April 18, 2022

Fortify Security Team
Apr 18, 2022

Title: New Industrial Spy Stolen Data Market Promoted Through Cracks, Adware
Date Published: April 16, 2022


Excerpt: “Threat actors have launched a new marketplace called Industrial Spy that sells stolen data from breached companies, as well as offering free stolen data to its members. While stolen data marketplaces are not new, instead of extorting companies and scaring them with GDPR fines, Industrial Spy promotes itself as a marketplace where businesses can purchase their competitors’ data to gain access to trade secrets, manufacturing diagrams, accounting reports, and client databases.”

Title: CISA adds VMware, Chrome flaws to its Known Exploited Vulnerabilities Catalog
Date Published: April 18, 2022


Excerpt: “The Cybersecurity and Infrastructure Security Agency (CISA) added a VMware privilege escalation flaw (CVE-2022-22960) and a Google Chrome type confusion issue (CVE-2022-1364) to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.”

Title: Identity Experts Call for Mobile Driver’s License Push in US
Date Published: April 15, 2022


Excerpt: “Identity experts urged the Biden administration this week to accelerate the deployment of mobile driver’s licenses and ensure identity theft victims get direct assistance. The experts said four items must be added to an upcoming executive order from the U.S. government focused on preventing and detecting identity theft: mobile driver’s licenses; direct assistance for identity theft victims; identity attribute validation services; and a federal digital identity framework. President Joe Biden pledged to issue the executive order on this matter in his March 1 State of the Union address (see: Sound Off: What Gaps Must ID Theft Executive Order Address?).”

Title: Researchers Share In-Depth Analysis of PYSA Ransomware Group
Date Published: April 18, 2022


Excerpt: “An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. This included a user-friendly tool like a full-text search engine to facilitate the extraction of metadata and enable the threat actors to find and access victim information quickly.”

Title: Investment in ‘taxtech’ Industry  Booms as Criminals Refine, Revamp Tax-Related Scams
Date Published: April 18, 2022


Excerpt: “Just because death and taxes are a certainty, it does not mean that individual and business taxpayers need fall prey to the growing raft of tax-related scams that experts have seen recently. Cybercrime rings have utilized a variety of tricky email- and online-based approaches to steal privileged data or funds, or just to infiltrate the networks of their victims, under the guise of the IRS.”

Title: Beanstalk DeFi Platform Loses $182 Million in Flash-Load Attack
Date Published: April 18, 2022


Excerpt: “The decentralized, credit-based finance system Beanstalk disclosed on Sunday that it suffered a security breach that resulted in financial losses of $182 million, the attacker stealing $80 million in crypto assets. As a result of this attack, trust in Beanstalk’s market has been compromised, and the value of its decentralized credit-based BEAN stablecoin has collapsed from a little over $1 on Sunday to $0.11 right now.”

Title: Enemybot, a New DDoS Botnet Appears in the Threat Landscape
Date Published: April  17, 2022


Excerpt: “Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities. The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion.”

Title: Unmanaged and Unsecured Digital Identities are Driving Rise in Cybersecurity Debt
Date Published: April 15, 2022


Excerpt: “A global report released by CyberArk shows that 79% of senior security professionals state that cybersecurity has taken a back seat in the last year in favor of accelerating other digital business initiatives. The report identifies how the rise of human and machine identities – often running into the hundreds of thousands per organization – has driven a buildup of identity-related cybersecurity debt, exposing organizations to greater cybersecurity risk.”

Title: New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar
Date Published: April 18, 2022


Excerpt: “Cybersecurity researchers have disclosed a new version of the SolarMarker malware that packs in new improvements with the goal of updating its defense evasion abilities and staying under the radar. “The recent version demonstrated an evolution from Windows Portable Executables (EXE files) to working with Windows installer package files (MSI files),” Palo Alto Networks Unit 42 researchers said in a report published this month. “This campaign is still in development and going back to using executables files (EXE) as it did in its earlier versions.””

Title: Feds Offer $5 Million to Help Disrupt North Korean Hackers
Date Published: April 18, 2022

Excerpt: “The U.S. government is offering a reward of up to $5 million for information that helps it disrupt the illicit flow of funds to North Korea. The State Department’s Rewards for Justice program on Friday announced that it’s seeking information that leads to “the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including money laundering, exportation of luxury goods to North Korea, specified cyber-activity” and anything that supports the country’s weapons of mass destruction programs.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...