April 18, 2022

Fortify Security Team
Apr 18, 2022

Title: New Industrial Spy Stolen Data Market Promoted Through Cracks, Adware
Date Published: April 16, 2022


Excerpt: “Threat actors have launched a new marketplace called Industrial Spy that sells stolen data from breached companies, as well as offering free stolen data to its members. While stolen data marketplaces are not new, instead of extorting companies and scaring them with GDPR fines, Industrial Spy promotes itself as a marketplace where businesses can purchase their competitors’ data to gain access to trade secrets, manufacturing diagrams, accounting reports, and client databases.”

Title: CISA adds VMware, Chrome flaws to its Known Exploited Vulnerabilities Catalog
Date Published: April 18, 2022


Excerpt: “The Cybersecurity and Infrastructure Security Agency (CISA) added a VMware privilege escalation flaw (CVE-2022-22960) and a Google Chrome type confusion issue (CVE-2022-1364) to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.”

Title: Identity Experts Call for Mobile Driver’s License Push in US
Date Published: April 15, 2022


Excerpt: “Identity experts urged the Biden administration this week to accelerate the deployment of mobile driver’s licenses and ensure identity theft victims get direct assistance. The experts said four items must be added to an upcoming executive order from the U.S. government focused on preventing and detecting identity theft: mobile driver’s licenses; direct assistance for identity theft victims; identity attribute validation services; and a federal digital identity framework. President Joe Biden pledged to issue the executive order on this matter in his March 1 State of the Union address (see: Sound Off: What Gaps Must ID Theft Executive Order Address?).”

Title: Researchers Share In-Depth Analysis of PYSA Ransomware Group
Date Published: April 18, 2022


Excerpt: “An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. This included a user-friendly tool like a full-text search engine to facilitate the extraction of metadata and enable the threat actors to find and access victim information quickly.”

Title: Investment in ‘taxtech’ Industry  Booms as Criminals Refine, Revamp Tax-Related Scams
Date Published: April 18, 2022


Excerpt: “Just because death and taxes are a certainty, it does not mean that individual and business taxpayers need fall prey to the growing raft of tax-related scams that experts have seen recently. Cybercrime rings have utilized a variety of tricky email- and online-based approaches to steal privileged data or funds, or just to infiltrate the networks of their victims, under the guise of the IRS.”

Title: Beanstalk DeFi Platform Loses $182 Million in Flash-Load Attack
Date Published: April 18, 2022


Excerpt: “The decentralized, credit-based finance system Beanstalk disclosed on Sunday that it suffered a security breach that resulted in financial losses of $182 million, the attacker stealing $80 million in crypto assets. As a result of this attack, trust in Beanstalk’s market has been compromised, and the value of its decentralized credit-based BEAN stablecoin has collapsed from a little over $1 on Sunday to $0.11 right now.”

Title: Enemybot, a New DDoS Botnet Appears in the Threat Landscape
Date Published: April  17, 2022


Excerpt: “Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities. The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion.”

Title: Unmanaged and Unsecured Digital Identities are Driving Rise in Cybersecurity Debt
Date Published: April 15, 2022


Excerpt: “A global report released by CyberArk shows that 79% of senior security professionals state that cybersecurity has taken a back seat in the last year in favor of accelerating other digital business initiatives. The report identifies how the rise of human and machine identities – often running into the hundreds of thousands per organization – has driven a buildup of identity-related cybersecurity debt, exposing organizations to greater cybersecurity risk.”

Title: New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar
Date Published: April 18, 2022


Excerpt: “Cybersecurity researchers have disclosed a new version of the SolarMarker malware that packs in new improvements with the goal of updating its defense evasion abilities and staying under the radar. “The recent version demonstrated an evolution from Windows Portable Executables (EXE files) to working with Windows installer package files (MSI files),” Palo Alto Networks Unit 42 researchers said in a report published this month. “This campaign is still in development and going back to using executables files (EXE) as it did in its earlier versions.””

Title: Feds Offer $5 Million to Help Disrupt North Korean Hackers
Date Published: April 18, 2022

Excerpt: “The U.S. government is offering a reward of up to $5 million for information that helps it disrupt the illicit flow of funds to North Korea. The State Department’s Rewards for Justice program on Friday announced that it’s seeking information that leads to “the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including money laundering, exportation of luxury goods to North Korea, specified cyber-activity” and anything that supports the country’s weapons of mass destruction programs.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...