March 31, 2022

Fortify Security Team
Mar 31, 2022

Title: LockBit Victim Estimates Cost of Ransomware Attack to be $42 Million

Date Published: March 31, 2022

Excerpt: “Atento, a provider of customer relationship management (CRM) services, has published its 2021 financial performance results, which show a massive impact of $42.1 million due to a ransomware attack the firm suffered in October last year. More specifically, the disruption caused by the cyberattack affected the company’s Brazil-based operations, resulting in a revenue loss of $34.8 million and an additional $7.3 million in costs related to mitigating the impact of the incident.”

Title: Anonymous Hacked Russian Thozis Corp, but Denies Attacks on Rosaviatsia

Date Published: March 31, 2022

Excerpt: “Anonymous continues to target Russian organizations and private foreign businesses the are still operating in the country. The popular collective claims to have hacked the Russian investment firm Thozis Corp, which is owned by the oligarch Zakhar Smushkin. The hacktivists have stolen thousands of internal email and shared it with the data leak platform DDoSecrets. At this time 5,500 emails from Thozis Corp., were available online, some of them containing sensitive information about deals and investments of the firm.

Title: Google Chrome Bug Actively Exploited as Zero-Day

Date Published: March 30, 2022

Excerpt: “Google has updated its Stable channel for the desktop version of Chrome, to address a zero-day security vulnerability that’s being actively exploited in the wild. The bug, tracked as CVE-2022-1096, is a type-confusion issue in the V8 JavaScript engine, which is an open-source engine used by Chrome and Chromium-based web browsers. Type confusion, as Microsoft has laid out in the past, occurs “when a piece of code doesn’t verify the type of object that is passed to it, and uses it blindly without type-checking, it leads to type confusion…Also with type confusion, wrong function pointers or data are fed into the wrong piece of code. In some circumstances this can lead to code execution.””

Title: Mars Stealer Malware Pushed via Google Ads and Phishing Emails

Date Published: March 30, 2022

Excerpt: “Cybercriminals trying to foist the Mars Stealer malware onto users seemingly have a penchant for one particular tactic: disguising it as legitimate, benign software to trick users into downloading it. In a recent campaign described by Morphisec malware researcher Arnold Osipov, the threat actor distributed the malware via cloned websites offering well-known software such as Apache Open Office.

Title: Viasat Traces Outage to Exploit of VPN Misconfiguration

Date Published: March 30, 2022

Excerpt “Tens of thousands of modems were knocked offline in central Europe at nearly the same time Russian forces invaded Ukraine on Feb. 24. The outage affected infrastructure run by communications company Viasat, based in Carlsbad, California. Four days later, the company reported that it was investigating the outage, which it says affected “fixed broadband customers” (see: Russia May Have Caused Widespread Satellite Network Outage).”

Title: Bugs in Wyze Cams Could Let Attackers Takeover Devices and Access Video Feeds

Date Published: March 31, 2022

Excerpt: “Three security vulnerabilities have been disclosed in the popular Wyze Cam devices that grant malicious actors to execute arbitrary code and access camera feeds as well as unauthorizedly read the SD cards, the latter of which remained unresolved for nearly three years after the initial discovery. The security flaws relate to an authentication bypass (CVE-2019-9564), a remote code execution bug stemming from a stack-based buffer overflow (CVE-2019-12266), and a case of unauthenticated access to the contents of the SD card (no CVE).”

Title: Nation-State Hackers Ramp Up Ukraine War-Themed Attacks

Date Published: March 31, 2022

Excerpt: “The Belarus-based operator of an organized and ongoing disinformation campaign in Europe called “Ghostwriter” is using a new, hard-to-detect phishing technique to target organizations in Ukraine just days after a researcher highlighted the method in a blog post. The method, dubbed browser-in-the-browser, basically involves the threat actor drawing a browser window within a browser to impersonate the entire pop-up login window — including URL — of a legitimate domain. Users get fooled into entering login details when they land on these spoofed account login windows because the URL looks legitimate.”

Title: DPRK Hackers go after Crypto Assets Using Trojanized DeFi Wallet App

Date Published: March 31, 2022

Excerpt: “Hackers associated with the North Korean government have been distributing a trojanized version of the DeFi Wallet for storing cryptocurrency assets to gain access to the systems of cryptocurrency users and investors. The threat actor relied in this attack on web servers located in South Korea to push the malware and to communicate with the installed implants.”

Title: Mysterious Disclosure of a Zero-Day RCE flaw Spring4Shell in Spring

Date Published: March 31, 2022

Excerpt: “Researchers disclosed a zero-day vulnerability, dubbed Spring4Shell, in the Spring Core Java framework called ‘Spring4Shell.’ An unauthenticated, remote attacker could trigger the vulnerability to execute arbitrary code on the target system. The framework is currently maintained by which is a subsidiary of VMware.”

Title: QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug

Date Published: March 31, 2022

Excerpt: “Customers of Taiwan-based QNAP Systems are in a bit of limbo, waiting until the company releases a patch for an OpenSSL bug that the company has warned affects most of its network-attached storage (NAS) devices. The vulnerability can trigger an infinite loop that creates a denial-of-service (DoS) scenario.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 Excerpt: “Florida man Nicholas Truglia...