April 20, 2022

Fortify Security Team
Apr 20, 2022

Title: Russian State Hackers Hit Ukraine with New Malware Variants
Date Published: April 20, 2022

https://www.bleepingcomputer.com/news/security/russian-state-hackers-hit-ukraine-with-new-malware-variants/

Excerpt: “Threat analysts report that the Russian state-sponsored threat group known as Gamaredon (a.k.a. Armageddon/Shuckworm) is launching attacks against targets in Ukraine using new variants of the custom Pteredo backdoor. Gamaredon has been launching cyber-espionage campaigns targeting the Ukrainian government and other critical entities since at least 2014.”

Title: CISA adds Windows Print Spooler to its Known Exploited Vulnerabilities Catalog
Date Published: April 20, 2022

https://securityaffairs.co/wordpress/130401/hacking/win-print-spooler-known-exploited-vulnerabilities-catalog.html

Excerpt: “The Cybersecurity and Infrastructure Security Agency (CISA) added the Windows Print Spooler, tracked as CVE-2022-22718, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.”

Title: ‘CatalanGate’ Spyware Infections Tied to NSO Group
Date Published: April 19, 2022

https://threatpost.com/catalangate-spyware/179336/

Excerpt: “An unknown zero-click exploit in Apple’s iMessage was used by Israeli-based NSO Group to plant either Pegasus or Candiru malware on iPhones owned by politicians, journalists and activists. Citizen Lab, in collaboration with Catalan-based researchers, released the finding in a report on Monday that claims 65 people were targeted or infected with malware via an iPhone vulnerability called HOMAGE. It asserts the controversial Israeli firm the NSO Group and a second firm Candiru were behind the campaigns that took place between 2017 and 2020.”

Title: Stablecoin Protocol Beanstalk Loses Millions in Attack
Date Published: April 19, 2022

https://www.bankinfosecurity.com/stablecoin-protocol-beanstalk-loses-millions-in-attack-a-18918

Excerpt: “Decentralized credit-based stablecoin protocol Beanstalk suffered a security incident on Sunday, “resulting in a theft of about $76 million in non-Beanstalk user assets,” the company said on Tuesday. The Ethereum-based protocol did not specify what those assets included. But in a tweet, blockchain security firm PeckShield says that the attack has likely caused a total loss of $182 million for the company. This includes the theft of 24,830 ETH and 36 million Bean. Bean is a US$ stablecoin – a digital currency pegged to a reserve asset such as the dollar or gold in a bid to offer stability – while ETH or ether is the native currency of the Ethereum blockchain.”

Title: Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System
Date Published: April 20, 2022

https://thehackernews.com/2022/04/researchers-detail-bug-that-could.html

Excerpt: “Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service (DoS) condition and render it powerless against malicious traffic. Tracked as CVE-2022-20685, the vulnerability is rated 7.5 for severity and resides in the Modbus preprocessor of the Snort detection engine. It affects all open-source Snort project releases earlier than 2.9.19 as well as version 3.1.11.0.”

Title: CISA No. 2: No IT and OT Separation When it Comes to Patient Safety During Cyber Incident
Date Published: April 19, 2022
https://www.scmagazine.com/feature/policy/cisa-no-2-no-it-and-ot-separation-when-it-comes-to-patient-safety-during-cyber-incident

Excerpt: “The COVID-19 pandemic confirmed that when a hospital goes down due to a virus or incident, it’s a clear patient-safety and public-health issue, Cybersecurity and Infrastructure Security Agency Deputy Director Nitin Natarajan explained at CyberMed. The dozens of cyberattacks tied to EHR downtime over the last two years have made risk management all the more critical. As such, CISA, along with the Office of the National Cyber Director, are now building on those lessons to address systemic challenges in a meaningful way.”

Title: Amazon Web Services Fixes Container Escape in Log4Shell Hotfix
Date Published: April  20, 2022

https://www.bleepingcomputer.com/news/security/amazon-web-services-fixes-container-escape-in-log4shell-hotfix/

Excerpt: “Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers. The hot patch packages from Amazon are not exclusive to AWS resources and allowed escaping a container in the environment and taking control of the host. The flaws could also be exploited through unprivileged processes to elevate privileges and execute code as with root permissions.”

Title: QNAP Users are Recommended to Disable UPnP Port Forwarding on Routers
Date Published: April 20, 2022

https://securityaffairs.co/wordpress/130393/security/qnap-nas-disable-upnp-port-forwarding.html

Excerpt: “Taiwanese vendor QNAP urges customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to protect their network-attached storage (NAS) devices from attacks. UPnP is an insecure protocol, it uses network UDP multicasts, and doesn’t support encryption and authentication. Universal Plug and Play (UPnP) is a set of networking protocols that allows networked devices to seamlessly discover each other’s presence on the network and establish functional network services.”

Title: North Korea Hackers Target Blockchain and Gaming Companies, Posing as Job Recruiters
Date Published: April 19, 2022

https://www.scmagazine.com/analysis/cybercrime/north-korea-hackers-target-blockchain-and-gaming-companies-posing-as-job-recruiters

Excerpt: “Hackers tied to the North Korean government are using a mixture of spearphishing and malware to target and rob companies in the cryptocurrency and gaming industries, the U.S. government warned this week. The alert, issued by the FBI, Department of the Treasury and Cybersecurity and Infrastructure Security Agency, details activity from 2020 ongoing through April 2022 from hackers sponsored by North Korea and behaving similar to Lazarus Group – a catch-all for a mix of government and criminal hacking groups working under the direction or influence of Pyongyang.”

Title: Emotet Botnet Switches to 64-bit Modules, Increases Activity
Date Published: April 19, 2022

https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-bit-modules-increases-activity/

Excerpt: “The Emotet malware is having a burst in distribution and is likely to soon switch to new payloads that are currently detected by fewer antivirus engines. Security researchers monitoring the botnet are observing that emails carrying malicious payloads last month have increased tenfold. Emotet is a self-propagating modular trojan that can maintain persistence on the host. It is used for stealing user data, performing network reconnaissance, moving laterally, or dropping additional payloads such as Cobalt Strike and ransomware in particular.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...