April 28, 2022

Fortify Security Team
Apr 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader’s Ransomware Delivery
Date Published: April 28, 2022

https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/

Excerpt: “A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads. The emergence of Bumblebee in phishing campaigns in March coincides with a drop in using BazarLoader for delivering file-encrypting malware, researchers say.”

Title: CloudFlare Blocked a Record HTTPs DDoS Attack Peaking at 15 rps
Date Published: April 28, 2022

https://securityaffairs.co/wordpress/130685/hacking/cloudflare-record-https-ddos.html

Excerpt: “Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at 15.3 million request-per-second (RPS), which is one of the largest HTTPS DDoS attacks blocked by the company. The company blocked the attack earlier this month, the experts pointed out that HTTPS DDoS attacks are more expensive because they require higher computational resources for establishing a secure TLS encrypted connection. On the other side, HTTPS DDoS attacks cost more to the victim to mitigate.”

Title: Emotet is Back From ‘Spring Break’ With New Nasty Tricks
Date Published: April 27, 2022

https://threatpost.com/emotet-back-new-tricks/179410/

Excerpt: “Emotet malware attacks are back after a 10-month “spring break” – with criminals behind the attack rested, tanned and ready to launch a new campaign strategy. That new approach includes more targeted phishing attacks, different from the previous spray-and-pray campaigns, according to new research. Proofpoint analysts linked this activity to the threat actor known as TA542, which since 2014 has leveraged the Emotet malware with great success, according to a Tuesday report.”

Title: Cybercriminals Deliver IRS Tax Scams and Phishing Campaigns by Mimicking Government Vendors
Date Published: April 28, 2022

https://www.helpnetsecurity.com/2022/04/28/irs-tax-scams-phishing-mimicking-government-vendors/

Excerpt: “Cybercriminals are leveraging advanced tactics in their phishing-kits granting them a high delivery success rate of spoofed e-mails which contain malicious attachments right before the end of the 2021 IRS income tax return deadline in the U.S. April 18th, 2022 – there was a notable campaign detected which leveraged phishing e-mails impersonating the IRS, and in particular one of the industry vendors who provide solutions to government agencies which including e-mailing, digital communications management, and the content delivery system which informs citizens about various updates.”

Title: Feds Offer $10 Million Reward for Russia’s Sandworm Hackers
Date Published: April 27, 2022

https://www.bankinfosecurity.com/feds-offer-10-million-reward-for-russias-sandworm-hackers-a-18975

Excerpt: “The U.S. government Tuesday announced a reward of up to $10 million for information pertaining to six alleged Russian military hackers tied to the 2017 NotPetya destructive malware campaign. NotPetya was wiper malware, disguised as ransomware, which was distributed via a legitimate Ukrainian software developer’s update server. The malware spread globally, causing commercial damage of up to $10 billion.”

Title: Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group
Date Published: April 28, 2022

https://thehackernews.com/2022/04/experts-detail-3-hacking-teams-working.html

Excerpt: “A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities. Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET assessed that “these subgroups operate somewhat independently, but that they may share intelligence requirements, an access team that runs their spear-phishing campaigns, and also the team that deploys network infrastructure.””

Title: Microsoft Details Rampant Cyber Warfare Corresponding to Russian Invasion
Date Published: April  27, 2022

https://www.scmagazine.com/analysis/threat-intelligence/microsoft-details-rampant-cyber-warfare-corresponding-to-russian-invasion

Excerpt: “Microsoft released a timeline of nearly 250 cyber operations from six separate Russian-aligned threat groups since the waning days before Russia began its physical assault. Microsoft also detailed cyber operations dating back almost a year in preparation for the physical attack.”

Title: Austin Peay State University Resumes After Ransomware Cyber Attack
Date Published: April 28, 2022

https://www.bleepingcomputer.com/news/security/austin-peay-state-university-resumes-after-ransomware-cyber-attack/

Excerpt: “Austin Peay State University (APSU) confirmed yesterday that it had been a victim of a ransomware attack. The university, located in Clarksville, Tennessee advised students, staff, and faculty to disconnect their computers and devices from the university network immediately as a precaution. Subsequent tweets by APSU confirm that the attack is being contained and all employees are expected to report as usual.”

Title: Cyberattacks Rage in Ukraine, Support Military Operations
Date Published: April 28, 2022

https://threatpost.com/cyberwar-ukraine-military/179421/

Excerpt: “Cyberattacks against Ukraine have been used strategically to support ground campaigns, with five state-sponsored advanced persistent threat (APT) groups behind attacks that began in February. According to research published by Microsoft on Wednesday, the APTs involved in the campaigns are state-sponsored by Russia. Separate reports published this week also shed new light on the wave of cyberattacks against Ukrainian digital assets by APTs with ties to Russia.”

Title: Twitter’s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal
Date Published: April 28, 2022

https://thehackernews.com/2022/04/twitters-new-owner-elon-musk-wants-dms.html

Excerpt: “Elon Musk, CEO of SpaceX and Tesla and Twitter’s new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform’s direct messages (DM) feature. “Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages,” Musk said in a tweet.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...

April 26, 2022

Title: CISA Adds 7 Vulnerabilities to List of Bugs Exploited in Attacks Date Published: April 25, 2022 https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/ Excerpt: “The U.S. Cybersecurity and Infrastructure...