April 27, 2022

Fortify Security Team
Apr 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers
Date Published: April 27, 2022


Excerpt: “Security researchers analyzing a phishing campaign targeting Russian officials found evidence that points to the China-based threat actor tracked as Mustang Panda (also known as HoneyMyte and Bronze President). The threat group was previously seen orchestrating intelligence collection campaigns against European targets, employing phishing lures inspired by the Russian invasion of Ukraine.”

Title: Linux Nimbuspwn Flaws Could Allow Attackers to Deploy Sophisticated Threats
Date Published: April 27, 2022


Excerpt: “The Microsoft 365 Defender Research Team has discovered two Linux privilege escalation flaws (tracked as CVE-2022-29799 and CVE-2022-29800) called “Nimbuspwn,” which can be exploited by attackers to conduct various malicious activities, including the deployment of malware. “The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution.” reads the advisory published by Microsoft. The flaws can be exploited by attackers to achieve root access to the target systems and deploy by more sophisticated threats, such as ransomware.”

Title: Millions of Java Apps Remain Vulnerable to Log4Shell
Date Published: April 27, 2022


Excerpt: “Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Researchers at security firm Rezilion analyzed the current potential attack surface for the vulnerability in the popular open-source Apache Struts framework that threatened to break the internet when it was discovered in December. The flaw in the ubiquitous Java logging library Apache Log is easily exploitable and can allow unauthenticated remote code execution (RCE) and complete server takeover.”

Title: Multi-vector DDoS Attacks on the Rise, Attackers Indiscriminate and Persistent
Date Published: April 27, 2022


Excerpt: “Comcast Business published results from a report which provides an overview of the distributed denial of service (DDoS) attack landscape, trends experienced by its customers and insights for measuring and mitigating risks. The report found that multi-vector DDoS attacks targeting Layers 3, 4, and 7 simultaneously represent a 47 percent increase from the record number set in 2020.”

Title: Ransom Payments: Monero Promises Privacy; Bitcoin Dominates
Date Published: April 26, 2022


Excerpt: “While almost all ransomware-wielding attackers accept Bitcoin for ransom payments, many continue to prefer Monero, thanks to the privacy-preserving coin being tougher for law enforcement officials to track. As police increasingly crack down on Bitcoin-using criminals, however, experts say this could push more ransomware operations to demand Monero, or to rapidly convert received funds into that virtual currency.”

Title: Google’s New Safety Section Shows What Data Android Apps Collect About Users
Date Published: April 27, 2022


Excerpt: “Google on Tuesday officially began rolling out a new “Data safety” section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. “Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties,” Suzanne Frey, Vice President of product for Android security and privacy, said. “In addition, users want to understand how app developers are securing user data after an app is downloaded.” The transparency measure, which is built along the lines of Apple’s “Privacy Nutrition Labels,” was first announced by Google nearly a year ago, in May 2021.”

Title: Strategic Competition firm Strider nabs $45 million Series B
Date Published: April  27, 2022


Excerpt: “Utah-based strategic competition intelligence platform Strider announced a $45 million Series B investment Monday. The new investment was led by new investor Valor Equity Partners, and increases the stakes of existing investors DataTribe, Koch Disruptive Technologies, and One9 Ventures.”

Title: RIG Exploit Kit Drops RedLine Malware via Internet Explorer Bug
Date Published: April 27, 2022


Excerpt: “Threat analysts have uncovered yet a new campaign that uses the RIG Exploit Kit to deliver the RedLine stealer malware. Exploit kits (EKs) have dropped drastically in popularity as they targeted vulnerabilities in web browsers introduced by plug-in software such as the now-defunct Flash Player and Microsoft Sillverlight.”

Title: Wind Turbine Giant Deutsche Windtechnik Hit by a Professional Cyberattack
Date Published: April 27, 2022


Excerpt: “German wind turbine giant Deutsche Windtechnik announced that some of its systems were hit by a targeted professional cyberattack earlier this month. The attack took place during the night between April 11 and 12, the company switched off remote data monitoring connections to the wind turbines for security reasons. The connections were resumed two days later, the company pointed out that wind turbines did not suffer any damage and were never in danger.”

Title: NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages
Date Published: April 26, 2022


Excerpt: “A “logical flaw” has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them. The supply chain threat has been dubbed “Package Planting” by researchers from cloud security firm Aqua. Following responsible disclosure on February 10, the underlying issue was remediated by NPM on April 26.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...