Title: CISA Adds 7 Vulnerabilities to List of Bugs Exploited in Attacks
Date Published: April 25, 2022
Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins. The ‘Known Exploited Vulnerabilities Catalog’ is a list of vulnerabilities known to be actively exploited in cyberattacks and required to be patched by Federal Civilian Executive Branch (FCEB) agencies.”
Title: North Korea-Linked APT37 Targets Journalists with GOLDBACKDOOR
Date Published: April 26, 2022
https://securityaffairs.co/wordpress/130606/apt/apt37-targets-journalists-goldbackdoor.html
Excerpt: “North Korea-linked APT37 group (aka Ricochet Chollima) has been spotted targeting journalists focusing on DPRK with a new piece of malware. The campaign was discovered by journalists at NK News, an American news site that focuses on North Korea. NK News investigated the attacks with the help of the malware researchers at Stairwell who discovered a new strain of malware they tracked as Goldbackdoor.”
Title: Meteoric Attack Deploys Quantum Ransomware in Mere Hours
Date Published: April 26, 2022
https://www.helpnetsecurity.com/2022/04/26/quantum-ransomware/
Excerpt: “A group wielding the Quantum Locker ransomware is hitting targets in a blitzkrieg-like manner, going from intial compromise to domain-wide deployment and execution in under four hours, researchers with The DFIR Report are warning.”
Title: Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak
Date Published: April 26, 2022
https://thehackernews.com/2022/04/gold-ulrick-hackers-still-in-action.html
Excerpt: “The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. Conti, attributed to a Russia-based threat actor known as Gold Ulrick, is one of the most prevalent malware strains in the ransomware landscape, accounting for 19% of all attacks during the three-month-period between October and December 2021.”
Title: Cyberattacks on Financial Firms are More Damaging, Target Sensitive Data
Date Published: April 25, 2022
Excerpt: “Just as the tools to limit financial fraud have evolved, so have the threats aimed at U.S. financial firms, in terms of more advanced and subtle intrusions, and where they strike, according to a recent study. Two-thirds (66%) of financial service institutions experienced attacks targeting their “market strategies … [in a way that] aligns with economic espionage and can be used to digitize insider trading and front-run the market,” according to a release on VMware’s fifth annual Modern Bank Heists report, released last week.”
Title: Iranian Hacking Group Among Those Exploiting Recently Disclosed VMWare RCE Flaw
Date Published: April 25, 2022
Excerpt: “An Iranian cyber espionage group that some vendors track as Rocket Kitten has begun exploiting a recently patched critical vulnerability in VMWare Workspace ONE Access/Identity Manager technology to deliver the Core Impact penetration testing tool on vulnerable systems.”
Title: Windows 10 KB5011831 Update Released with 26 Bug Fixes, Improvements
Date Published: April 25, 2022
Excerpt: “Microsoft has released the optional KB5011831 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2 that fixes 26 bugs. This update includes many bug fixes, including those for Microsoft OneDrive, Remote Desktop, News and Interest, Azure Active Directory, and delays in booting Windows 10.”
Title: Anomaly Six, a US Surveillance Firm that Tracks Roughly 3 Billion Devices in Real-Time
Date Published: April 26, 2022
https://securityaffairs.co/wordpress/130589/digital-id/anomaly-six-us-surveillance-firm.html
Excerpt: “When we speak about the secretive business of surveillance businesses we often refer to the powerful tools developed by Israeli firms like NSO Group and Candiru, but many other firms operates in the shadow like the US company Anomaly Six (aka A6). According to an interesting analysis published by The Intercept, Anomaly Six is a secretive government contractor that claims to monitor billions of phones worldwide.”
Title: Firms Push for CVE-Like Cloud Bug System
Date Published: April 26, 2022
https://threatpost.com/cve-cloud-bug-system/179394/
Excerpt: “Big gaps exist in the 22-year-old Common Vulnerability and Exposures (CVE) system that do not address dangerous flaws in cloud services that drive millions of apps and backend services. Too often, cloud providers needlessly expose customers to risk by not sharing the details of bugs discovered on their platform. A CVE-like approach to cloud bug management must exist to help customers weigh exposure, impact and mitigate risk.”
Title: Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default
Date Published: April 26, 2022
https://thehackernews.com/2022/04/emotet-testing-new-delivery-ideas-after.html
Excerpt: “The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default across its products. Calling the new activity a “departure” from the group’s typical behavior, ProofPoint alternatively raised the possibility that the latest set of phishing emails distributing the malware show that the operators are now “engaged in more selective and limited attacks in parallel to the typical massive scale email campaigns.””