April 14, 2022

Fortify Security Team
Apr 14, 2022

Title: Flaw in Rarible NFT Market Allowed Tricky Crypto Asset Transfers

Date Published: April 14, 2022

https://www.bleepingcomputer.com/news/security/flaw-in-rarible-nft-market-allowed-tricky-crypto-asset-transfers/

Excerpt: “A security flaw in the Rarible NFT (non-fungible token) marketplace allowed threat actors to use a relatively simple trick to steal digital assets and transfer them directly into their wallets. Rarible is a community-centric NFT marketplace that offers up to 50% in royalties, having 2.1 million registered users, hundreds of millions U.S. dollars in annual trading volumes, and support for three blockchains.”

Title: Critical VMware Workspace ONE Access CVE-2022-22954 flaw actively exploited

Date Published: April 14, 2022

https://securityaffairs.co/wordpress/130188/hacking/vmware-workspace-one-access-flaw-attacks.html

Excerpt: “Threat actors are actively exploiting a critical flaw, tracked as CVE-2022-22954, in VMware Workspace ONE Access and Identity Manager recently patched by the vendor. Researchers from cyber threat intelligence BadPackets also reported that the vulnerability is actively exploited in the wild.”

Title: Feds Shut Down RaidForums Hacking Marketplace

Date Published: April 13, 2022

https://threatpost.com/shut-down-raidforums-hacking-marketplace/179279/

Excerpt: “U.S. law enforcement has shut down one of the largest cybercriminal online forums in the world and revealed the charges its Portuguese founder will face in federal court. However, the takedown is likely to only be a temporary blow to hackers, who will find other ways of buying and selling data stolen in cyber-attacks, security professionals noted.”

Title: New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt

Date Published: April 14, 2022

https://thehackernews.com/2022/04/new-enemybot-ddos-botnet-borrows.html

Excerpt: “A threat group that pursues crypto mining and distributed denial-of-service (DDoS) attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things (IoT) devices since last month. “This botnet is mainly derived from Gafgyt’s source code but has been observed to borrow several modules from Mirai’s original source code,” Fortinet FortiGuard Labs said in a report this week.”

Title: Insurance Companies Increasingly Fall Prey to Cyberattacks

Date Published: April 14, 2022

https://www.scmagazine.com/analysis/cybercrime/insurance-companies-increasingly-fall-prey-to-cyberattacks

Excerpt: “For many years, cybercriminals have focused their attacks on banks, credit unions and investment firms. But given the bounty of information held by insurance companies, it was only a matter of time before hackers started going after traditional insurance companies. In March 2020, one of the most notable breaches to hit the industry came to light, when it was made public that Chubb, one of the largest insurance companies in the world, had been hit by a ransomware attack. The New Jersey-based insurance company had fallen victim to Maze ransomware, a particularly sophisticated variant known to spread like wildfire throughout a network, and difficult to root out.”

Title: Identifying a Vulnerability in the SAP Software Supply Chain

Date Published: April 13, 2022

https://www.darkreading.com/vulnerabilities-threats/identifying-a-vulnerability-in-the-sap-software-supply-chain

Excerpt: “Software supply chain attacks, also called value-chain or third-party attacks, are emerging threats. This type of attack is often carried out by infiltrating a third party or outside partner that has access to your systems. Typically, the attacker’s intent is to access source codes, build processes, or update mechanisms by infecting legitimate apps and hijacking them to distribute malware. However, when it comes to targeting SAP systems, these types of attacks can be carried out by employees and also hit internal software deployment processes. “

Title: OldGremlin Ransomware Deploys New Malware on Russian Mining Org

Date Published: April  14, 2022

https://www.bleepingcomputer.com/news/security/oldgremlin-ransomware-deploys-new-malware-on-russian-mining-org/

Excerpt: “OldGremlin, a little-known threat actor that uses its particularly advanced skills to run carefully prepared, sporadic campaigns, has made a comeback last month after a gap of more than one year. The group distinguishes itself from other ransomware operations through the small number of campaigns – less than five since early 2021 – that target only businesses in Russia and the use of custom backdoors built in-house.”

Title: Microsoft has Taken Legal and Technical Action to Dismantle the Zloader Botnet

Date Published: April 14, 2022

https://securityaffairs.co/wordpress/130181/malware/microsoft-disrupts-zloader-malware-infrastructure.html

Excerpt: “Microsoft dismantled the C2 infrastructure used by the ZLoader trojan with the help of telecommunications providers around the world and cybersecurity firms. The IT giant obtained a court order that allowed it to sinkhole 65 domains used by the ZLoader operators along with an additional 319 currently registered DGA domains.”

Title: Ethereum Developer Jailed 63 Months for Helping North Korea Evade Sanctions

Date Published: April 14, 2022

https://thehackernews.com/2022/04/ethereum-developer-jailed-63-months-for.html

Excerpt: “The illegal dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of the international law enforcement Operation TOURNIQUET coordinated by Europol’s European Cybercrime Centre. Operation TOURNIQUET was conducted by law enforcement agencies from the United States, United Kingdom, Sweden, Portugal, and Romania. The law enforcement arrested the administrator of the marketplace and two of his accomplices.”

Title: Consumers Feel Data Leakage is Inevitable so Many Have Stopped Caring

Date Published: April 14, 2022

https://www.helpnetsecurity.com/2022/04/14/data-privacy-consumer-perceptions/

Excerpt: “Imperva releases findings from a global study on consumer perceptions of data privacy and trust in digital service providers. In an increasingly digital world, consumers feel trapped: sharing personal data is a requirement to use digital services, but the majority do not trust these organizations to protect their data.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...