March 21, 2022

Fortify Security Team
Mar 21, 2022

Title: More Conti Ransomware Source Code Leaked on Twitter out of Revenge
Date Published: March 20, 2022

https://www.bleepingcomputer.com/news/security/more-conti-ransomware-source-code-leaked-on-twitter-out-of-revenge/

Excerpt: “A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals siding with Russia on the invasion of Ukraine. Conti is an elite ransomware gang run by Russian-based threat actors. With their involvement in developing numerous malware families, it is considered one of the most active cybercrime operations.”

Title: DirtyMoe Modules Expand the Bot Using Worm-Like Techniques
Date Published: March 21, 2022

https://securityaffairs.co/wordpress/129286/malware/dirtymoe-modules-worm-like-techniques.html

Excerpt: “In June 2021, researchers from Avast warned of the rapid growth of the DirtyMoe botnet (PurpleFox, Perkiler, and NuggetPhantom), which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.”

Title: Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure
Date Published: March 18, 2022

https://threatpost.com/agencies-satellite-hacks-gps-jamming-airplanes-critical-infrastructure/178993/

Excerpt: “In a warning to aviation authorities and air operators on Thursday, the European Union Aviation Safety Agency (EASA) warned of satellite jamming and spoofing attacks across a broad swath of Eastern Europe that could affect air navigation systems. The warning came in tandem with a separate alert from the FBI and the U.S. Cybersecurity Infrastructure and Security Agency (CISA) that hackers could be targeting satellite communications networks in general.”

Title: Attackers Employ Novel Methods to Backdoor French Organizations
Date Published: March 21, 2022

https://www.helpnetsecurity.com/2022/03/21/methods-backdoor/

Excerpt: “An advanced threat actor has been spotted using distinctive, novel methods to backdoor French entities in the construction, real estate, and government industries. The attack starts with a well-known technique – emails containing a macro-enabled Microsoft Word document masquerading as information relating to the GDPR – and ends up with an attempt to install a backdoor on target systems. What happens in between those steps, though, is what makes these attacks interesting.”

Title: Ransomware Alert: AvosLocker Hits Critical InfrastructureRansomware Alert: AvosLocker Hits Critical Infrastructure
Date Published: March 21, 2022

https://www.bankinfosecurity.com/ransomware-alert-avoslocker-hits-critical-infrastructure-a-18763

Excerpt: “The ransomware-as-a-service operation AvosLocker has been amassing “victims across multiple critical infrastructure sectors in the United States,” the FBI warns. Known victims hail from organizations in such sectors as financial services, manufacturing and government facilities, the FBI, together with the Treasury Department and its Financial Crimes Enforcement Network bureau, aka FinCEN, warn in a cybersecurity advisory.”

Title: New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable
Date Published: March 21, 2022

https://thehackernews.com/2022/03/new-browser-in-browser-bitb-attack.html

Excerpt: “A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, who goes by the handle mrd0x_, the method takes advantage of third-party single sign-on (SSO) options embedded on websites such as “Sign in with Google” (or Facebook, Apple, or Microsoft).”

Title: South Denver Cardiology Cyberattack, Data Access Impacts 287K patients
Date Published: March 18, 2022

https://www.scmagazine.com/analysis/incident-response/south-denver-cardiology-cyberattack-data-access-impacts-287k-patients

Excerpt: “South Denver Cardiology Associates recently notified 287,652 patients that their protected health information was accessed ahead of a cyberattack deployed in January this year. The cyberattack was launched against the computer network on Jan. 4, which prompted the security team to launch incident response processes, take steps to secure the network, and shut down certain computer systems. Law enforcement was also notified.”

Title: New Phishing Toolkit Lets Anyone Create Fake Chrome Browser Windows
Date Published: March 19, 2022

https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-lets-anyone-create-fake-chrome-browser-windows/

Excerpt: “A phishing kit has been released that allows red teamers and wannabe cybercriminals to create effective single sign-on phishing login forms using fake Chrome browser windows. When signing into websites, it is common to see the option to sign with Google, Microsoft, Apple, Twitter, or even Steam.”

Title: Anonymous Leaked Data Stolen from Russian Pipeline Company Transneft
Date Published: March 20, 2022

https://securityaffairs.co/wordpress/129276/data-breach/anonymous-transneft-data-leak.html

Excerpt: “Anonymous collective claims it has hacked Omega Company, which is the in-house R&D unit of Transneft, the Russia-based state-controlled oil pipeline company. Transneft is the largest oil pipeline company in the world, the hacktivists have stolen 79GB of emails and published them on the leak site of the non-profit whistleblower organization Distributed Denial of Secrets.”

Title: ‘CryptoRom’ Crypto Scam Abusing iPhone Features to Target Mobile Users
Date Published: March 21, 2022

https://thehackernews.com/2022/03/cryptorom-crypto-scam-abusing-iphone.html

Excerpt: “Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips. Cybersecurity company Sophos, which has named the organized crime campaign “CryptoRom,” characterized it as a wide-ranging global scam.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...