March 28, 2022

Fortify Security Team
Mar 28, 2022

Title: Hive Ransomware Ports its Linux VMware ESXi Encryptor to Rust
Date Published: March 27, 2022

https://www.bleepingcomputer.com/news/security/hive-ransomware-ports-its-linux-vmware-esxi-encryptor-to-rust/ Excerpt: “The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim’s ransom negotiations. As the enterprise becomes increasingly reliant on virtual machines to save computer resources, consolidate servers, and for easier backups, ransomware gangs are creating dedicated encryptors that focus on these services.”

Title: While Twitter Suspends Anonymous Accounts, the Group Hacked VGTRK Russian Television and Radio
Date Published: March 28, 2022

https://securityaffairs.co/wordpress/129555/hacktivism/anonymous-hacked-vgtrk-russian-radio-tv.html Excerpt: “On Friday, Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank of Russia. The group plans to distribute the stolen documents to various points on the internet to prevent they are censored. Twitter plays a crucial role in the communication of the group, many groups affiliated with the collective use this platform to share news about their operations.”

Title: Cybercriminals Launched 9.75 million DDoS attacks in 2021
Date Published: March 28, 2022

https://www.helpnetsecurity.com/2022/03/28/ddos-attacks-2021/

Excerpt: “During the second half of 2021, cybercriminals launched approximately 4.4 million Distributed Denial of Service (DDoS) attacks, bringing the total number of DDoS attacks in 2021 to 9.75 million, a NETSCOUT report reveals. These attacks represent a 3% decrease from the record number set during the height of the pandemic but continue at a pace that’s 14% above pre-pandemic levels.”

Title: ‘Purple Fox’ Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks
Date Published: March 28, 2022

https://thehackernews.com/2022/03/purple-fox-hackers-spotted-using-new.html
Excerpt: “The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software.”

Title: Morgan Stanley Wealth Management Accounts Breached in ‘vishing’ Attacks
Date Published: March 28, 2022

https://www.scmagazine.com/analysis/social-engineering/morgan-stanley-wealth-management-accounts-breached-in-vishing-attacks

Excerpt “Earlier this week, Morgan Stanley Wealth Management said cybercriminals broke into accounts using social engineering attacks, according to reports. Using voice-based phishing, or “vishing,” attackers impersonated the trusted financial firm during phone calls to customers, where they encouraged customers to reveal sensitive personal and financial information including banking or login credentials. The fraud attacks, which largely took place in February, resulted in fraudsters electronically transferring money to their own bank account by initiating payments using the Zelle payment service.”

Title:  Microsoft Exchange Targeted for IcedID Reply-Chain Hijacking Attacks
Date Published: March 28, 2022

https://www.bleepingcomputer.com/news/security/microsoft-exchange-targeted-for-icedid-reply-chain-hijacking-attacks/
Excerpt: “The distribution of the IcedID malware has seen a spike recently due to a new campaign that hijacks existing email conversation threads and injects malicious payloads that are hard to spot. IcedID is a modular banking trojan first spotted back in 2017, used mainly to deploy second-stage malware such as other loaders or ransomware.”

Title: GhostWriter APT Targets State Entities of Ukraine with Cobalt Strike Beacon 
Date Published: March 28, 2022

https://securityaffairs.co/wordpress/129527/apt/ghostwriter-apt-targets-state-entities-of-ukraine-with-cobalt-strike-beacon.html

Excerpt: “Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon. The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” This second archive contains SFX-archive “Saboteurs filercs.rar,” experts reported that the file name contains the right-to-left override (RTLO) character to mask the real extension.”

Title: Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
Date Published: March 27, 2022

https://thehackernews.com/2022/03/muhstik-botnet-targeting-redis-servers.html
Excerpt: “Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine. The vulnerability is rated 10 out of 10 for severity.”

Title: Beware of Old and New Tax-Themed Scams and Schemes
Date Published: March 28, 2022

https://www.helpnetsecurity.com/2022/03/28/tax-themed-scams/

Excerpt: “April 18 marks the end of the 2022 US tax season and those individuals who are yet to file their taxes should get a move on. But they should not throw caution to the wind, as scammers, fraudsters, phishers and malware peddlers are working hard to exploit the rush to make the deadline.”

Title: Critical Sophos Firewall Vulnerability Allows Remote Code Execution
Date Published: March 27, 2022

https://www.bleepingcomputer.com/news/security/critical-sophos-firewall-vulnerability-allows-remote-code-execution/

Excerpt: “Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE). Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...