April 27, 2022

Fortify Security Team
Apr 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers
Date Published: April 27, 2022


Excerpt: “Security researchers analyzing a phishing campaign targeting Russian officials found evidence that points to the China-based threat actor tracked as Mustang Panda (also known as HoneyMyte and Bronze President). The threat group was previously seen orchestrating intelligence collection campaigns against European targets, employing phishing lures inspired by the Russian invasion of Ukraine.”

Title: Linux Nimbuspwn Flaws Could Allow Attackers to Deploy Sophisticated Threats
Date Published: April 27, 2022


Excerpt: “The Microsoft 365 Defender Research Team has discovered two Linux privilege escalation flaws (tracked as CVE-2022-29799 and CVE-2022-29800) called “Nimbuspwn,” which can be exploited by attackers to conduct various malicious activities, including the deployment of malware. “The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution.” reads the advisory published by Microsoft. The flaws can be exploited by attackers to achieve root access to the target systems and deploy by more sophisticated threats, such as ransomware.”

Title: Millions of Java Apps Remain Vulnerable to Log4Shell
Date Published: April 27, 2022


Excerpt: “Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Researchers at security firm Rezilion analyzed the current potential attack surface for the vulnerability in the popular open-source Apache Struts framework that threatened to break the internet when it was discovered in December. The flaw in the ubiquitous Java logging library Apache Log is easily exploitable and can allow unauthenticated remote code execution (RCE) and complete server takeover.”

Title: Multi-vector DDoS Attacks on the Rise, Attackers Indiscriminate and Persistent
Date Published: April 27, 2022


Excerpt: “Comcast Business published results from a report which provides an overview of the distributed denial of service (DDoS) attack landscape, trends experienced by its customers and insights for measuring and mitigating risks. The report found that multi-vector DDoS attacks targeting Layers 3, 4, and 7 simultaneously represent a 47 percent increase from the record number set in 2020.”

Title: Ransom Payments: Monero Promises Privacy; Bitcoin Dominates
Date Published: April 26, 2022


Excerpt: “While almost all ransomware-wielding attackers accept Bitcoin for ransom payments, many continue to prefer Monero, thanks to the privacy-preserving coin being tougher for law enforcement officials to track. As police increasingly crack down on Bitcoin-using criminals, however, experts say this could push more ransomware operations to demand Monero, or to rapidly convert received funds into that virtual currency.”

Title: Google’s New Safety Section Shows What Data Android Apps Collect About Users
Date Published: April 27, 2022


Excerpt: “Google on Tuesday officially began rolling out a new “Data safety” section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. “Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties,” Suzanne Frey, Vice President of product for Android security and privacy, said. “In addition, users want to understand how app developers are securing user data after an app is downloaded.” The transparency measure, which is built along the lines of Apple’s “Privacy Nutrition Labels,” was first announced by Google nearly a year ago, in May 2021.”

Title: Strategic Competition firm Strider nabs $45 million Series B
Date Published: April  27, 2022


Excerpt: “Utah-based strategic competition intelligence platform Strider announced a $45 million Series B investment Monday. The new investment was led by new investor Valor Equity Partners, and increases the stakes of existing investors DataTribe, Koch Disruptive Technologies, and One9 Ventures.”

Title: RIG Exploit Kit Drops RedLine Malware via Internet Explorer Bug
Date Published: April 27, 2022


Excerpt: “Threat analysts have uncovered yet a new campaign that uses the RIG Exploit Kit to deliver the RedLine stealer malware. Exploit kits (EKs) have dropped drastically in popularity as they targeted vulnerabilities in web browsers introduced by plug-in software such as the now-defunct Flash Player and Microsoft Sillverlight.”

Title: Wind Turbine Giant Deutsche Windtechnik Hit by a Professional Cyberattack
Date Published: April 27, 2022


Excerpt: “German wind turbine giant Deutsche Windtechnik announced that some of its systems were hit by a targeted professional cyberattack earlier this month. The attack took place during the night between April 11 and 12, the company switched off remote data monitoring connections to the wind turbines for security reasons. The connections were resumed two days later, the company pointed out that wind turbines did not suffer any damage and were never in danger.”

Title: NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages
Date Published: April 26, 2022


Excerpt: “A “logical flaw” has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them. The supply chain threat has been dubbed “Package Planting” by researchers from cloud security firm Aqua. Following responsible disclosure on February 10, the underlying issue was remediated by NPM on April 26.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...