March 4, 2022

Fortify Security Team
Mar 4, 2022

Title: NY OAG Warns T-Mobile Data Breach Victims of Identity Theft Risks
Date Published: March 4, 2022

Excerpt: “The New York State Office of the Attorney General (NY OAG) warned victims of the August 2021 T-Mobile data breach that they faced identity theft risks after some of the stolen information ended up for sale on the dark web. The alert comes after individuals impacted in the incident were notified by identity theft protection services that their info was found online, demonstrating that affected consumers are now at heightened risk for identity theft.”

Title: Avast Released a Free Decryptor for the HermeticRansom that hit Ukraine
Date Published: March 3, 2022

Excerpt: “Avast has released a free decryptor for the HermeticRansom ransomware employed in targeted attacks against Ukrainian systems since February 23. The security firms aim at helping Ukrainians victims in recovering their file for free. The HermeticRansomware was one of the three components involved in disruptive attacks detailed by ESET researchers:”

Title: Russia Leaks Data From a Thousand Cuts–Podcast
Date Published: March 3, 2022

Excerpt: “Information about nuclear plants and air force capabilities. Conti ransomware gang crooks conjecturing that the National Security Agency (NSA) was maybe behind the mysterious, months-long TrickBot lull. Doxxed data about 120K Russian soldiers. Those are just some of the sensitive, valuable data that’s being hacked out of Russia in the cyber war zone – a war that erupted even before the country invaded Ukraine.”

Title: Perennial Security Challenges Hampering Organizations in Achieving their Security Objectives
Date Published: March 4, 2022

Excerpt: “Arctic Wolf published a report, providing insight into the current and future state of cybersecurity teams as they attempt to move their security programs forward while dealing with an ever-evolving threat environment. The report is based on findings from a recent global survey of more than 300 global security leaders. The research findings show that a multitude of perennial security challenges continue to hamper organizations in accomplishing their security objectives in 2022.”

Title: RConti Gang Members Fretted Over Putin’s Ukraine Invasion
Date Published: March 3, 2022

Excerpt: “One question that’s been floating around is if Russia, already mired in a ground war in Ukraine, would use its offensive cyber capabilities against the West. And even, perhaps, nudge ransomware gangs into doing its bidding. It appears two Russian members of one ransomware gang, Conti, were indeed concerned about the war and its potential to influence and disrupt their lucrative extortion racket.”

Title: New Security Vulnerability Affects Thousands of GitLab Instances
Date Published: March 3, 2022

Excerpt: “Researchers have disclosed details of a now-patched security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information. Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all versions starting from 14.4 and prior to 14.8.”

Title: Medical Device Disclosures on the rise, but Providers Struggle to Patch Known Flaws
Date Published: March 3, 2022

Excerpt: “Recent Claroty research shows that the number of vulnerability disclosures, including those for medical devices, are on the rise. However, patch management struggles may be impeding that progress. As seen with new Palo Alto research on infusion pump vulnerabilities, the majority of these devices are operating with known flaws. The two reports impart the continued challenges to securing medical devices in the healthcare environment: the continued chasm between responsible disclosures and providers’ ability to close known security gaps.”

Title: CISA Warns Organizations to Patch 95 Actively Exploited Bugs
Date Published: March 4, 2022

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 95 vulnerabilities to its list of actively exploited security issues, the largest number since issuing the binding operational directive (BOD) last year.”

Title: Russia-Ukraine, Who Are the Soldiers that Crowd Cyberspace?
Date Published: March 4, 2022

Excerpt: “The analysis of the current scenario in cyberspace is not easy due to the presence of multiple threat actors and the difficulty of attributing the attacks. Security group CyberKnow shared an interesting analysis about the group, their operations and the channels they are using to disclose their operations.”

Title: Both Sides in Russia-Ukraine War Heavily Using Telegram for Disinformation and Hacktivism
Date Published: March 4, 2022

Excerpt: “Cyber criminals and hacktivist groups are increasingly using the Telegram messaging app for their activities, as the Russia-Ukraine conflict enters its eighth day. A new analysis by Israeli cybersecurity company Check Point Research has found that “user volume grew a hundred folds daily on Telegram related groups, peaking at 200,000 per group.” Prominent among the groups are anti-Russian cyber attack groups, including the Ukraine government-backed IT Army, which has urged its more 270,000 members to conduct distributed denial-of-service (DDoS) attacks against Russian entities.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 Excerpt: “Security researchers analyzing a phishing...