March 3, 2022

Fortify Security Team
Mar 3, 2022

Title: Russian Space Agency says Hacking Satellites is an Act of War
Date Published: March 2, 2022

Excerpt: “Russia will consider any cyberattacks targeting Russian satellite infrastructure an act of war, as the country’s space agency director said in a TV interview. Dmitry Rogozin, the current head of the Russian Roscosmos State Space Corporation, added that such attempts would also be considered crimes and investigated by Russia’s law enforcement agencies.”

Title: Ukrainian WordPress Sites Under massive complex attacks
Date Published: March 3, 2022

Excerpt: “Cyber attacks are an important component of the military strategy against Ukraine, experts observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country. The attacks aimed at making the websites unreachable and causing fear and distrust in the Ukrainian government, WordPress security firm Wordfence reported.”

Title: TeaBot Trojan Haunts Google Play Store, Again
Date Published: March 2, 2022

Excerpt: “The TeaBot banking trojan – also known as “Anatsa” – has been spotted on the Google Play store, researchers from Cleafy have discovered. The malware – designed to intercept SMS messages and login credentials from unwitting users – affected users of “more than 400 banking and financial apps, including those from Russia, China, and the U.S,” its report claims.”

Title: The Biggest Threat to ICS/OT is a Lack of Prioritization
Date Published: March 3, 2022

Excerpt: “A SANS survey reveals that cyber attackers have demonstrated a robust understanding of operational technology (OT) and industrial control system (ICS) engineering and have conducted attacks that gain access and negatively impact operations and human safety.”

Title: Russia-Ukraine Cryptocurrency Scams Detected by Researchers
Date Published: March 2, 2022

Excerpt: “From how cybercriminals are setting up new schemes to common cybercrime scams launched against the blockchain, Information Security Media Group has compiled snippets of security-related news in the cryptocurrency sphere.”

Title: Hackers Who Broke Into NVIDIA’s Network Leak DLSS Source Code Online
Date Published: March 3, 2022

Excerpt: “American chipmaking company NVIDIA on Tuesday confirmed that its network was breached as a result of a cyber attack, enabling the perpetrators to gain access to sensitive data, including source code purportedly associated with its Deep Learning Super Sampling (DLSS) technology.”

Title: Logan Health Cyberattack, Server Hack Leads to Data Access of 214K People
Date Published: March 2, 2022

Excerpt: Logan Health Medical Center recently notified 213,543 patients, employees and business associates that their personal and health data was possibly accessed, after a sophisticated cyberattack on its IT systems led to the hack of a file server containing protected health information.”

Title: Researchers Devise Attack for Stealing Data During Homomorphic Encryption
Date Published: March 2, 2022

Excerpt: “Researchers at North Carolina State University have developed what they claim is the first successful side-channel attack on an emerging security technology called homomorphic encryption, which allows operations to be performed on encrypted data. The technique will be presented on March 23 at the virtual DATE22 conference and involves a way to steal data even while it is in the process of being homomorphically encrypted. The lead author on the paper is Furkan Aydin, a doctoral student at NC State, and it was co-authored by three other researchers at the university.”

Title: Over 100,000 Medical Infusion Pumps Vulnerable to Years Old Critical Bug
Date Published: March 2, 2022

Excerpt: “Data collected from more than 200,000 network-connected medical infusion pumps used to deliver medication and fluids to patients shows that 75% of them are running with known security issues that attackers could exploit. The findings reveal that tens of thousands of devices are vulnerable to six critical-severity flaws (9.8 out of 10) reported in 2019 and 2020.”

Title: Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products
Date Published: March 3, 2022

Excerpt: “Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server (VCS) that could be exploited by an attacker to gain elevated privileges and execute arbitrary code. The two flaws – tracked as CVE-2022-20754 and CVE-2022-20755 (CVSS scores: 9.0) – relate to an arbitrary file write and a command injection flaw in the API and web-based management interfaces of the two products that could have serious impacts on affected systems.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 Excerpt: “Florida man Nicholas Truglia...