March 21, 2022

Fortify Security Team
Mar 21, 2022

Title: More Conti Ransomware Source Code Leaked on Twitter out of Revenge
Date Published: March 20, 2022

https://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/

Excerpt: “A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals siding with Russia on the invasion of Ukraine. Conti is an elite ransomware gang run by Russian-based threat actors. With their involvement in developing numerous malware families, it is considered one of the most active cybercrime operations.”

Title: DirtyMoe Modules Expand the Bot Using Worm-Like Techniques
Date Published: March 21, 2022

https://securityaffairs.co/wordpress/129286/malware/dirtymoe-modules-worm-like-techniques.html

Excerpt: “In June 2021, researchers from Avast warned of the rapid growth of the DirtyMoe botnet (PurpleFox, Perkiler, and NuggetPhantom), which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.”

Title: Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure
Date Published: March 18, 2022

https://threatpost.com/agencies-satellite-hacks-gps-jamming-airplanes-critical-infrastructure/178993/

Excerpt: “In a warning to aviation authorities and air operators on Thursday, the European Union Aviation Safety Agency (EASA) warned of satellite jamming and spoofing attacks across a broad swath of Eastern Europe that could affect air navigation systems. The warning came in tandem with a separate alert from the FBI and the U.S. Cybersecurity Infrastructure and Security Agency (CISA) that hackers could be targeting satellite communications networks in general.”

Title: Attackers Employ Novel Methods to Backdoor French Organizations
Date Published: March 21, 2022

https://www.helpnetsecurity.com/2022/03/21/methods-backdoor/

Excerpt: “An advanced threat actor has been spotted using distinctive, novel methods to backdoor French entities in the construction, real estate, and government industries. The attack starts with a well-known technique – emails containing a macro-enabled Microsoft Word document masquerading as information relating to the GDPR – and ends up with an attempt to install a backdoor on target systems. What happens in between those steps, though, is what makes these attacks interesting.”

Title: Ransomware Alert: AvosLocker Hits Critical InfrastructureRansomware Alert: AvosLocker Hits Critical Infrastructure
Date Published: March 21, 2022

https://www.bankinfosecurity.com/ransomware-alert-avoslocker-hits-critical-infrastructure-a-18763

Excerpt: “The ransomware-as-a-service operation AvosLocker has been amassing “victims across multiple critical infrastructure sectors in the United States,” the FBI warns. Known victims hail from organizations in such sectors as financial services, manufacturing and government facilities, the FBI, together with the Treasury Department and its Financial Crimes Enforcement Network bureau, aka FinCEN, warn in a cybersecurity advisory.”

Title: New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable
Date Published: March 21, 2022

https://thehackernews.com/2022/03/new-browser-in-browser-bitb-attack.html

Excerpt: “A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, who goes by the handle mrd0x_, the method takes advantage of third-party single sign-on (SSO) options embedded on websites such as “Sign in with Google” (or Facebook, Apple, or Microsoft).”

Title: South Denver Cardiology Cyberattack, Data Access Impacts 287K patients
Date Published: March 18, 2022

https://www.scmagazine.com/analysis/incident-response/south-denver-cardiology-cyberattack-data-access-impacts-287k-patients

Excerpt: “South Denver Cardiology Associates recently notified 287,652 patients that their protected health information was accessed ahead of a cyberattack deployed in January this year. The cyberattack was launched against the computer network on Jan. 4, which prompted the security team to launch incident response processes, take steps to secure the network, and shut down certain computer systems. Law enforcement was also notified.”

Title: New Phishing Toolkit Lets Anyone Create Fake Chrome Browser Windows
Date Published: March 19, 2022

https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-lets-anyone-create-fake-chrome-browser-windows/

Excerpt: “A phishing kit has been released that allows red teamers and wannabe cybercriminals to create effective single sign-on phishing login forms using fake Chrome browser windows. When signing into websites, it is common to see the option to sign with Google, Microsoft, Apple, Twitter, or even Steam.”

Title: Anonymous Leaked Data Stolen from Russian Pipeline Company Transneft
Date Published: March 20, 2022

https://securityaffairs.co/wordpress/129276/data-breach/anonymous-transneft-data-leak.html

Excerpt: “Anonymous collective claims it has hacked Omega Company, which is the in-house R&D unit of Transneft, the Russia-based state-controlled oil pipeline company. Transneft is the largest oil pipeline company in the world, the hacktivists have stolen 79GB of emails and published them on the leak site of the non-profit whistleblower organization Distributed Denial of Secrets.”

Title: ‘CryptoRom’ Crypto Scam Abusing iPhone Features to Target Mobile Users
Date Published: March 21, 2022

https://thehackernews.com/2022/03/cryptorom-crypto-scam-abusing-iphone.html

Excerpt: “Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips. Cybersecurity company Sophos, which has named the organized crime campaign “CryptoRom,” characterized it as a wide-ranging global scam.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...