April 26, 2022

Fortify Security Team
Apr 26, 2022

Title: CISA Adds 7 Vulnerabilities to List of Bugs Exploited in Attacks

Date Published: April 25, 2022

https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins. The ‘Known Exploited Vulnerabilities Catalog’ is a list of vulnerabilities known to be actively exploited in cyberattacks and required to be patched by Federal Civilian Executive Branch (FCEB) agencies.”

Title: North Korea-Linked APT37 Targets Journalists with GOLDBACKDOOR

Date Published: April 26, 2022

https://securityaffairs.co/wordpress/130606/apt/apt37-targets-journalists-goldbackdoor.html

Excerpt: “North Korea-linked APT37 group (aka Ricochet Chollima) has been spotted targeting journalists focusing on DPRK with a new piece of malware. The campaign was discovered by journalists at NK News, an American news site that focuses on North Korea. NK News investigated the attacks with the help of the malware researchers at Stairwell who discovered a new strain of malware they tracked as Goldbackdoor.”

Title: Meteoric Attack Deploys Quantum Ransomware in Mere Hours

Date Published: April 26, 2022

https://www.helpnetsecurity.com/2022/04/26/quantum-ransomware/

Excerpt: “A group wielding the Quantum Locker ransomware is hitting targets in a blitzkrieg-like manner, going from intial compromise to domain-wide deployment and execution in under four hours, researchers with The DFIR Report are warning.”

Title: Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak

Date Published: April 26, 2022

https://thehackernews.com/2022/04/gold-ulrick-hackers-still-in-action.html

Excerpt: “The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. Conti, attributed to a Russia-based threat actor known as Gold Ulrick, is one of the most prevalent malware strains in the ransomware landscape, accounting for 19% of all attacks during the three-month-period between October and December 2021.”

Title: Cyberattacks on Financial Firms are More Damaging, Target Sensitive Data

Date Published: April 25, 2022

https://www.scmagazine.com/analysis/cybercrime/cyberattacks-on-financial-firms-are-more-damaging-target-sensitive-data

Excerpt: “Just as the tools to limit financial fraud have evolved, so have the threats aimed at U.S. financial firms, in terms of more advanced and subtle intrusions, and where they strike, according to a recent study. Two-thirds (66%) of financial service institutions experienced attacks targeting their “market strategies … [in a way that] aligns with economic espionage and can be used to digitize insider trading and front-run the market,” according to a release on VMware’s fifth annual Modern Bank Heists report, released last week.”

Title: Iranian Hacking Group Among Those Exploiting Recently Disclosed VMWare RCE Flaw

Date Published: April 25, 2022

https://www.darkreading.com/attacks-breaches/-iranian-group-among-those-exploiting-recently-disclosed-rce-flaw-in-vmware

Excerpt: “An Iranian cyber espionage group that some vendors track as Rocket Kitten has begun exploiting a recently patched critical vulnerability in VMWare Workspace ONE Access/Identity Manager technology to deliver the Core Impact penetration testing tool on vulnerable systems.”

Title: Windows 10 KB5011831 Update Released with 26 Bug Fixes, Improvements

Date Published: April  25, 2022

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5011831-update-released-with-26-bug-fixes-improvements/

Excerpt: “Microsoft has released the optional KB5011831 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2 that fixes 26 bugs. This update includes many bug fixes, including those for Microsoft OneDrive, Remote Desktop, News and Interest, Azure Active Directory, and delays in booting Windows 10.”

Title: Anomaly Six, a US Surveillance Firm that Tracks Roughly 3 Billion Devices in Real-Time

Date Published: April 26, 2022

https://securityaffairs.co/wordpress/130589/digital-id/anomaly-six-us-surveillance-firm.html

Excerpt: “When we speak about the secretive business of surveillance businesses we often refer to the powerful tools developed by Israeli firms like NSO Group and Candiru, but many other firms operates in the shadow like the US company Anomaly Six (aka A6). According to an interesting analysis published by The Intercept, Anomaly Six is a secretive government contractor that claims to monitor billions of phones worldwide.”

Title: Firms Push for CVE-Like Cloud Bug System

Date Published: April 26, 2022

https://threatpost.com/cve-cloud-bug-system/179394/

Excerpt: “Big gaps exist in the 22-year-old Common Vulnerability and Exposures (CVE) system that do not address dangerous flaws in cloud services that drive millions of apps and backend services. Too often, cloud providers needlessly expose customers to risk by not sharing the details of bugs discovered on their platform. A CVE-like approach to cloud bug management must exist to help customers weigh exposure, impact and mitigate risk.”

Title: Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default

Date Published: April 26, 2022

https://thehackernews.com/2022/04/emotet-testing-new-delivery-ideas-after.html

Excerpt: “The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default across its products. Calling the new activity a “departure” from the group’s typical behavior, ProofPoint alternatively raised the possibility that the latest set of phishing emails distributing the malware show that the operators are now “engaged in more selective and limited attacks in parallel to the typical massive scale email campaigns.””

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...