March 18, 2022

Fortify Security Team
Mar 18, 2022

Title: CISA, FBI Warn US Critical Orgs of Threats to SATCOM Networks
Date Published: March 17, 2022

https://www.bleepingcomputer.com/news/security/cisa-fbi-warn-us-critical-orgs-of-threats-to-satcom-networks/

Excerpt: “CISA and the FBI said today they’re aware of “possible threats” to satellite communication (SATCOM) networks in the US and worldwide. Today’s security advisory also warned US critical infrastructure organizations of risks to SATCOM providers’ customers following network breaches. “Successful intrusions into SATCOM networks could create risk in SATCOM network providers’ customer environments,” CISA and the FBI said.”

Title: Russia-linked Cyclops Blink Botnet Targeting ASUS Routers
Date Published: March 18, 2022

https://securityaffairs.co/wordpress/129180/apt/cyclops-blink-botnet-targets-asus-routers.html

Excerpt: “The recently discovered Cyclops Blink botnet is now targeting the ASUS routers, reports Trend Micro researchers. The Cyclops Blink malware has been active since at least June 2019, it targets WatchGuard Firebox and other Small Office/Home Office (SOHO) network devices. According to WatchGuard, Cyclops Blink may have affected roughly 1% of all active WatchGuard firewall appliances.”

Title: ‘Misconfigured Firebase Databases Exposing Data in Mobile Apps
Date Published: March 17, 2022

https://threatpost.com/misconfigured-firebase-databases-exposing-data-mobile-apps/178965/

Excerpt: “Thousands of mobile apps – some of which have been downloaded tens of millions of times – are exposing sensitive data from open cloud-based databases due to misconfigured cloud implementations, new research from Check Point has found. Check Point Research (CPR) found that in three months’ time, 2,113 mobile apps using the Firebase cloud-based database exposed data, “leaving victims unprotected and easily accessible for threat actors to exploit,” according to a blog post published this week.”

Title: New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers
Date Published: March 17, 2022

https://thehackernews.com/2022/03/new-vulnerability-in-cri-o-engine-lets.html

Excerpt: “A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host. “Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral movement across pods,” CrowdStrike researchers John Walker and Manoj Ahuje said in an analysis published this week.

Title: Banking Committee Chair: Crypto Can ‘Endanger Security’
Date Published: March 17, 2022

https://www.bankinfosecurity.com/banking-committee-chair-crypto-endanger-security-a-18740

Excerpt: “U.S. lawmakers on Thursday again discussed illicit finance with regard to cryptocurrencies – in light of recent warnings that the Russian government may increasingly rely on digital currencies to stabilize its sanctioned economy.

In a hearing of the Senate Banking, Housing, and Urban Affairs Committee entitled “Understanding the Role of Digital Assets in Illicit Finance,” several cryptocurrency experts, including one individual on the front lines of the Russia-Ukraine conflict, briefed the committee on what they called an immense upside of crypto adoption. The experts also discussed some of crypto’s more macro risks – including sanctioned entities obfuscating funds and ransomware gangs extorting global organizations for Bitcoin.”

Title: SolarWinds Warns of Attacks Targeting Web Help Desk Users
Date Published: March 17, 2022

https://securityaffairs.co/wordpress/129154/hacking/solarwinds-web-help-desk-attack.html

Excerpt: “SolarWinds has published a security advisory to warn customers of the risk of cyberattacks targeting unpatched Web Help Desk (WHD) installs. The WHD is described by SolarWinds as an affordable Help Desk Ticketing and Asset Management Software. SolarWinds declared that one of its customers was the victim of an external attempted attack on their instance of WHD. The attack was blocked by the customer’s endpoint detection and response (EDR) system. The vendor immediately launched an investigation into the hacking attempt.”

Title: HHS: HIPAA can ‘Substantially Mitigate’ Most Common Healthcare Cyberattacks
Date Published: March 17, 2022

https://www.scmagazine.com/analysis/compliance/hhs-hipaa-can-substantially-mitigate-most-common-healthcare-cyberattacks
Excerpt: “The bulk of cyberattacks against the healthcare sector could be “prevented or substantially mitigated” by following the Health Insurance Portability and Accountability Act Security Rule, according to the Department of Health and Human Services Office for Civil Rights. Hacking incidents reported to HHS increased by 45% from 2019 to 2020. While these attacks may be sophisticated or exploit system vulnerabilities, HIPAA requirements address some of the most common attack types, like phishing, vulnerability exploits, and weak authentication.”

Title: Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware
Date Published: March 18, 2022

https://thehackernews.com/2022/03/experts-find-some-affiliates-of.html
Excerpt: “An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it’s typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that the cyber crime cartel is built out of affiliates of other ransomware-as-a-service (RaaS) operations.”

Title: Google: Chinese State Hackers Target Ukraine’s Government
Date Published: March 18, 2022

https://www.bleepingcomputer.com/news/security/google-chinese-state-hackers-target-ukraine-s-government/

Excerpt: “Google’s Threat Analysis Group (TAG) says the Chinese People’s Liberation Army (PLA) and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine. Google TAG Security Engineer Billy Leonard says Google notified Ukrainian government organizations targeted by a Chinese-sponsored hacking group.”

Title: Attackers Have Come to Love APIs as Much as Developers
Date Published: March 17, 2022

https://www.helpnetsecurity.com/2022/03/17/attackers-apis/

Excerpt: “Cequence Security released a report revealing that both developers and attackers have made the shift to APIs. Of the 21.1 billion transactions analyzed in the last half of 2021, 14 billion (70 percent) were API transactions. After analyzing some of the most interesting bot attacks throughout 2021, it’s clear that attackers have come to love APIs just as much as developers.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...