April 27, 2022

Fortify Security Team
Apr 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers
Date Published: April 27, 2022

https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/

Excerpt: “Security researchers analyzing a phishing campaign targeting Russian officials found evidence that points to the China-based threat actor tracked as Mustang Panda (also known as HoneyMyte and Bronze President). The threat group was previously seen orchestrating intelligence collection campaigns against European targets, employing phishing lures inspired by the Russian invasion of Ukraine.”

Title: Linux Nimbuspwn Flaws Could Allow Attackers to Deploy Sophisticated Threats
Date Published: April 27, 2022

https://securityaffairs.co/wordpress/130662/hacking/nimbuspwn-linux-flaws.html

Excerpt: “The Microsoft 365 Defender Research Team has discovered two Linux privilege escalation flaws (tracked as CVE-2022-29799 and CVE-2022-29800) called “Nimbuspwn,” which can be exploited by attackers to conduct various malicious activities, including the deployment of malware. “The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution.” reads the advisory published by Microsoft. The flaws can be exploited by attackers to achieve root access to the target systems and deploy by more sophisticated threats, such as ransomware.”

Title: Millions of Java Apps Remain Vulnerable to Log4Shell
Date Published: April 27, 2022

https://threatpost.com/java-apps-vulnerable-log4shell/179397/

Excerpt: “Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Researchers at security firm Rezilion analyzed the current potential attack surface for the vulnerability in the popular open-source Apache Struts framework that threatened to break the internet when it was discovered in December. The flaw in the ubiquitous Java logging library Apache Log is easily exploitable and can allow unauthenticated remote code execution (RCE) and complete server takeover.”

Title: Multi-vector DDoS Attacks on the Rise, Attackers Indiscriminate and Persistent
Date Published: April 27, 2022

https://www.helpnetsecurity.com/2022/04/27/multi-vector-ddos-attacks/

Excerpt: “Comcast Business published results from a report which provides an overview of the distributed denial of service (DDoS) attack landscape, trends experienced by its customers and insights for measuring and mitigating risks. The report found that multi-vector DDoS attacks targeting Layers 3, 4, and 7 simultaneously represent a 47 percent increase from the record number set in 2020.”

Title: Ransom Payments: Monero Promises Privacy; Bitcoin Dominates
Date Published: April 26, 2022

https://www.bankinfosecurity.com/ransom-payments-monero-promises-privacy-bitcoin-dominates-a-18966

Excerpt: “While almost all ransomware-wielding attackers accept Bitcoin for ransom payments, many continue to prefer Monero, thanks to the privacy-preserving coin being tougher for law enforcement officials to track. As police increasingly crack down on Bitcoin-using criminals, however, experts say this could push more ransomware operations to demand Monero, or to rapidly convert received funds into that virtual currency.”

Title: Google’s New Safety Section Shows What Data Android Apps Collect About Users
Date Published: April 27, 2022

https://thehackernews.com/2022/04/googles-new-safety-section-shows-what.html

Excerpt: “Google on Tuesday officially began rolling out a new “Data safety” section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. “Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties,” Suzanne Frey, Vice President of product for Android security and privacy, said. “In addition, users want to understand how app developers are securing user data after an app is downloaded.” The transparency measure, which is built along the lines of Apple’s “Privacy Nutrition Labels,” was first announced by Google nearly a year ago, in May 2021.”

Title: Strategic Competition firm Strider nabs $45 million Series B
Date Published: April  27, 2022

https://www.scmagazine.com/analysis/insider-threat/strategic-competition-firm-strider-nabs-45-million-series-b

Excerpt: “Utah-based strategic competition intelligence platform Strider announced a $45 million Series B investment Monday. The new investment was led by new investor Valor Equity Partners, and increases the stakes of existing investors DataTribe, Koch Disruptive Technologies, and One9 Ventures.”

Title: RIG Exploit Kit Drops RedLine Malware via Internet Explorer Bug
Date Published: April 27, 2022

https://www.bleepingcomputer.com/news/security/rig-exploit-kit-drops-redline-malware-via-internet-explorer-bug/

Excerpt: “Threat analysts have uncovered yet a new campaign that uses the RIG Exploit Kit to deliver the RedLine stealer malware. Exploit kits (EKs) have dropped drastically in popularity as they targeted vulnerabilities in web browsers introduced by plug-in software such as the now-defunct Flash Player and Microsoft Sillverlight.”

Title: Wind Turbine Giant Deutsche Windtechnik Hit by a Professional Cyberattack
Date Published: April 27, 2022

https://securityaffairs.co/wordpress/130648/hacking/deutsche-windtechnik-professional-cyberattack.html

Excerpt: “German wind turbine giant Deutsche Windtechnik announced that some of its systems were hit by a targeted professional cyberattack earlier this month. The attack took place during the night between April 11 and 12, the company switched off remote data monitoring connections to the wind turbines for security reasons. The connections were resumed two days later, the company pointed out that wind turbines did not suffer any damage and were never in danger.”

Title: NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages
Date Published: April 26, 2022

https://thehackernews.com/2022/04/npm-bug-allowed-attackers-to-distribute.html

Excerpt: “A “logical flaw” has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them. The supply chain threat has been dubbed “Package Planting” by researchers from cloud security firm Aqua. Following responsible disclosure on February 10, the underlying issue was remediated by NPM on April 26.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...