March 29, 2022

Fortify Security Team
Mar 29, 2022

Title: Verblecon Malware Loader Used in Stealthy Crypto Mining Attacks

Date Published: March 29, 2022

https://www.bleepingcomputer.com/news/security/verblecon-malware-loader-used-in-stealthy-crypto-mining-attacks/

Excerpt: “Security researchers are warning of a relatively new malware loader, that they track as Verblecon, which is sufficiently complex and powerful for ransomware and erespionage attacks, although it is currently used for low-reward attacks. Despite being around for more than a year, Verblecon samples enjoy a low detection rate due to the polymorphic nature of the code.”

Title: CISA adds Chrome, Redis bugs to the Known Exploited Vulnerabilities Catalog

Date Published: March 29, 2022

https://securityaffairs.co/wordpress/129593/security/chrome-redis-known-exploited-vulnerabilities-catalog.html

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chome zero-day (CVE-2022-1096) and a critical Redis vulnerability (CVE-2022-0543), along with other 30 vulnerabilities, to its Known Exploited Vulnerabilities Catalog.”

Title: Okta Says It Goofed in Handling the Lapsus$ Attack

Date Published: March 28, 2022

https://threatpost.com/okta-goofed-lapsus-attack/179129/

Excerpt: “On Friday, Okta – the authentication firm-cum-Lapsus$-victim – admitted that it “made a mistake” in handling the recently revealed Lapsus$ attack. The mistake: trusting that a service provider had told Okta everything it needed to know about an “unsuccessful” account takeover (ATO) at one of its service providers and that the attackers wouldn’t reach their tentacles back to drag in Okta or its customers.”

Title: Subdomain Takeover Attacks on the Rise and Harder to Monitor

Date Published: March 29, 2022

https://www.helpnetsecurity.com/2022/03/29/subdomain-takeovers-on-the-rise/

Excerpt: “A research from Detectify found that subdomain takeovers are on the rise but are also getting harder to monitor as domains now seem to have more vulnerabilities in them.In 2021, Detectify detected 25% more vulnerabilities in its customers’ web assets compared to 2020 with twice the median number of vulnerabilities per domain, demonstrating the outsized impact an external attack surface monitoring (EASM) tool can have on an organization’s cybersecurity programme.”

Title: New Hacking Campaign by Transparent Tribe Hackers Targeting Indian Officials

Date Published: March 29, 2022

https://thehackernews.com/2022/03/new-hacking-campaign-by-transparent.html

Excerpt “A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021.”Transparent Tribe has been a highly active APT group in the Indian subcontinent,” Cisco Talos researchers said in an analysis shared with The Hacker News. “Their primary targets have been government and military personnel in Afghanistan and India. This campaign furthers this targeting and their central goal of establishing long term access for espionage.”

Title:  Triton Malware Still Targeting Energy Firms

Date Published: March 28, 2022

https://www.darkreading.com/attacks-breaches/triton-malware-still-targeting-energy-firms

Excerpt: “The global energy sector needs to stay alert for Triton malware, the Federal Bureau of Investigation said in a recent warning.Triton (also known as Trisis and HatMan) is designed to “cause physical safety systems to cease operating or to operate in an unsafe manner,” the FBI says in its Private Industry Notification (PIN 20220324-001). The malware was used in a cyberattack in 2017 against a Middle East petrochemical facility. The Russian Central Scientific Research Institute of Chemistry and Mechanics (TsNIIkhM), a Russian government-backed research institution, is believed to have carried out the attack, and last week the United States Department of Justice unsealed an indictment against a Russian national and a TsNIIkhM employee involved in that attack.”

Title: Windows 11 KB5011563 Update Fixes SMB, DirectX Blue Screens

Date Published: March 28, 2022

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5011563-update-fixes-smb-directx-blue-screens/

Excerpt: “Microsoft has released the optional KB5011563 cumulative update preview for Windows 11, with fixes for stop errors triggering blue screens of death (BSOD) and other issues. This preview update is part of Microsoft’s scheduled March 2022 monthly “C” updates, allowing Windows 11 users to test the upcoming fixes released on April 12th as part of next month’s Patch Tuesday.”

Title: Ukrtelecom, a Major Mobile Service and Internet Provider in Ukraine, Foiled a “massive” Cyberattack that hit its Infrastructure

Date Published: March 29, 2022

https://securityaffairs.co/wordpress/129585/cyber-warfare-2/ukraine-cyberattack-ukrtelecom.html

Excerpt: “On March 29, 2022, a massive cyber attack caused a major internet disruption across Ukraine on national provider Ukrtelecom. According to global internet monitor service NetBlock, real-time network data showed connectivity collapsed to 13% of pre-war levels. The attack caused the most severe destruction observed since the invasion of the country by Russia.”

Title: Experts Detail Virtual Machine Used by Wslink Malware Loader for Obfuscation

Date Published: March 29, 2022

https://thehackernews.com/2022/03/experts-detail-virtual-machine-used-by.html

Excerpt: “Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an “advanced multi-layered virtual machine” used by the malware to fly under the radar. Wslink, as the malicious loader is called, was first documented by Slovak cybersecurity company ESET in October 2021, with very few telemetry hits detected in the past two years spanning Central Europe, North America, and the Middle East.”

Title: Oklahoma City Indian Clinic Reports Network Disruptions Impacting Pharmacy

Date Published: March 28, 2022

https://www.scmagazine.com/analysis/incident-response/oklahoma-city-indian-clinic-reports-network-disruptions-impacting-pharmacy

Excerpt: ““Technical issues” at the Oklahoma City Indian Clinic have caused network disruptions that have left clinicians and providers unable to access certain computer systems, including the pharmacy department. The incident began one week ago, and the clinic is still experiencing disruptions.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...