March 7, 2022

Fortify Security Team
Mar 7, 2022

Title: Malware Now Using NVIDIA’s Stolen Code Signing Certificates
Date Published: March 5, 2022

https://www.bleepingcomputer.com/news/security/malware-now-using-nvidias-stolen-code-signing-certificates/

Excerpt: “Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.”

Title: Mozilla Addresses Two Actively Exploited Zero-Day Flaws in Firefox
Date Published: March 7, 2022

https://securityaffairs.co/wordpress/128751/hacking/mozilla-firefox-zero-days.html

Excerpt: “Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to address a couple of critical zero-day vulnerabilities, tracked as CVE-2022-26485 and CVE-2022-26485, actively exploited in attacks. The two vulnerabilities are “Use-after-free” issues in XSLT parameter processing and in the WebGPU IPC Framework respectively.”

Title: BBC Targeted with 383,278 Spam, Phishing and Malware Attacks Every Day
Date Published: March 7, 2022

https://www.helpnetsecurity.com/2022/03/07/bbc-malicious-email-attacks/

Excerpt: “The BBC (British Broadcasting Corporation) were the target of nearly 50 million malicious email attacks between 1st October 2021 and the end of January 2022. This is according to official figures obtained via a Freedom of Information act (FOI) request, and analyzed by a Parliament Street think tank.”

Title: SharkBot Banking Malware Spreading via Fake Android Antivirus App on Google Play Store
Date Published: March 6, 2022

https://thehackernews.com/2022/03/sharkbot-banking-malware-spreading-via.html

Excerpt: “The threat actor behind a nascent Android banking trojan named SharkBot has managed to evade Google Play Store security barriers by masquerading as an antivirus app. SharkBot, like its malware counterparts TeaBot, FluBot, and Oscorp (UBEL), belongs to a category of financial trojans capable of siphoning credentials to initiate money transfers from compromised devices by circumventing multi-factor authentication mechanisms. It first emerged on the scene in November 2021.”

Title: Adafruit Discloses Data Leak from Ex-Employee’s GitHub Repo
Date Published: March 6, 2022

https://www.bleepingcomputer.com/news/security/adafruit-discloses-data-leak-from-ex-employees-github-repo/

Excerpt: “Adafruit has disclosed a data leak that occurred due to a publicly-viewable GitHub repository. The company suspects this could have allowed “unauthorized access” to information about certain users on or before 2019. Based in New York City, Adafruit is a producer of open-source hardware components since 2005. The company designs, manufactures, and sells electronics products, tools, and accessories.”

Title: CVE-2022-0492 Flaw in Linux Kernel cgroups Feature Allows Container Escape
Date Published: March 6, 2022

https://securityaffairs.co/wordpress/128742/security/cve-2022-0492-linux-kernel-flaw.html

Excerpt: “A now-patched high-severity Linux kernel vulnerability, tracked as CVE-2022-0492 (CVSS score: 7.0), can be exploited by an attacker to escape a container to execute arbitrary commands on the container host. The issue is a privilege escalation flaw affecting the Linux kernel feature called control groups (groups), that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes.”

Title: IT leaders Confident in their Ability to Manage a Ransomware attack: They Should Know Better
Date Published: March 7, 2022

https://www.helpnetsecurity.com/2022/03/07/itdms-ransomware/

Excerpt: “ExtraHop released findings from a survey on ransomware that sheds light on the discrepancies between how IT decision makers (ITDMs) see their current security practices, and the reality of the ransomware attack landscape. The report shows that however capable IT organizations have been in managing the dramatic transformations of the past couple of years, confidence still tends to outstrip actual security posture.”

Title: Ukrainian CERT Warns Citizens of Phishing Attacks Using Compromised Accounts
Date Published: March 7, 2022

https://thehackernews.com/2022/03/ukrainian-cert-warns-citizens-of.html

Excerpt: “Ukraine’s Computer Emergency Response Team (CERT-UA) warned of new phishing attacks aimed at its citizens by leveraging compromised email accounts belonging to three different Indian entities with the goal of compromising their inboxes and stealing sensitive information.”

Title: Russia Shares List of 17,000 IPs Allegedly DDoSing Russian Orgs
Date Published: March 5, 2022

https://www.bleepingcomputer.com/news/security/russia-shares-list-of-17-000-ips-allegedly-ddosing-russian-orgs/

Excerpt: “The Russian government shared a list of 17,576 IP addresses allegedly used to launch distributed denial-of-service (DDoS) attacks targeting Russian organizations and their networks. The list was shared by the National Coordination Center for Computer Incidents (NKTsKI), an organization created by Russia’s Federal Security Service (FSB), together with guidance to defend against the attacks and a second list containing attackers’ referrer domain information.”

Title: Anonymous Hacked Russian Streaming Services to Broadcast War Footage
Date Published: March 7, 2022

https://securityaffairs.co/wordpress/128761/hacktivism/anonymous-hacked-russian-streaming-services.html

Excerpt: “The popular hacker collective Anonymous continues to target Russian entities, a few hours ago the group hacked into the most popular Russian streaming services to broadcast war footage from Ukraine and demonstrate to Russians the atrocity of the invasion ordered by Putin. Russian citizens ignore that their army is attacking the Ukrainian population and many children are dying.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...