April 12, 2022

Fortify Security Team
Apr 12, 2022

Title: Sandworm Hackers Fail to Take Down Ukrainian Energy Provider
Date Published: April 12, 2022

https://www.bleepingcomputer.com/news/security/sandworm-hackers-fail-to-take-down-ukrainian-energy-provider/

Excerpt: “The Russian state-sponsored hacking group known as Sandworm tried on Friday to take down a large Ukrainian energy provider by disconnecting its electrical substations with a new variant of the Industroyer malware for industrial control systems (ICS) and a new version of the CaddyWiper data destruction malware.”

Title: NGINX project maintainers fix flaws in LDAP Reference Implementation
Date Published: April 12, 2022

https://securityaffairs.co/wordpress/130117/hacking/nginx-ldap-reference-implementation-bug.html

Excerpt: “The maintainers of the NGINX web server project have released security updates to address a zero-day vulnerability that resides in its Lightweight Directory Access Protocol (LDAP) Reference Implementation. The NGINX LDAP reference implementation uses LDAP to authenticate users of applications that are proxied by the NGINX web server.”

Title: Microsoft Takes Down Domains Used in Cyberattack Against Ukraine
Date Published: April 11, 2022

https://threatpost.com/microsoft-takedown-domains-ukraine/179257/

Excerpt: “Microsoft seized seven domains it claims were part of ongoing cyberattacks by what it said are state-sponsored Russian advanced persistent threat actors that targeted Ukrainian-related digital assets. The company obtained court orders to take control of the domains it said were used by Strontium, also known as APT28, Sofacy, Fancy Bear and Sednit. In a blog post outlining the actions, Microsoft reported attackers used the domains to target Ukrainian media organizations, government institutions and foreign policy think tanks based in the U.S. and Europe.”

Title: Data Democratization Leaves Enterprises at Risk
Date Published: April 12, 2022

https://www.helpnetsecurity.com/2022/04/12/data-democratization/

Excerpt: “Today’s digital landscape has increased enterprises’ reliance on large datasets and analytics, underscoring the value of data for business. A recent report from NewVantage Partners reveals 91.7% of IT and business executives out of 94 large companies are looking to increase their investments in big data projects in other data and AI initiatives. As more data is produced, enterprises are implementing data democratization strategies to enable their employees to access these datasets quickly and easily. Data democratization strategies are becoming increasingly popular as companies of all industries are adopting these policies to enhance productivity across the workplace, improve the customer experience, and advance employees’ abilities to make data-informed decisions.”

Title: US Bank Regulator Weighs Stablecoin Risks and Benefits
Date Published: April 11, 2022

https://www.bankinfosecurity.com/us-bank-regulator-weighs-stablecoin-risks-benefits-a-18888

Excerpt: “Acting Comptroller of the Currency Michael J. Hsu, on Friday delivered remarks at the Institute of International Economic Law at Georgetown University Law Center on developing a path forward for U.S.-backed stablecoins, leading to regulatory and security questions as the technology expands.”

Title: E.U. Officials Reportedly Targeted with Israeli Pegasus Spyware
Date Published: April 12, 2022

https://thehackernews.com/2022/04/eu-officials-reportedly-targeted-with.html

Excerpt: “Senior officials in the European Union were allegedly targeted with NSO Group’s infamous Pegasus surveillance tool, according to a new report from Reuters. At least five individuals, including European Justice Commissioner Didier Reynders, are said to have been singled out in total, the news agency said, citing documents and two unnamed E.U. officials. However, it’s not clear who used the commercial spyware against them or what information was obtained following the attacks.”

Title: Cash App Breach Demonstrates Threat Posed by Past and Present Employees
Date Published: April  12, 2022

https://www.scmagazine.com/analysis/identity-and-access/cash-app-breach-demonstrates-threat-posed-by-past-and-present-employees

Excerpt: “A recent compromise of the investment arm of Block Inc.’s fast-growing Cash App, which has been favored by Generation Z and Millennial customers, demonstrates the risk of insider fraud from former as well as existing employees. Last week news broke of a major data loss from the popular peer-to-peer payment (P2P) service, when financial regulator the SEC released a filing that charged a former Cash App employee with stealing the personal information of 8 million users. The Cash App investing data theft in question happened in December 2021, when the former Cash App employee downloaded customer names, brokerage account numbers, and in some cases their portfolio details and value, their holdings and certain trading activity.”

Title: Former DHS Acting IT Chief Convicted in Software, Database Theft Scheme
Date Published: April 11, 2022

https://www.darkreading.com/attacks-breaches/former-dhs-acting-it-chief-convicted-in-software-database-theft-scheme

Excerpt: “The former acting branch chief of the US Department of Homeland Security’s Information Technology Division today was convicted on several federal charges related to pilfering government proprietary software and databases. Murali Y. Venkata, 56, of Aldie, Va., was found guilty of conspiracy to defraud the US government, theft of government property, wire fraud, aggravated identity theft, and obstruction. He had worked with two other former government officials — Charles Edwards, former acting inspector general of DHS-OIG, and Sonal Patel, also of DHS-OIG — who pleaded guilty previously in the scheme.”

Title: CISA Warns Orgs of WatchGuard Bug Exploited by Russian State Hackers
Date Published: April 12, 2022

https://www.bleepingcomputer.com/news/security/cisa-warns-orgs-of-watchguard-bug-exploited-by-russian-state-hackers/

Excerpt: “The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies and urged all US organizations on Monday to patch an actively exploited bug impacting WatchGuard Firebox and XTM firewall appliances. Sandworm, a Russian-sponsored hacking group, believed to be part of the GRU Russian military intelligence agency, also exploited this high severity privilege escalation flaw (CVE-2022-23176) to build a new botnet dubbed Cyclops Blink out of compromised WatchGuard Small Office/Home Office (SOHO) network devices.”

Title: Anonymous Hacked Russia’s Ministry of Culture and Leaked 446 GB
Date Published: April 11, 2022

https://securityaffairs.co/wordpress/130106/hacktivism/anonymous-hacked-russia-ministry-of-culture.html

Excerpt: “Data leak service DDoSecrets has published over 700 GB of data allegedly stolen from the Russian government, including over 500,000 emails. The dump includes three datasets, the largest one is related to the Ministry of Culture at 446 GB (containing 230,000 emails), which is responsible for state policy regarding art, cinematography, archives, copyright, cultural heritage, and censorship.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...