March 28, 2022

Fortify Security Team
Mar 28, 2022

Title: Hive Ransomware Ports its Linux VMware ESXi Encryptor to Rust
Date Published: March 27, 2022

https://www.bleepingcomputer.com/news/security/hive-ransomware-ports-its-linux-vmware-esxi-encryptor-to-rust/ Excerpt: “The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim’s ransom negotiations. As the enterprise becomes increasingly reliant on virtual machines to save computer resources, consolidate servers, and for easier backups, ransomware gangs are creating dedicated encryptors that focus on these services.”

Title: While Twitter Suspends Anonymous Accounts, the Group Hacked VGTRK Russian Television and Radio
Date Published: March 28, 2022

https://securityaffairs.co/wordpress/129555/hacktivism/anonymous-hacked-vgtrk-russian-radio-tv.html Excerpt: “On Friday, Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank of Russia. The group plans to distribute the stolen documents to various points on the internet to prevent they are censored. Twitter plays a crucial role in the communication of the group, many groups affiliated with the collective use this platform to share news about their operations.”

Title: Cybercriminals Launched 9.75 million DDoS attacks in 2021
Date Published: March 28, 2022

https://www.helpnetsecurity.com/2022/03/28/ddos-attacks-2021/

Excerpt: “During the second half of 2021, cybercriminals launched approximately 4.4 million Distributed Denial of Service (DDoS) attacks, bringing the total number of DDoS attacks in 2021 to 9.75 million, a NETSCOUT report reveals. These attacks represent a 3% decrease from the record number set during the height of the pandemic but continue at a pace that’s 14% above pre-pandemic levels.”

Title: ‘Purple Fox’ Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks
Date Published: March 28, 2022

https://thehackernews.com/2022/03/purple-fox-hackers-spotted-using-new.html
Excerpt: “The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software.”

Title: Morgan Stanley Wealth Management Accounts Breached in ‘vishing’ Attacks
Date Published: March 28, 2022

https://www.scmagazine.com/analysis/social-engineering/morgan-stanley-wealth-management-accounts-breached-in-vishing-attacks

Excerpt “Earlier this week, Morgan Stanley Wealth Management said cybercriminals broke into accounts using social engineering attacks, according to reports. Using voice-based phishing, or “vishing,” attackers impersonated the trusted financial firm during phone calls to customers, where they encouraged customers to reveal sensitive personal and financial information including banking or login credentials. The fraud attacks, which largely took place in February, resulted in fraudsters electronically transferring money to their own bank account by initiating payments using the Zelle payment service.”

Title:  Microsoft Exchange Targeted for IcedID Reply-Chain Hijacking Attacks
Date Published: March 28, 2022

https://www.bleepingcomputer.com/news/security/microsoft-exchange-targeted-for-icedid-reply-chain-hijacking-attacks/
Excerpt: “The distribution of the IcedID malware has seen a spike recently due to a new campaign that hijacks existing email conversation threads and injects malicious payloads that are hard to spot. IcedID is a modular banking trojan first spotted back in 2017, used mainly to deploy second-stage malware such as other loaders or ransomware.”

Title: GhostWriter APT Targets State Entities of Ukraine with Cobalt Strike Beacon 
Date Published: March 28, 2022

https://securityaffairs.co/wordpress/129527/apt/ghostwriter-apt-targets-state-entities-of-ukraine-with-cobalt-strike-beacon.html

Excerpt: “Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon. The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” This second archive contains SFX-archive “Saboteurs filercs.rar,” experts reported that the file name contains the right-to-left override (RTLO) character to mask the real extension.”

Title: Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
Date Published: March 27, 2022

https://thehackernews.com/2022/03/muhstik-botnet-targeting-redis-servers.html
Excerpt: “Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine. The vulnerability is rated 10 out of 10 for severity.”

Title: Beware of Old and New Tax-Themed Scams and Schemes
Date Published: March 28, 2022

https://www.helpnetsecurity.com/2022/03/28/tax-themed-scams/

Excerpt: “April 18 marks the end of the 2022 US tax season and those individuals who are yet to file their taxes should get a move on. But they should not throw caution to the wind, as scammers, fraudsters, phishers and malware peddlers are working hard to exploit the rush to make the deadline.”

Title: Critical Sophos Firewall Vulnerability Allows Remote Code Execution
Date Published: March 27, 2022

https://www.bleepingcomputer.com/news/security/critical-sophos-firewall-vulnerability-allows-remote-code-execution/

Excerpt: “Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE). Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...