April 11, 2022

Fortify Security Team
Apr 11, 2022

Title: New Meta Information Stealer Distributed in Malspam Campaign
Date Published: April 10, 2022

https://www.bleepingcomputer.com/news/security/new-meta-information-stealer-distributed-in-malspam-campaign/

Excerpt: “A malspam campaign has been found distributing the new META malware, a new info-stealer malware that appears to be rising in popularity among cybercriminals. META is one of the novel info-stealers, along with Mars Stealer and BlackGuard, whose operators wish to take advantage of Raccoon Stealer’s exit from the market that left many searching for their next platform.”

Title: Microsoft’s Autopatch Feature Improves the Patch Management Process
Date Published: April 11, 2022

https://securityaffairs.co/wordpress/130082/security/microsoft-autopatch-feature-patch-management.html

Excerpt: “Microsoft recently announced the implementation of a new feature called Autopatch starting with Windows Enterprise E3 in July 2022 that aims at keeping their systems up-to-date. The move aims at improving the patch management process in enterprises that could be exposed to cyber-attacks in case they fail into installing the available patch and upgrades.”

Title: Human Activated Risk Still a Pain Point for Organizations
Date Published: April 11, 2022

https://www.helpnetsecurity.com/2022/04/11/non-technical-staff-security/

Excerpt: “Egress announced the results of a report, which revealed that 56% of IT leaders say that their non-technical staff are only ‘somewhat’ prepared, or ‘not at all’ prepared, for a security attack. Six hundred IT security leaders across a broad range of industries were anonymously surveyed regarding their organizations’ security posture in this heightened threat environment. Add to this, 77% of respondents have seen an increase in security compromises since going remote 2 years ago, and there’s a continued significant risk to organizations.”

Title: SEC Breach Disclosure Rule Makes CISOs Assess Damage Sooner
Date Published: April 8, 2022

https://www.bankinfosecurity.com/sec-breach-disclosure-rule-makes-cisos-assess-damage-sooner-a-18875

Excerpt: “A proposed rule requiring publicly traded companies to disclose a breach within four days of deeming it material will force CISOs to determine the consequences of cyberattacks sooner. CISOs today are initially most focused on the impact to corporate data and systems when they first learn about a breach, Davis Wright Tremaine partner Michael Borgia tells Information Security Media Group. Going forward, CISOs will need to have board-level conversations within a day or two of discovering a breach to determine whether or not the incident is material so that the company can adhere to disclosure rules (see: US SEC Proposes 48-Hour Incident Reporting Requirement).”

Title: Researchers Warn of FFDroider and Lightning Info-Stealers Targeting Users in the Wild
Date Published: April 11, 2022

https://thehackernews.com/2022/04/researchers-warn-of-ffdroider-and.html

Excerpt: “Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. “Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself on victim’s machines to look like the instant messaging application ‘Telegram,'” Zscaler ThreatLabz researchers Avinash Kumar and Niraj Shivtarkar said in a report published last week.”

Title: Patient Data Stolen Ahead of East Tennessee Children’s Hospital Attack, Outage
Date Published: April 8, 2022

https://www.scmagazine.com/analysis/breach/patient-data-stolen-ahead-of-east-tennessee-childrens-hospital-attack-outage

Excerpt: “Several weeks after a cyberattack spurred network disruptions at East Tennessee Children’s Hospital, ETCH is notifying an undisclosed number of patients and parents that the threat actors stole sensitive health information during the incident. As previously reported, an “IT security issue” at ETCH caused several weeks of disruptions to key care services at its downtown location beginning on March 13. Email and X-ray services were taken offline during the attack while patients were told to call before attending scheduled appointments as some would need to be rescheduled.”

Title: Hackers use Conti’s Leaked Ransomware to Attack Russian Companies
Date Published: April  9, 2022

https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/

Excerpt: “A hacking group used the Conti’s leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations. While it is common to hear of ransomware attacks targeting companies and encrypting data, we rarely hear about Russian organizations getting attacked similarly.”

Title: Dependency Review GitHub Action Prevents Adding Known Flaws in the Code
Date Published: April 11, 2022

https://securityaffairs.co/wordpress/130067/security/dependency-review-github-action.html

Excerpt: “GitHub announced Dependency Review GitHub Action which scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws that can be exploited in supply chain attacks. Currently, Dependabot already alerts developers when vulnerabilities are found in their existing dependencies, but the new action aims at ensuring security when they add a new dependency.”

Title: Organizations Must be Doing Something Good: Payment Fraud Activity is Declining
Date Published: April 11, 2022

https://www.helpnetsecurity.com/2022/04/11/payments-fraud-activity/

Excerpt: “Results from an Association for Financial Professionals (AFP) survey are encouraging, as 71% of organizations report having been victims of payments fraud activity in 2021, lower than the 81% reported in 2019 and the lowest percentage recorded since 2014.”

Title: Chinese Hacker Groups Continue to Target Indian Power Grid Assets
Date Published: April 8, 2022

https://thehackernews.com/2022/04/chinese-hacker-groups-continue-to.html

Excerpt: “China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named ShadowPad, according to Recorded Future’s Insikt Group, a sophisticated remote access trojan which has been dubbed a “masterpiece of privately sold malware in Chinese espionage.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...