April 11, 2022

Fortify Security Team
Apr 11, 2022

Title: New Meta Information Stealer Distributed in Malspam Campaign
Date Published: April 10, 2022

https://www.bleepingcomputer.com/news/security/new-meta-information-stealer-distributed-in-malspam-campaign/

Excerpt: “A malspam campaign has been found distributing the new META malware, a new info-stealer malware that appears to be rising in popularity among cybercriminals. META is one of the novel info-stealers, along with Mars Stealer and BlackGuard, whose operators wish to take advantage of Raccoon Stealer’s exit from the market that left many searching for their next platform.”

Title: Microsoft’s Autopatch Feature Improves the Patch Management Process
Date Published: April 11, 2022

https://securityaffairs.co/wordpress/130082/security/microsoft-autopatch-feature-patch-management.html

Excerpt: “Microsoft recently announced the implementation of a new feature called Autopatch starting with Windows Enterprise E3 in July 2022 that aims at keeping their systems up-to-date. The move aims at improving the patch management process in enterprises that could be exposed to cyber-attacks in case they fail into installing the available patch and upgrades.”

Title: Human Activated Risk Still a Pain Point for Organizations
Date Published: April 11, 2022

https://www.helpnetsecurity.com/2022/04/11/non-technical-staff-security/

Excerpt: “Egress announced the results of a report, which revealed that 56% of IT leaders say that their non-technical staff are only ‘somewhat’ prepared, or ‘not at all’ prepared, for a security attack. Six hundred IT security leaders across a broad range of industries were anonymously surveyed regarding their organizations’ security posture in this heightened threat environment. Add to this, 77% of respondents have seen an increase in security compromises since going remote 2 years ago, and there’s a continued significant risk to organizations.”

Title: SEC Breach Disclosure Rule Makes CISOs Assess Damage Sooner
Date Published: April 8, 2022

https://www.bankinfosecurity.com/sec-breach-disclosure-rule-makes-cisos-assess-damage-sooner-a-18875

Excerpt: “A proposed rule requiring publicly traded companies to disclose a breach within four days of deeming it material will force CISOs to determine the consequences of cyberattacks sooner. CISOs today are initially most focused on the impact to corporate data and systems when they first learn about a breach, Davis Wright Tremaine partner Michael Borgia tells Information Security Media Group. Going forward, CISOs will need to have board-level conversations within a day or two of discovering a breach to determine whether or not the incident is material so that the company can adhere to disclosure rules (see: US SEC Proposes 48-Hour Incident Reporting Requirement).”

Title: Researchers Warn of FFDroider and Lightning Info-Stealers Targeting Users in the Wild
Date Published: April 11, 2022

https://thehackernews.com/2022/04/researchers-warn-of-ffdroider-and.html

Excerpt: “Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. “Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself on victim’s machines to look like the instant messaging application ‘Telegram,'” Zscaler ThreatLabz researchers Avinash Kumar and Niraj Shivtarkar said in a report published last week.”

Title: Patient Data Stolen Ahead of East Tennessee Children’s Hospital Attack, Outage
Date Published: April 8, 2022

https://www.scmagazine.com/analysis/breach/patient-data-stolen-ahead-of-east-tennessee-childrens-hospital-attack-outage

Excerpt: “Several weeks after a cyberattack spurred network disruptions at East Tennessee Children’s Hospital, ETCH is notifying an undisclosed number of patients and parents that the threat actors stole sensitive health information during the incident. As previously reported, an “IT security issue” at ETCH caused several weeks of disruptions to key care services at its downtown location beginning on March 13. Email and X-ray services were taken offline during the attack while patients were told to call before attending scheduled appointments as some would need to be rescheduled.”

Title: Hackers use Conti’s Leaked Ransomware to Attack Russian Companies
Date Published: April  9, 2022

https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/

Excerpt: “A hacking group used the Conti’s leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations. While it is common to hear of ransomware attacks targeting companies and encrypting data, we rarely hear about Russian organizations getting attacked similarly.”

Title: Dependency Review GitHub Action Prevents Adding Known Flaws in the Code
Date Published: April 11, 2022

https://securityaffairs.co/wordpress/130067/security/dependency-review-github-action.html

Excerpt: “GitHub announced Dependency Review GitHub Action which scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws that can be exploited in supply chain attacks. Currently, Dependabot already alerts developers when vulnerabilities are found in their existing dependencies, but the new action aims at ensuring security when they add a new dependency.”

Title: Organizations Must be Doing Something Good: Payment Fraud Activity is Declining
Date Published: April 11, 2022

https://www.helpnetsecurity.com/2022/04/11/payments-fraud-activity/

Excerpt: “Results from an Association for Financial Professionals (AFP) survey are encouraging, as 71% of organizations report having been victims of payments fraud activity in 2021, lower than the 81% reported in 2019 and the lowest percentage recorded since 2014.”

Title: Chinese Hacker Groups Continue to Target Indian Power Grid Assets
Date Published: April 8, 2022

https://thehackernews.com/2022/04/chinese-hacker-groups-continue-to.html

Excerpt: “China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named ShadowPad, according to Recorded Future’s Insikt Group, a sophisticated remote access trojan which has been dubbed a “masterpiece of privately sold malware in Chinese espionage.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...