March 18, 2022

Fortify Security Team
Mar 18, 2022

Title: CISA, FBI Warn US Critical Orgs of Threats to SATCOM Networks
Date Published: March 17, 2022

Excerpt: “CISA and the FBI said today they’re aware of “possible threats” to satellite communication (SATCOM) networks in the US and worldwide. Today’s security advisory also warned US critical infrastructure organizations of risks to SATCOM providers’ customers following network breaches. “Successful intrusions into SATCOM networks could create risk in SATCOM network providers’ customer environments,” CISA and the FBI said.”

Title: Russia-linked Cyclops Blink Botnet Targeting ASUS Routers
Date Published: March 18, 2022

Excerpt: “The recently discovered Cyclops Blink botnet is now targeting the ASUS routers, reports Trend Micro researchers. The Cyclops Blink malware has been active since at least June 2019, it targets WatchGuard Firebox and other Small Office/Home Office (SOHO) network devices. According to WatchGuard, Cyclops Blink may have affected roughly 1% of all active WatchGuard firewall appliances.”

Title: ‘Misconfigured Firebase Databases Exposing Data in Mobile Apps
Date Published: March 17, 2022

Excerpt: “Thousands of mobile apps – some of which have been downloaded tens of millions of times – are exposing sensitive data from open cloud-based databases due to misconfigured cloud implementations, new research from Check Point has found. Check Point Research (CPR) found that in three months’ time, 2,113 mobile apps using the Firebase cloud-based database exposed data, “leaving victims unprotected and easily accessible for threat actors to exploit,” according to a blog post published this week.”

Title: New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers
Date Published: March 17, 2022

Excerpt: “A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host. “Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral movement across pods,” CrowdStrike researchers John Walker and Manoj Ahuje said in an analysis published this week.

Title: Banking Committee Chair: Crypto Can ‘Endanger Security’
Date Published: March 17, 2022

Excerpt: “U.S. lawmakers on Thursday again discussed illicit finance with regard to cryptocurrencies – in light of recent warnings that the Russian government may increasingly rely on digital currencies to stabilize its sanctioned economy.

In a hearing of the Senate Banking, Housing, and Urban Affairs Committee entitled “Understanding the Role of Digital Assets in Illicit Finance,” several cryptocurrency experts, including one individual on the front lines of the Russia-Ukraine conflict, briefed the committee on what they called an immense upside of crypto adoption. The experts also discussed some of crypto’s more macro risks – including sanctioned entities obfuscating funds and ransomware gangs extorting global organizations for Bitcoin.”

Title: SolarWinds Warns of Attacks Targeting Web Help Desk Users
Date Published: March 17, 2022

Excerpt: “SolarWinds has published a security advisory to warn customers of the risk of cyberattacks targeting unpatched Web Help Desk (WHD) installs. The WHD is described by SolarWinds as an affordable Help Desk Ticketing and Asset Management Software. SolarWinds declared that one of its customers was the victim of an external attempted attack on their instance of WHD. The attack was blocked by the customer’s endpoint detection and response (EDR) system. The vendor immediately launched an investigation into the hacking attempt.”

Title: HHS: HIPAA can ‘Substantially Mitigate’ Most Common Healthcare Cyberattacks
Date Published: March 17, 2022
Excerpt: “The bulk of cyberattacks against the healthcare sector could be “prevented or substantially mitigated” by following the Health Insurance Portability and Accountability Act Security Rule, according to the Department of Health and Human Services Office for Civil Rights. Hacking incidents reported to HHS increased by 45% from 2019 to 2020. While these attacks may be sophisticated or exploit system vulnerabilities, HIPAA requirements address some of the most common attack types, like phishing, vulnerability exploits, and weak authentication.”

Title: Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware
Date Published: March 18, 2022
Excerpt: “An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it’s typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks, BlackCat (aka Alphv) marks a new frontier in that the cyber crime cartel is built out of affiliates of other ransomware-as-a-service (RaaS) operations.”

Title: Google: Chinese State Hackers Target Ukraine’s Government
Date Published: March 18, 2022

Excerpt: “Google’s Threat Analysis Group (TAG) says the Chinese People’s Liberation Army (PLA) and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine. Google TAG Security Engineer Billy Leonard says Google notified Ukrainian government organizations targeted by a Chinese-sponsored hacking group.”

Title: Attackers Have Come to Love APIs as Much as Developers
Date Published: March 17, 2022

Excerpt: “Cequence Security released a report revealing that both developers and attackers have made the shift to APIs. Of the 21.1 billion transactions analyzed in the last half of 2021, 14 billion (70 percent) were API transactions. After analyzing some of the most interesting bot attacks throughout 2021, it’s clear that attackers have come to love APIs just as much as developers.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 Excerpt: “The duration of ransomware attacks in 2021...