April 1, 2022

Fortify Security Team
Apr 1, 2022

Title: EU Draft Law Adds Security Checks to all Crypto Transactions

Date Published: April 1, 2022

https://www.bleepingcomputer.com/news/legal/eu-draft-law-adds-security-checks-to-all-crypto-transactions/

Excerpt: “The European Parliament has taken the first steps for new legislation against money-laundering that covers cryptocurrency transactions, which are an important part of illicit activities today. Members of the European Parliament from the Committee on Economic and Monetary Affairs (ECON) and the Committee on Civil Liberties (LIBE) have agreed on adopting (with 93 votes in favor, 14 against, and 14 abstentions) draft legislation for more transparent crypto asset transactions.”

Title: AcidRain, a Wiper that Crippled Routers and Modems in Europe

Date Published: April 1, 2022
https://securityaffairs.co/wordpress/129703/malware/acidrain-wiper-ukraine.html

Excerpt: “Security researchers at SentinelLabs have spotted a previously undetected destructive wiper, tracked as AcidRain, that hit routers and modems and that was suspected to be linked to the Viasat KA-SAT attack that took place on February 24th, 2022.”

Title: Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks

Date Published: March 31, 2022

https://threatpost.com/belarusian-ghostwriter-actor-picks-up-bitb-for-ukraine-related-attacks/179210/

Excerpt: “Ghostwriter – a threat actor previously linked with the Belarusian Ministry of Defense – has glommed onto the recently disclosed, nearly invisible “Browser-in-the-Browser” (BitB) credential-phishing technique in order to continue its ongoing exploitation of the war in Ukraine.”

Title: Spring4Shell: No need to Panic, but Mitigations are Advised

Date Published: March 31, 2022
https://www.helpnetsecurity.com/2022/03/31/spring4shell/

Excerpt: “Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively popular framework for building modern Java-based enterprise applications, began circulating online.”

Title: Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

Date Published: March 31, 2022

https://krebsonsecurity.com/2022/03/fake-emergency-search-warrants-draw-scrutiny-from-capitol-hill/

Excerpt “On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate’s most tech-savvy lawmakers said he was troubled by the report and is now asking technology companies and federal agencies for information about the frequency of such schemes.”

Title: Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code

Date Published: April 1, 2022

https://thehackernews.com/2022/04/critical-bugs-in-rockwell-plc-could.html

Excerpt: “Two new security vulnerabilities have been disclosed in Rockwell Automation’s programmable logic controllers (PLCs) and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes. The flaws have the potential to disrupt industrial operations and cause physical damage to factories in a manner similar to that of Stuxnet and the Rogue7 attacks, operational technology security company Claroty said.”

Title: Microsoft adds Windows 11 Upgrade Block due to IE11 Known Issue

Date Published: April  1, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-windows-11-upgrade-block-due-to-ie11-known-issue/

Excerpt: “Microsoft has added a new safeguard hold blocking Windows 11 upgrades for Windows 10 customers who don’t import their Internet Explorer 11 (IE11) data into Microsoft Edge before trying to install the newest Windows version. “After upgrading to Windows 11, saved information and data from Internet Explorer 11 (IE11) might not be accessible if you did not accept to import it into Microsoft Edge before the upgrade,” Microsoft explained in the Windows health dashboard.”

Title: Zyxel Fixes a Critical Bug in its Business Firewall and VPN Devices

Date Published: April 1, 2022

https://securityaffairs.co/wordpress/129689/security/zyxel-firewalls-authentication-bypass.html

Excerpt: “Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. The vulnerability can be exploited to take control of the devices.”

Title: Apple Rushes Out Patches for 0-Days in MacOS, iOS

Date Published: April 1, 2022

https://threatpost.com/apple-rushes-out-patches-0-days-macos-ios/179222/

Excerpt: “Apple rushed out patches for two zero-days affecting macOS and iOS Thursday, both of which are likely under active exploitation and could allow a threat actor to disrupt or access kernel activity. Apple released separate security updates for the bugs – a vulnerability affecting both macOS and iOS tracked as CVE-2022-22675 and a macOS flaw tracked as CVE-2022-22674. Their discovery was attributed to an anonymous researcher.”

Title: North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Victims’ Crypto

Date Published: April 1, 2022

https://thehackernews.com/2022/04/north-korean-hackers-distributing.html

Excerpt: “The North Korean state-backed hacking crew, otherwise known as the Lazarus Group, has been attributed to yet another financially motivated campaign that leverages a trojanized decentralized finance (DeFi) wallet app to distribute a fully-featured backdoor onto compromised Windows systems.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...