April 19, 2022

Fortify Security Team
Apr 19, 2022

Title: LinkedIn Brand Takes Lead as Most Impersonated in Phishing Attacks
Date Published: April 19, 2022


Excerpt: “Security researchers are warning that LinkedIn has become the most spoofed brand in phishing attacks, accounting for more than 52% of all such incidents at a global level. The data comes cybersecurity company Check Point, who recorded a dramatic uptick in LinkedIn brand abuse in phishing incidents in the first quarter of this year.”

Title: Kaspersky Releases a Free Decryptor for Yanluowang Ransomware
Date Published: April 19, 2022


Excerpt: “Researchers from Kaspersky discovered a vulnerability in the encryption process of the Yanluowang ransomware that can be exploited to recover the files encrypted by the malware without paying the ransom. The Yanluowang ransomware was first spotted by researchers from Symantec Threat Hunter Team in October 2021, the malware was used in highly targeted attacks against large enterprises.”

Title: 81% of Codebases Contain Known Open Source Vulnerabilities
Date Published: April 19, 2022


Excerpt: “Synopsys released a report which examines the results of more than 2,400 audits of commercial and proprietary codebases from merger and acquisition transactions, and highlights trends in open source usage within commercial and proprietary applications and provides insights to help developers better understand the interconnected software ecosystem.”

Title: Experts Uncover Spyware Attacks Against Catalan Politicians and Activists
Date Published: April 19, 2022


Excerpt: “A previously unknown zero-click exploit in Apple’s iMessage was used to install mercenary spyware from NSO Group and Candiru against at least 65 individuals as part of a “multi-year clandestine operation.” “Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organizations,” the University of Toronto’s Citizen Lab said in a new report. “Family members were also infected in some cases.”

Title: A Single Email Account Hack Spurs Breach Notice for 503K Christie Clinic Patients
Date Published: April 18, 2022


Excerpt: “Just because death and taxes are a certainty, it does not mean that individual and business taxpayers need fall prey to the growing raft of tax-related scams that experts have seen recently. Cybercrime rings have utilized a variety of tricky email- and online-based approaches to steal privileged data or funds, or just to infiltrate the networks of their victims, under the guise of the IRS.”

Title: Security-as-Code Gains More Support, but Still Nascent
Date Published: April 18, 2022


Excerpt: “The increased adoption of cloud infrastructure by companies looking to improve agility and support a hybrid workforce has led to more development teams adopting security-as-code as a way to build security into software and products. Over the past year, for example, Google has pushed security-as-code as a fundamental component of its cloud offerings, identifying in January “software-defined infrastructure” as one of the eight megatrends driving the security of the cloud. Encoding security configuration as code that can be an input into development and deployment processes lets organizations analyze their security configuration, change and redeploy easily, and continuously monitor the state of their security configuration to evaluate whether it matches policies.”

Title: New Stealthy BotenaGo Malware Variant Targets DVR Devices
Date Published: April  19, 2022


Excerpt: “Threat analysts have spotted a new variant of the BotenaGo botnet malware, and it’s the stealthiest seen so far, running undetected by any anti-virus engine. BotenaGo is a relatively new malware written in Golang, Google’s open-source programming language. The source code for the botnet has been publicly available for about half a year, since it was leaked in October 2021.”

Title: NSO Group Pegasus Spyware Leverages New Zero-Click iPhone Exploit in Recent Attacks
Date Published: April 19, 2022


Excerpt: “Researchers from Citizen Lab have published a report detailing the use of a new zero-click iMessage exploit, dubbed HOMAGE, to install the NSO Group Pegasus spyware on iPhones belonging to Catalan politicians, journalists, academics, and activists. The previously undocumented zero-click iMessage exploit HOMAGE works in attacks against iOS versions before 13.2.”

Title: New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
Date Published: April 19, 2022


Excerpt: “Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two “affect firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks,” ESET researcher Martin Smolár said in a report published today.”

Title: US Warns of Lazarus Hackers Using Malicious Cryptocurrency Apps
Date Published: April 18, 2022


Excerpt: “The U.S. government is offering a reward of up to $5 million for information that helps it disrupt the illicit flow of funds to North Korea. The State Department’s Rewards for Justice program on Friday announced that it’s seeking information that leads to “the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including money laundering, exportation of luxury goods to North Korea, specified cyber-activity” and anything that supports the country’s weapons of mass destruction programs.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...