April 11, 2022

Fortify Security Team
Apr 11, 2022

Title: New Meta Information Stealer Distributed in Malspam Campaign
Date Published: April 10, 2022


Excerpt: “A malspam campaign has been found distributing the new META malware, a new info-stealer malware that appears to be rising in popularity among cybercriminals. META is one of the novel info-stealers, along with Mars Stealer and BlackGuard, whose operators wish to take advantage of Raccoon Stealer’s exit from the market that left many searching for their next platform.”

Title: Microsoft’s Autopatch Feature Improves the Patch Management Process
Date Published: April 11, 2022


Excerpt: “Microsoft recently announced the implementation of a new feature called Autopatch starting with Windows Enterprise E3 in July 2022 that aims at keeping their systems up-to-date. The move aims at improving the patch management process in enterprises that could be exposed to cyber-attacks in case they fail into installing the available patch and upgrades.”

Title: Human Activated Risk Still a Pain Point for Organizations
Date Published: April 11, 2022


Excerpt: “Egress announced the results of a report, which revealed that 56% of IT leaders say that their non-technical staff are only ‘somewhat’ prepared, or ‘not at all’ prepared, for a security attack. Six hundred IT security leaders across a broad range of industries were anonymously surveyed regarding their organizations’ security posture in this heightened threat environment. Add to this, 77% of respondents have seen an increase in security compromises since going remote 2 years ago, and there’s a continued significant risk to organizations.”

Title: SEC Breach Disclosure Rule Makes CISOs Assess Damage Sooner
Date Published: April 8, 2022


Excerpt: “A proposed rule requiring publicly traded companies to disclose a breach within four days of deeming it material will force CISOs to determine the consequences of cyberattacks sooner. CISOs today are initially most focused on the impact to corporate data and systems when they first learn about a breach, Davis Wright Tremaine partner Michael Borgia tells Information Security Media Group. Going forward, CISOs will need to have board-level conversations within a day or two of discovering a breach to determine whether or not the incident is material so that the company can adhere to disclosure rules (see: US SEC Proposes 48-Hour Incident Reporting Requirement).”

Title: Researchers Warn of FFDroider and Lightning Info-Stealers Targeting Users in the Wild
Date Published: April 11, 2022


Excerpt: “Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. “Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself on victim’s machines to look like the instant messaging application ‘Telegram,'” Zscaler ThreatLabz researchers Avinash Kumar and Niraj Shivtarkar said in a report published last week.”

Title: Patient Data Stolen Ahead of East Tennessee Children’s Hospital Attack, Outage
Date Published: April 8, 2022


Excerpt: “Several weeks after a cyberattack spurred network disruptions at East Tennessee Children’s Hospital, ETCH is notifying an undisclosed number of patients and parents that the threat actors stole sensitive health information during the incident. As previously reported, an “IT security issue” at ETCH caused several weeks of disruptions to key care services at its downtown location beginning on March 13. Email and X-ray services were taken offline during the attack while patients were told to call before attending scheduled appointments as some would need to be rescheduled.”

Title: Hackers use Conti’s Leaked Ransomware to Attack Russian Companies
Date Published: April  9, 2022


Excerpt: “A hacking group used the Conti’s leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations. While it is common to hear of ransomware attacks targeting companies and encrypting data, we rarely hear about Russian organizations getting attacked similarly.”

Title: Dependency Review GitHub Action Prevents Adding Known Flaws in the Code
Date Published: April 11, 2022


Excerpt: “GitHub announced Dependency Review GitHub Action which scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws that can be exploited in supply chain attacks. Currently, Dependabot already alerts developers when vulnerabilities are found in their existing dependencies, but the new action aims at ensuring security when they add a new dependency.”

Title: Organizations Must be Doing Something Good: Payment Fraud Activity is Declining
Date Published: April 11, 2022


Excerpt: “Results from an Association for Financial Professionals (AFP) survey are encouraging, as 71% of organizations report having been victims of payments fraud activity in 2021, lower than the 81% reported in 2019 and the lowest percentage recorded since 2014.”

Title: Chinese Hacker Groups Continue to Target Indian Power Grid Assets
Date Published: April 8, 2022


Excerpt: “China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named ShadowPad, according to Recorded Future’s Insikt Group, a sophisticated remote access trojan which has been dubbed a “masterpiece of privately sold malware in Chinese espionage.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...