April 11, 2022

Fortify Security Team
Apr 11, 2022

Title: New Meta Information Stealer Distributed in Malspam Campaign
Date Published: April 10, 2022


Excerpt: “A malspam campaign has been found distributing the new META malware, a new info-stealer malware that appears to be rising in popularity among cybercriminals. META is one of the novel info-stealers, along with Mars Stealer and BlackGuard, whose operators wish to take advantage of Raccoon Stealer’s exit from the market that left many searching for their next platform.”

Title: Microsoft’s Autopatch Feature Improves the Patch Management Process
Date Published: April 11, 2022


Excerpt: “Microsoft recently announced the implementation of a new feature called Autopatch starting with Windows Enterprise E3 in July 2022 that aims at keeping their systems up-to-date. The move aims at improving the patch management process in enterprises that could be exposed to cyber-attacks in case they fail into installing the available patch and upgrades.”

Title: Human Activated Risk Still a Pain Point for Organizations
Date Published: April 11, 2022


Excerpt: “Egress announced the results of a report, which revealed that 56% of IT leaders say that their non-technical staff are only ‘somewhat’ prepared, or ‘not at all’ prepared, for a security attack. Six hundred IT security leaders across a broad range of industries were anonymously surveyed regarding their organizations’ security posture in this heightened threat environment. Add to this, 77% of respondents have seen an increase in security compromises since going remote 2 years ago, and there’s a continued significant risk to organizations.”

Title: SEC Breach Disclosure Rule Makes CISOs Assess Damage Sooner
Date Published: April 8, 2022


Excerpt: “A proposed rule requiring publicly traded companies to disclose a breach within four days of deeming it material will force CISOs to determine the consequences of cyberattacks sooner. CISOs today are initially most focused on the impact to corporate data and systems when they first learn about a breach, Davis Wright Tremaine partner Michael Borgia tells Information Security Media Group. Going forward, CISOs will need to have board-level conversations within a day or two of discovering a breach to determine whether or not the incident is material so that the company can adhere to disclosure rules (see: US SEC Proposes 48-Hour Incident Reporting Requirement).”

Title: Researchers Warn of FFDroider and Lightning Info-Stealers Targeting Users in the Wild
Date Published: April 11, 2022


Excerpt: “Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. “Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself on victim’s machines to look like the instant messaging application ‘Telegram,'” Zscaler ThreatLabz researchers Avinash Kumar and Niraj Shivtarkar said in a report published last week.”

Title: Patient Data Stolen Ahead of East Tennessee Children’s Hospital Attack, Outage
Date Published: April 8, 2022


Excerpt: “Several weeks after a cyberattack spurred network disruptions at East Tennessee Children’s Hospital, ETCH is notifying an undisclosed number of patients and parents that the threat actors stole sensitive health information during the incident. As previously reported, an “IT security issue” at ETCH caused several weeks of disruptions to key care services at its downtown location beginning on March 13. Email and X-ray services were taken offline during the attack while patients were told to call before attending scheduled appointments as some would need to be rescheduled.”

Title: Hackers use Conti’s Leaked Ransomware to Attack Russian Companies
Date Published: April  9, 2022


Excerpt: “A hacking group used the Conti’s leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations. While it is common to hear of ransomware attacks targeting companies and encrypting data, we rarely hear about Russian organizations getting attacked similarly.”

Title: Dependency Review GitHub Action Prevents Adding Known Flaws in the Code
Date Published: April 11, 2022


Excerpt: “GitHub announced Dependency Review GitHub Action which scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws that can be exploited in supply chain attacks. Currently, Dependabot already alerts developers when vulnerabilities are found in their existing dependencies, but the new action aims at ensuring security when they add a new dependency.”

Title: Organizations Must be Doing Something Good: Payment Fraud Activity is Declining
Date Published: April 11, 2022


Excerpt: “Results from an Association for Financial Professionals (AFP) survey are encouraging, as 71% of organizations report having been victims of payments fraud activity in 2021, lower than the 81% reported in 2019 and the lowest percentage recorded since 2014.”

Title: Chinese Hacker Groups Continue to Target Indian Power Grid Assets
Date Published: April 8, 2022


Excerpt: “China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named ShadowPad, according to Recorded Future’s Insikt Group, a sophisticated remote access trojan which has been dubbed a “masterpiece of privately sold malware in Chinese espionage.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...