April 18, 2022

Fortify Security Team
Apr 18, 2022

Title: New Industrial Spy Stolen Data Market Promoted Through Cracks, Adware
Date Published: April 16, 2022


Excerpt: “Threat actors have launched a new marketplace called Industrial Spy that sells stolen data from breached companies, as well as offering free stolen data to its members. While stolen data marketplaces are not new, instead of extorting companies and scaring them with GDPR fines, Industrial Spy promotes itself as a marketplace where businesses can purchase their competitors’ data to gain access to trade secrets, manufacturing diagrams, accounting reports, and client databases.”

Title: CISA adds VMware, Chrome flaws to its Known Exploited Vulnerabilities Catalog
Date Published: April 18, 2022


Excerpt: “The Cybersecurity and Infrastructure Security Agency (CISA) added a VMware privilege escalation flaw (CVE-2022-22960) and a Google Chrome type confusion issue (CVE-2022-1364) to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.”

Title: Identity Experts Call for Mobile Driver’s License Push in US
Date Published: April 15, 2022


Excerpt: “Identity experts urged the Biden administration this week to accelerate the deployment of mobile driver’s licenses and ensure identity theft victims get direct assistance. The experts said four items must be added to an upcoming executive order from the U.S. government focused on preventing and detecting identity theft: mobile driver’s licenses; direct assistance for identity theft victims; identity attribute validation services; and a federal digital identity framework. President Joe Biden pledged to issue the executive order on this matter in his March 1 State of the Union address (see: Sound Off: What Gaps Must ID Theft Executive Order Address?).”

Title: Researchers Share In-Depth Analysis of PYSA Ransomware Group
Date Published: April 18, 2022


Excerpt: “An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. This included a user-friendly tool like a full-text search engine to facilitate the extraction of metadata and enable the threat actors to find and access victim information quickly.”

Title: Investment in ‘taxtech’ Industry  Booms as Criminals Refine, Revamp Tax-Related Scams
Date Published: April 18, 2022


Excerpt: “Just because death and taxes are a certainty, it does not mean that individual and business taxpayers need fall prey to the growing raft of tax-related scams that experts have seen recently. Cybercrime rings have utilized a variety of tricky email- and online-based approaches to steal privileged data or funds, or just to infiltrate the networks of their victims, under the guise of the IRS.”

Title: Beanstalk DeFi Platform Loses $182 Million in Flash-Load Attack
Date Published: April 18, 2022


Excerpt: “The decentralized, credit-based finance system Beanstalk disclosed on Sunday that it suffered a security breach that resulted in financial losses of $182 million, the attacker stealing $80 million in crypto assets. As a result of this attack, trust in Beanstalk’s market has been compromised, and the value of its decentralized credit-based BEAN stablecoin has collapsed from a little over $1 on Sunday to $0.11 right now.”

Title: Enemybot, a New DDoS Botnet Appears in the Threat Landscape
Date Published: April  17, 2022


Excerpt: “Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities. The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion.”

Title: Unmanaged and Unsecured Digital Identities are Driving Rise in Cybersecurity Debt
Date Published: April 15, 2022


Excerpt: “A global report released by CyberArk shows that 79% of senior security professionals state that cybersecurity has taken a back seat in the last year in favor of accelerating other digital business initiatives. The report identifies how the rise of human and machine identities – often running into the hundreds of thousands per organization – has driven a buildup of identity-related cybersecurity debt, exposing organizations to greater cybersecurity risk.”

Title: New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar
Date Published: April 18, 2022


Excerpt: “Cybersecurity researchers have disclosed a new version of the SolarMarker malware that packs in new improvements with the goal of updating its defense evasion abilities and staying under the radar. “The recent version demonstrated an evolution from Windows Portable Executables (EXE files) to working with Windows installer package files (MSI files),” Palo Alto Networks Unit 42 researchers said in a report published this month. “This campaign is still in development and going back to using executables files (EXE) as it did in its earlier versions.””

Title: Feds Offer $5 Million to Help Disrupt North Korean Hackers
Date Published: April 18, 2022

Excerpt: “The U.S. government is offering a reward of up to $5 million for information that helps it disrupt the illicit flow of funds to North Korea. The State Department’s Rewards for Justice program on Friday announced that it’s seeking information that leads to “the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including money laundering, exportation of luxury goods to North Korea, specified cyber-activity” and anything that supports the country’s weapons of mass destruction programs.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...