March 8, 2022

Fortify Security Team
Mar 8, 2022

Title: Access:7 Vulnerabilities Impact Medical and IoT Devices
Date Published: March 8, 2022

https://www.bleepingcomputer.com/news/security/access-7-vulnerabilities-impact-medical-and-iot-devices/

Excerpt: “A set of seven vulnerabilities collectively tracked as Access:7 have been found in PTC’s Axeda agent, a solution used for remote access and management of over 150 connected devices from more than 100 vendors. Three of the security issues received a severity score of at least 9.4 (critical) and could be exploited for remote code execution on devices running a vulnerable version of the Axeda agent.”

Title: Coinbase Blocked 25,000 Crypto Addresses Linked to Russian Individuals and Entities
Date Published: March 7, 2022

https://securityaffairs.co/wordpress/128775/digital-id/coinbase-blocked-25000-russian-addresses.html

Excerpt: “The popular cryptocurrency exchange Coinbase announced today that it’s blocking access to more than 25,000 blockchain addresses linked to Russian people and entities. Coinbase chief legal officer Paul Grewal explained that its company is complying with sanctions imposed by governments around the world on individuals and territories in response to Russia’s invasion of Ukraine. The exchange is also using “sophisticated blockchain analytics” to identify accounts held by sanctioned individuals outside of Coinbase.”

Title: Novel Attack Turns Amazon Devices Against Themselves
Date Published: March 7, 2022

https://threatpost.com/attack-amazon-devices-against-themselves/178797/

Excerpt: “Researchers from the University of London and the University of Catania have discovered how to weaponize Amazon Echo devices to hack themselves. The – dubbed “Alexa vs. Alexa” – leverages what the researchers called “a command self-issue vulnerability”: using pre-recorded messages which, when played over a 3rd– or 4th-generation Echo speaker, causes the speaker to perform actions on itself.

Title: Easily Exploitable Linux Bug Gives Root Access to Attackers (CVE-2022-0847)
Date Published: March 8, 2022

https://www.helpnetsecurity.com/2022/03/08/cve-2022-0847/

Excerpt: “An easily exploitable vulnerability (CVE-2022-0847) in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking advantage of already public exploits. Discovered by security researcher Max Kellermann, the flaw – which he dubbed Dirty Pipe, due to its similarity to the Dirty Cow flaw – has already been patched in the Linux kernel and the Android kernel. Affected Linux distributions are in the process of pushing out security updates with the patch.”

Title: White House Requests Billions in Tech Aid for Ukraine
Date Published: March 7, 2022

https://www.bankinfosecurity.com/white-house-requests-billions-in-tech-aid-for-ukraine-a-18669

Excerpt: “As the ground war in Ukraine intensifies, U.S. and NATO officials are increasingly looking to sharpen their sanctions and rhetoric against Moscow, and cybersecurity has proven a pivotal part of the discussion. The Biden administration is now requesting $10 billion in emergency funds to address Russia’s campaign, with sizeable pots for cybersecurity. Officials say it will help curb the global impact of the Kremlin’s campaign.”

Title: Samsung Confirms Data Breach After Hackers Leak Galaxy Source Code
Date Published: March 8, 2022

https://thehackernews.com/2022/03/samsung-confirms-data-breach-after.html

Excerpt: “Samsung on Monday confirmed a security breach that resulted in the exposure of internal company data, including the source code related to its Galaxy smartphones. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” the electronics giant told Bloomberg.”

Title: Patched Vulnerability in Widely Used UPS Devices Allows Attackers to Control Power Backup System
Date Published: March 8, 2022

https://www.scmagazine.com/analysis/device-security/patched-vulnerability-in-widely-used-ups-devices-allows-attackers-to-control-power-backup-system

Excerpt: “Schneider Electric patched three vulnerabilities in its popular APC Smart-UPS line of power backup systems that could allow attackers to control if or how energy flows, or overheat the UPS to dangerous levels. Armis, who discovered the vulnerabilities, released a video demonstrating how to use modified firmware to turn the power on and off, remotely alter the waveform of and voltage of the electricity being supplied and overheat it to the point the UPS emits smoke.”

Title: FBI: Ransomware Gang Breached 52 US critical Infrastructure Orgs
Date Published: March 7, 2022

https://www.bleepingcomputer.com/news/security/fbi-ransomware-gang-breached-52-us-critical-infrastructure-orgs/

Excerpt: “The US Federal Bureau of Investigation (FBI) says the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors. This was revealed in a joint TLP:WHITE flash alert published on Monday in coordination with the Cybersecurity and Infrastructure Security Agency.”

Title: Ukraine’s CERT-UA Warns of Phishing Attacks Against Ukrainian Citizens
Date Published: March 8, 2022

https://securityaffairs.co/wordpress/128789/cyber-warfare-2/cert-ua-warns-phishing-ukrainian-citizens.html

Excerpt: “Ukraine’s Computer Emergency Response Team (CERT-UA) is warning of new phishing attacks targeting Ukrainian citizens through compromised email accounts belonging to three different Indian entities. The attacks were aimed at stealing sensitive information from compromised accounts. The malicious emails are sent by “[email protected][.]com” and used the subject line “?????” (translates “Attention”) and claimed to be from a domestic email service called Ukr.net.”

Title: Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks
Date Published: March 8, 2022

https://thehackernews.com/2022/03/google-russian-hackers-target.html

Excerpt: “A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia’s invasion of Ukraine. Google’s Threat Analysis Group (TAG) said it took down two Blogspot domains that were used by the nation-state group FancyBear (aka APT28) – which is attributed to Russia’s GRU military intelligence – as a landing page for its social engineering attacks.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...