March 9, 2022

Fortify Security Team
Mar 9, 2022

Title: APC UPS Zero-Day Bugs Can Remotely Burn Out Devices, Disable Power
Date Published: March 8, 2022

Excerpt: “A set of three critical zero-day vulnerabilities now tracked as TLStorm could let hackers take control of uninterruptible power supply (UPS) devices from APC, a subsidiary of Schneider Electric. The flaws affect APC Smart-UPS systems that are popular in a variety of activity sectors, including governmental, healthcare, industrial, IT, and retail.”

Title: Microsoft March 2022 Patch Tuesday Updates Fix 89 Vulnerabilities
Date Published: March 9, 2022

Excerpt: “Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including Microsoft Windows components, Azure and Azure DevOps, Azure Sphere, Internet Explorer and Edge (EdgeHTML), Exchange Server, Office and Office Services and Web Apps, SharePoint Server, Visual Studio, and Windows Hyper-V.”

Title: Russian APTs Furiously Phish Ukraine – Google
Date Published: March 9, 2022

Excerpt: “While Russia is fighting a physical war on the ground against Ukraine, advanced persistent threat (APT) groups affiliated with or backing Vladimir Putin’s government are ramping up phishing and other attacks against Ukrainian and European targets in cyberspace, Google is warning.”

Title: Mid-Market Tackling High Rate of Costly Attacks, Worsened by Complex, Siloed Defenses and Staff Burnout
Date Published: March 9, 2022

Excerpt: “Mid-market organizations in the UK suffered significant financial and operational damage as a result of cyberattacks in 2021, and want to see fundamental change to how cybersecurity is designed and run, a Censornet research reveals.”

Title: Reports: White House Set to Issue Executive Order on Crypto
Date Published: March 8, 2022

Excerpt: “U.S. President Joe Biden is reportedly set to make an unprecedented move for the digital asset space – outlining a whole-of-government approach to reining in cryptocurrencies, which have long been chided for potentially lax cybersecurity and anti-fraud measures. According to media reports, the administration will announce an executive order on cryptocurrency as early as this week, in an effort to jump-start U.S. alignment with global allies on enforcement.”

Title: Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses
Date Published: March 9, 2022

Excerpt: “Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System (CPS) that could be combined to achieve a full pre-authenticated remote code execution of affected systems. Kerbit security researcher Daniel Eshetu said the shortcomings, when chained together, can lead to “an unauthenticated attacker gaining root on these devices.”

Title: Chinese Phishing Actors Consistently Targeting EU Diplomats
Date Published: March 9, 2022

Excerpt: “The China-aligned group tracked as TA416 (aka Mustang Panda) has been consistently targeting European diplomats since August 2020, with the most recent activity involving refreshed lures to coincide with the Russian invasion of Ukraine. According to a new report by Proofpoint, TA416 spearheads cyber-espionage operations against the EU, consistently focusing on this long-term role without reaping opportunistic gains.”

Title: HP Addressed 16 UEFI Firmware Flaws Impacting Laptops, Desktops, PoS Systems
Date Published: March 9, 2022

Excerpt: “Researchers from cybersecurity firm Binarly discovered 16 high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. An attacker can exploit these vulnerabilities to implant a firmware that survives operating system updates and bypasses UEFI Secure Boot, Intel Boot Guard, and virtualization-based security.”

Title: Small Business Owners Worried About the Cybersecurity of their Commercial Vehicles
Date Published: March 9, 2022

Excerpt: “Small business owners are adding electric vehicles to their service fleets, a survey released by HSB reports, but they worry about cybersecurity when connecting them to public charging stations. The poll conducted by Zogby Analytics found 15 percent of small and medium-size businesses had leased or purchased electric vehicles (EVs) for commercial use.”

Title: Hackers Abuse Mitel Devices to Amplify DDoS Attacks by 4 Billion Times
Date Published: March 9, 2022

Excerpt: “Threat actors have been observed abusing a high-impact reflection/amplification method to stage sustained distributed denial-of-service (DDoS) attacks for up to 14 hours with a record-breaking amplification ratio of 4,294,967,296 to 1. The attack vector – dubbed TP240PhoneHome (CVE-2022-26143) – has been weaponized to launch significant DDoS attacks targeting broadband access ISPs, financial institutions, logistics companies, gaming firms, and other organizations.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 Excerpt: “The North Korean APT group 'Lazarus' (APT38)...