April 26, 2022

Fortify Security Team
Apr 26, 2022

Title: CISA Adds 7 Vulnerabilities to List of Bugs Exploited in Attacks

Date Published: April 25, 2022


Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins. The ‘Known Exploited Vulnerabilities Catalog’ is a list of vulnerabilities known to be actively exploited in cyberattacks and required to be patched by Federal Civilian Executive Branch (FCEB) agencies.”

Title: North Korea-Linked APT37 Targets Journalists with GOLDBACKDOOR

Date Published: April 26, 2022


Excerpt: “North Korea-linked APT37 group (aka Ricochet Chollima) has been spotted targeting journalists focusing on DPRK with a new piece of malware. The campaign was discovered by journalists at NK News, an American news site that focuses on North Korea. NK News investigated the attacks with the help of the malware researchers at Stairwell who discovered a new strain of malware they tracked as Goldbackdoor.”

Title: Meteoric Attack Deploys Quantum Ransomware in Mere Hours

Date Published: April 26, 2022


Excerpt: “A group wielding the Quantum Locker ransomware is hitting targets in a blitzkrieg-like manner, going from intial compromise to domain-wide deployment and execution in under four hours, researchers with The DFIR Report are warning.”

Title: Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak

Date Published: April 26, 2022


Excerpt: “The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. Conti, attributed to a Russia-based threat actor known as Gold Ulrick, is one of the most prevalent malware strains in the ransomware landscape, accounting for 19% of all attacks during the three-month-period between October and December 2021.”

Title: Cyberattacks on Financial Firms are More Damaging, Target Sensitive Data

Date Published: April 25, 2022


Excerpt: “Just as the tools to limit financial fraud have evolved, so have the threats aimed at U.S. financial firms, in terms of more advanced and subtle intrusions, and where they strike, according to a recent study. Two-thirds (66%) of financial service institutions experienced attacks targeting their “market strategies … [in a way that] aligns with economic espionage and can be used to digitize insider trading and front-run the market,” according to a release on VMware’s fifth annual Modern Bank Heists report, released last week.”

Title: Iranian Hacking Group Among Those Exploiting Recently Disclosed VMWare RCE Flaw

Date Published: April 25, 2022


Excerpt: “An Iranian cyber espionage group that some vendors track as Rocket Kitten has begun exploiting a recently patched critical vulnerability in VMWare Workspace ONE Access/Identity Manager technology to deliver the Core Impact penetration testing tool on vulnerable systems.”

Title: Windows 10 KB5011831 Update Released with 26 Bug Fixes, Improvements

Date Published: April  25, 2022


Excerpt: “Microsoft has released the optional KB5011831 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2 that fixes 26 bugs. This update includes many bug fixes, including those for Microsoft OneDrive, Remote Desktop, News and Interest, Azure Active Directory, and delays in booting Windows 10.”

Title: Anomaly Six, a US Surveillance Firm that Tracks Roughly 3 Billion Devices in Real-Time

Date Published: April 26, 2022


Excerpt: “When we speak about the secretive business of surveillance businesses we often refer to the powerful tools developed by Israeli firms like NSO Group and Candiru, but many other firms operates in the shadow like the US company Anomaly Six (aka A6). According to an interesting analysis published by The Intercept, Anomaly Six is a secretive government contractor that claims to monitor billions of phones worldwide.”

Title: Firms Push for CVE-Like Cloud Bug System

Date Published: April 26, 2022


Excerpt: “Big gaps exist in the 22-year-old Common Vulnerability and Exposures (CVE) system that do not address dangerous flaws in cloud services that drive millions of apps and backend services. Too often, cloud providers needlessly expose customers to risk by not sharing the details of bugs discovered on their platform. A CVE-like approach to cloud bug management must exist to help customers weigh exposure, impact and mitigate risk.”

Title: Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default

Date Published: April 26, 2022


Excerpt: “The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default across its products. Calling the new activity a “departure” from the group’s typical behavior, ProofPoint alternatively raised the possibility that the latest set of phishing emails distributing the malware show that the operators are now “engaged in more selective and limited attacks in parallel to the typical massive scale email campaigns.””

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...