April 14, 2022

Fortify Security Team
Apr 14, 2022

Title: Flaw in Rarible NFT Market Allowed Tricky Crypto Asset Transfers

Date Published: April 14, 2022


Excerpt: “A security flaw in the Rarible NFT (non-fungible token) marketplace allowed threat actors to use a relatively simple trick to steal digital assets and transfer them directly into their wallets. Rarible is a community-centric NFT marketplace that offers up to 50% in royalties, having 2.1 million registered users, hundreds of millions U.S. dollars in annual trading volumes, and support for three blockchains.”

Title: Critical VMware Workspace ONE Access CVE-2022-22954 flaw actively exploited

Date Published: April 14, 2022


Excerpt: “Threat actors are actively exploiting a critical flaw, tracked as CVE-2022-22954, in VMware Workspace ONE Access and Identity Manager recently patched by the vendor. Researchers from cyber threat intelligence BadPackets also reported that the vulnerability is actively exploited in the wild.”

Title: Feds Shut Down RaidForums Hacking Marketplace

Date Published: April 13, 2022


Excerpt: “U.S. law enforcement has shut down one of the largest cybercriminal online forums in the world and revealed the charges its Portuguese founder will face in federal court. However, the takedown is likely to only be a temporary blow to hackers, who will find other ways of buying and selling data stolen in cyber-attacks, security professionals noted.”

Title: New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt

Date Published: April 14, 2022


Excerpt: “A threat group that pursues crypto mining and distributed denial-of-service (DDoS) attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things (IoT) devices since last month. “This botnet is mainly derived from Gafgyt’s source code but has been observed to borrow several modules from Mirai’s original source code,” Fortinet FortiGuard Labs said in a report this week.”

Title: Insurance Companies Increasingly Fall Prey to Cyberattacks

Date Published: April 14, 2022


Excerpt: “For many years, cybercriminals have focused their attacks on banks, credit unions and investment firms. But given the bounty of information held by insurance companies, it was only a matter of time before hackers started going after traditional insurance companies. In March 2020, one of the most notable breaches to hit the industry came to light, when it was made public that Chubb, one of the largest insurance companies in the world, had been hit by a ransomware attack. The New Jersey-based insurance company had fallen victim to Maze ransomware, a particularly sophisticated variant known to spread like wildfire throughout a network, and difficult to root out.”

Title: Identifying a Vulnerability in the SAP Software Supply Chain

Date Published: April 13, 2022


Excerpt: “Software supply chain attacks, also called value-chain or third-party attacks, are emerging threats. This type of attack is often carried out by infiltrating a third party or outside partner that has access to your systems. Typically, the attacker’s intent is to access source codes, build processes, or update mechanisms by infecting legitimate apps and hijacking them to distribute malware. However, when it comes to targeting SAP systems, these types of attacks can be carried out by employees and also hit internal software deployment processes. “

Title: OldGremlin Ransomware Deploys New Malware on Russian Mining Org

Date Published: April  14, 2022


Excerpt: “OldGremlin, a little-known threat actor that uses its particularly advanced skills to run carefully prepared, sporadic campaigns, has made a comeback last month after a gap of more than one year. The group distinguishes itself from other ransomware operations through the small number of campaigns – less than five since early 2021 – that target only businesses in Russia and the use of custom backdoors built in-house.”

Title: Microsoft has Taken Legal and Technical Action to Dismantle the Zloader Botnet

Date Published: April 14, 2022


Excerpt: “Microsoft dismantled the C2 infrastructure used by the ZLoader trojan with the help of telecommunications providers around the world and cybersecurity firms. The IT giant obtained a court order that allowed it to sinkhole 65 domains used by the ZLoader operators along with an additional 319 currently registered DGA domains.”

Title: Ethereum Developer Jailed 63 Months for Helping North Korea Evade Sanctions

Date Published: April 14, 2022


Excerpt: “The illegal dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of the international law enforcement Operation TOURNIQUET coordinated by Europol’s European Cybercrime Centre. Operation TOURNIQUET was conducted by law enforcement agencies from the United States, United Kingdom, Sweden, Portugal, and Romania. The law enforcement arrested the administrator of the marketplace and two of his accomplices.”

Title: Consumers Feel Data Leakage is Inevitable so Many Have Stopped Caring

Date Published: April 14, 2022


Excerpt: “Imperva releases findings from a global study on consumer perceptions of data privacy and trust in digital service providers. In an increasingly digital world, consumers feel trapped: sharing personal data is a requirement to use digital services, but the majority do not trust these organizations to protect their data.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...