard to cryptocurrencies – in light of recent warnings that the Russian government may increasingly rely on digital currencies to stabilize its sanctioned economy.

In a hearing of the Senate Banking, Housing, and Urban Affairs Committee entitled “Understanding the Role of Digital Assets in Illicit Finance,” several cryptocurrency experts, including one individual on the front lines of the Russia-Ukraine conflict, briefed the committee on what they called an immense upside of crypto adoption. The experts also discussed some of crypto’s more macro risks – including sanctioned entities obfuscating funds and ransomware gangs extorting global organizations for Bitcoin.”

Title: SolarWinds Warns of Attacks Targeting Web Help Desk Users
Date Published: March 17, 2022

https://securityaffairs.co/wordpress/129154/hacking/solarwinds-web-help-desk-attack.html

Excerpt: “SolarWinds has published a security advisory to warn customers of the risk of cyberattacks targeting unpatched Web Help Desk (WHD) installs. The WHD is described by SolarWinds as an affordable Help Desk Ticketing and Asset Management Software. SolarWinds declared that one of its customers was the victim of an external attempted attack on their instance of WHD. The attack was blocked by the customer’s endpoint detection and response (EDR) system. The vendor immediately launched an investigation into the hacking attempt.”

Title: HHS: HIPAA can ‘Substantially Mitigate’ Most Common Healthcare Cyberattacks
Date Published: March 17, 2022

https://www.scmagazine.com/analysis/compliance/hhs-hipaa-can-substantially-mitigate-most-common-healthcare-cyberattacks
Excerpt: “The bulk of cyberattacks against the healthcare sector could be “prevented or substantially mitigated” by following the Health Insurance Portability and Accountability Act Security Rule, according to the Department of Health and Human Services Office for Civil Rights. Hacking incidents reported to HHS increased by 45% from 2019 to 2020. While these attacks may be sophisticated or exploit system vulnerabilities, HIPAA requirements address some of the most common attack types, like phishing, vulnerability exploits, and weak authentication.”

Title: Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware
Date Published: March 18, 2022

https://thehackernews.com/2022/03/experts-find-some-affiliates-of.html
Excerpt: “An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it’s typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that the cyber crime cartel is built out of affiliates of other ransomware-as-a-service (RaaS) operations.”

Title: Google: Chinese State Hackers Target Ukraine’s Government
Date Published: March 18, 2022

https://www.bleepingcomputer.com/news/security/google-chinese-state-hackers-target-ukraine-s-government/

Excerpt: “Google’s Threat Analysis Group (TAG) says the Chinese People’s Liberation Army (PLA) and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine. Google TAG Security Engineer Billy Leonard says Google notified Ukrainian government organizations targeted by a Chinese-sponsored hacking group.”

Title: Attackers Have Come to Love APIs as Much as Developers
Date Published: March 17, 2022

https://www.helpnetsecurity.com/2022/03/17/attackers-apis/

Excerpt: “Cequence Security released a report revealing that both developers and attackers have made the shift to APIs. Of the 21.1 billion transactions analyzed in the last half of 2021, 14 billion (70 percent) were API transactions. After analyzing some of the most interesting bot attacks throughout 2021, it’s clear that attackers have come to love APIs just as much as developers.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...