April 29, 2022

Fortify Security Team
Apr 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware

Date Published: April 28, 2022


Excerpt: “The Japan CERT has released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month. Emotet is one of the most actively distributed malware spread through emails using phishing emails with malicious attachments, including Word/Excel documents, Windows shortcuts, ISO files, and password-protected zip files.”

Title: Anonymous Hacked Russian PSCB Commercial Bank and Companies in the Energy Sector

Date Published: April 29, 2022


Excerpt: “The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have published more than 6 TB of Russian data via DDoSecrets. This is my update on the recent attack and associated data leaks via the DDoSecrets platform:”

Title: Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

Date Published: April 28, 2022


Excerpt: “GitHub revealed details tied to last week’s incident where hackers, using stolen OAuth tokens, downloaded data from private repositories. “We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems because the tokens in question are not stored by GitHub in their original, usable formats,” said Mike Hanley, chief security officer, GitHub.”

Title: Critical Vulnerabilities Open Synology, QNAP NAS Devices to Attack

Date Published: April 29, 2022


Excerpt: “Users of Synology and QNAP network-attached storage (NAS) devices are advised to be on the lookout for patches for several critical vulnerabilities affecting Netatalk, an open-source implementation of the Apple Filing Protocol (AFP) that allows Unix-like operating systems to serve file servers for Macs.”

Title: PE Firms ‘on Prowl’ for Take-Private Cybersecurity Deals

Date Published: April 28, 2022


Excerpt: “The recent drop in stock prices has presented private equity firms with a golden opportunity to acquire fast-growing public cybersecurity companies without breaking the bank. Since the summer, financial buyers have taken advantage of more modest public company valuations to grow their cybersecurity portfolio, scooping up five of the less than 30 public pure-play security vendors. These private equity firms want to shed legacy costs, grow the total addressable market through tuck-in acquisitions, and return the company to the public markets or find a new buyer within a half-decade.”

Title: Indian Govt Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In

Date Published: April 28, 2022


Excerpt: “India’s computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. “Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents […] to CERT-In within six hours of noticing such incidents or being brought to notice about such incidents,” the government said in a release.”

Title: The Ransomware Crisis Deepens, While Data Recovery Stalls

Date Published: April  28, 2022


Excerpt: “When it comes to ransomware, more companies are seeing attacks and have had data encrypted, according to research out this week. And even though more companies are backing up or paying ransom demands, less data was recovered in 2021 compared with the previous year. For instance, in its “State of Ransomware 2022” report, cybersecurity firm Sophos found that 66% of surveyed companies had encountered ransomware in 2021, with two-thirds of those firms — or 43% overall — suffering from an actual attack that encrypted data. In its previous report covering 2020, the frequency of successful attacks was much smaller, with about 20% overall resulting in encryption. “

Title: Synology Warns of Critical Netatalk Bugs in Multiple Products

Date Published: April 28, 2022


Excerpt: “Synology has warned customers that some of its network-attached storage (NAS) appliances are exposed to attacks exploiting multiple critical Netatalk vulnerabilities. “Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM),” Synology said.”

Title: It’s Called BadUSB for a Reason

Date Published: April 29, 2022


Excerpt: “The criminal group had been mailing malware-ridden USBs to various entities in the transport, insurance, and defense industries under the guise that they originated from a trusted source, such as Amazon and the US Department of Health and Human Services. Those from the former were supposedly gift vouchers, while the latter claimed to include new COVID guidelines. FIN7’s badUSB attacks serve as a reminder of two key vulnerabilities present among all organizations. Let’s explore them below:”

Title: Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers

Date Published: April 28, 2022


Excerpt: “Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. “By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers’ databases,” Microsoft Security Response Center (MSRC) said. “

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...