March 21, 2022

Fortify Security Team
Mar 21, 2022

Title: More Conti Ransomware Source Code Leaked on Twitter out of Revenge
Date Published: March 20, 2022

https://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/

Excerpt: “A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals siding with Russia on the invasion of Ukraine. Conti is an elite ransomware gang run by Russian-based threat actors. With their involvement in developing numerous malware families, it is considered one of the most active cybercrime operations.”

Title: DirtyMoe Modules Expand the Bot Using Worm-Like Techniques
Date Published: March 21, 2022

https://securityaffairs.co/wordpress/129286/malware/dirtymoe-modules-worm-like-techniques.html

Excerpt: “In June 2021, researchers from Avast warned of the rapid growth of the DirtyMoe botnet (PurpleFox, Perkiler, and NuggetPhantom), which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.”

Title: Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure
Date Published: March 18, 2022

https://threatpost.com/agencies-satellite-hacks-gps-jamming-airplanes-critical-infrastructure/178993/

Excerpt: “In a warning to aviation authorities and air operators on Thursday, the European Union Aviation Safety Agency (EASA) warned of satellite jamming and spoofing attacks across a broad swath of Eastern Europe that could affect air navigation systems. The warning came in tandem with a separate alert from the FBI and the U.S. Cybersecurity Infrastructure and Security Agency (CISA) that hackers could be targeting satellite communications networks in general.”

Title: Attackers Employ Novel Methods to Backdoor French Organizations
Date Published: March 21, 2022

https://www.helpnetsecurity.com/2022/03/21/methods-backdoor/

Excerpt: “An advanced threat actor has been spotted using distinctive, novel methods to backdoor French entities in the construction, real estate, and government industries. The attack starts with a well-known technique – emails containing a macro-enabled Microsoft Word document masquerading as information relating to the GDPR – and ends up with an attempt to install a backdoor on target systems. What happens in between those steps, though, is what makes these attacks interesting.”

Title: Ransomware Alert: AvosLocker Hits Critical InfrastructureRansomware Alert: AvosLocker Hits Critical Infrastructure
Date Published: March 21, 2022

https://www.bankinfosecurity.com/ransomware-alert-avoslocker-hits-critical-infrastructure-a-18763

Excerpt: “The ransomware-as-a-service operation AvosLocker has been amassing “victims across multiple critical infrastructure sectors in the United States,” the FBI warns. Known victims hail from organizations in such sectors as financial services, manufacturing and government facilities, the FBI, together with the Treasury Department and its Financial Crimes Enforcement Network bureau, aka FinCEN, warn in a cybersecurity advisory.”

Title: New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable
Date Published: March 21, 2022

https://thehackernews.com/2022/03/new-browser-in-browser-bitb-attack.html

Excerpt: “A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, who goes by the handle mrd0x_, the method takes advantage of third-party single sign-on (SSO) options embedded on websites such as “Sign in with Google” (or Facebook, Apple, or Microsoft).”

Title: South Denver Cardiology Cyberattack, Data Access Impacts 287K patients
Date Published: March 18, 2022

https://www.scmagazine.com/analysis/incident-response/south-denver-cardiology-cyberattack-data-access-impacts-287k-patients

Excerpt: “South Denver Cardiology Associates recently notified 287,652 patients that their protected health information was accessed ahead of a cyberattack deployed in January this year. The cyberattack was launched against the computer network on Jan. 4, which prompted the security team to launch incident response processes, take steps to secure the network, and shut down certain computer systems. Law enforcement was also notified.”

Title: New Phishing Toolkit Lets Anyone Create Fake Chrome Browser Windows
Date Published: March 19, 2022

https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-lets-anyone-create-fake-chrome-browser-windows/

Excerpt: “A phishing kit has been released that allows red teamers and wannabe cybercriminals to create effective single sign-on phishing login forms using fake Chrome browser windows. When signing into websites, it is common to see the option to sign with Google, Microsoft, Apple, Twitter, or even Steam.”

Title: Anonymous Leaked Data Stolen from Russian Pipeline Company Transneft
Date Published: March 20, 2022

https://securityaffairs.co/wordpress/129276/data-breach/anonymous-transneft-data-leak.html

Excerpt: “Anonymous collective claims it has hacked Omega Company, which is the in-house R&D unit of Transneft, the Russia-based state-controlled oil pipeline company. Transneft is the largest oil pipeline company in the world, the hacktivists have stolen 79GB of emails and published them on the leak site of the non-profit whistleblower organization Distributed Denial of Secrets.”

Title: ‘CryptoRom’ Crypto Scam Abusing iPhone Features to Target Mobile Users
Date Published: March 21, 2022

https://thehackernews.com/2022/03/cryptorom-crypto-scam-abusing-iphone.html

Excerpt: “Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips. Cybersecurity company Sophos, which has named the organized crime campaign “CryptoRom,” characterized it as a wide-ranging global scam.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...