April 20, 2022

Fortify Security Team
Apr 20, 2022

Title: Russian State Hackers Hit Ukraine with New Malware Variants
Date Published: April 20, 2022

https://www.bleepingcomputer.com/news/security/russian-state-hackers-hit-ukraine-with-new-malware-variants/

Excerpt: “Threat analysts report that the Russian state-sponsored threat group known as Gamaredon (a.k.a. Armageddon/Shuckworm) is launching attacks against targets in Ukraine using new variants of the custom Pteredo backdoor. Gamaredon has been launching cyber-espionage campaigns targeting the Ukrainian government and other critical entities since at least 2014.”

Title: CISA adds Windows Print Spooler to its Known Exploited Vulnerabilities Catalog
Date Published: April 20, 2022

https://securityaffairs.co/wordpress/130401/hacking/win-print-spooler-known-exploited-vulnerabilities-catalog.html

Excerpt: “The Cybersecurity and Infrastructure Security Agency (CISA) added the Windows Print Spooler, tracked as CVE-2022-22718, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.”

Title: ‘CatalanGate’ Spyware Infections Tied to NSO Group
Date Published: April 19, 2022

https://threatpost.com/catalangate-spyware/179336/

Excerpt: “An unknown zero-click exploit in Apple’s iMessage was used by Israeli-based NSO Group to plant either Pegasus or Candiru malware on iPhones owned by politicians, journalists and activists. Citizen Lab, in collaboration with Catalan-based researchers, released the finding in a report on Monday that claims 65 people were targeted or infected with malware via an iPhone vulnerability called HOMAGE. It asserts the controversial Israeli firm the NSO Group and a second firm Candiru were behind the campaigns that took place between 2017 and 2020.”

Title: Stablecoin Protocol Beanstalk Loses Millions in Attack
Date Published: April 19, 2022

https://www.bankinfosecurity.com/stablecoin-protocol-beanstalk-loses-millions-in-attack-a-18918

Excerpt: “Decentralized credit-based stablecoin protocol Beanstalk suffered a security incident on Sunday, “resulting in a theft of about $76 million in non-Beanstalk user assets,” the company said on Tuesday. The Ethereum-based protocol did not specify what those assets included. But in a tweet, blockchain security firm PeckShield says that the attack has likely caused a total loss of $182 million for the company. This includes the theft of 24,830 ETH and 36 million Bean. Bean is a US$ stablecoin – a digital currency pegged to a reserve asset such as the dollar or gold in a bid to offer stability – while ETH or ether is the native currency of the Ethereum blockchain.”

Title: Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System
Date Published: April 20, 2022

https://thehackernews.com/2022/04/researchers-detail-bug-that-could.html

Excerpt: “Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service (DoS) condition and render it powerless against malicious traffic. Tracked as CVE-2022-20685, the vulnerability is rated 7.5 for severity and resides in the Modbus preprocessor of the Snort detection engine. It affects all open-source Snort project releases earlier than 2.9.19 as well as version 3.1.11.0.”

Title: CISA No. 2: No IT and OT Separation When it Comes to Patient Safety During Cyber Incident
Date Published: April 19, 2022
https://www.scmagazine.com/feature/policy/cisa-no-2-no-it-and-ot-separation-when-it-comes-to-patient-safety-during-cyber-incident

Excerpt: “The COVID-19 pandemic confirmed that when a hospital goes down due to a virus or incident, it’s a clear patient-safety and public-health issue, Cybersecurity and Infrastructure Security Agency Deputy Director Nitin Natarajan explained at CyberMed. The dozens of cyberattacks tied to EHR downtime over the last two years have made risk management all the more critical. As such, CISA, along with the Office of the National Cyber Director, are now building on those lessons to address systemic challenges in a meaningful way.”

Title: Amazon Web Services Fixes Container Escape in Log4Shell Hotfix
Date Published: April  20, 2022

https://www.bleepingcomputer.com/news/security/amazon-web-services-fixes-container-escape-in-log4shell-hotfix/

Excerpt: “Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers. The hot patch packages from Amazon are not exclusive to AWS resources and allowed escaping a container in the environment and taking control of the host. The flaws could also be exploited through unprivileged processes to elevate privileges and execute code as with root permissions.”

Title: QNAP Users are Recommended to Disable UPnP Port Forwarding on Routers
Date Published: April 20, 2022

https://securityaffairs.co/wordpress/130393/security/qnap-nas-disable-upnp-port-forwarding.html

Excerpt: “Taiwanese vendor QNAP urges customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to protect their network-attached storage (NAS) devices from attacks. UPnP is an insecure protocol, it uses network UDP multicasts, and doesn’t support encryption and authentication. Universal Plug and Play (UPnP) is a set of networking protocols that allows networked devices to seamlessly discover each other’s presence on the network and establish functional network services.”

Title: North Korea Hackers Target Blockchain and Gaming Companies, Posing as Job Recruiters
Date Published: April 19, 2022

https://www.scmagazine.com/analysis/cybercrime/north-korea-hackers-target-blockchain-and-gaming-companies-posing-as-job-recruiters

Excerpt: “Hackers tied to the North Korean government are using a mixture of spearphishing and malware to target and rob companies in the cryptocurrency and gaming industries, the U.S. government warned this week. The alert, issued by the FBI, Department of the Treasury and Cybersecurity and Infrastructure Security Agency, details activity from 2020 ongoing through April 2022 from hackers sponsored by North Korea and behaving similar to Lazarus Group – a catch-all for a mix of government and criminal hacking groups working under the direction or influence of Pyongyang.”

Title: Emotet Botnet Switches to 64-bit Modules, Increases Activity
Date Published: April 19, 2022

https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-bit-modules-increases-activity/

Excerpt: “The Emotet malware is having a burst in distribution and is likely to soon switch to new payloads that are currently detected by fewer antivirus engines. Security researchers monitoring the botnet are observing that emails carrying malicious payloads last month have increased tenfold. Emotet is a self-propagating modular trojan that can maintain persistence on the host. It is used for stealing user data, performing network reconnaissance, moving laterally, or dropping additional payloads such as Cobalt Strike and ransomware in particular.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...