April 5, 2022

Fortify Security Team
Apr 5, 2022

Title: Microsoft Fixes IE11 Known Issue Blocking Windows 11 Upgrades
Date Published: April 5, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-ie11-known-issue-blocking-windows-11-upgrades/

Excerpt: “Microsoft has removed a compatibility hold blocking Windows 11 upgrades for Windows 10 customers after fixing a known issue leading to problems importing Internet Explorer 11 (IE11) data into Microsoft Edge. The safeguard hold was applied for Windows 10 systems where IE11 was the main or the default browser. The only customers impacted by the now-fixed known issue were those who didn’t import their IE11 information into Microsoft Edge before starting the Windows 11 upgrade process.”

Title: CISA adds Spring4Shell Flaw to its Known Exploited Vulnerabilities Catalog
Date Published: April 5, 2022

https://securityaffairs.co/wordpress/129838/security/cisa-adds-spring4shell-flaw-to-its-known-exploited-vulnerabilities-catalog.html

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-22965 (aka Spring4Shell, CVSS score: 9.8) flaw in the Spring Framework, along with three other issues, to its Known Exploited Vulnerabilities Catalog.According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.”

Title: Utilizing Biological Algorithms to Detect Cyber Attacks
Date Published: April 5, 2022

https://www.helpnetsecurity.com/2022/04/05/bioinformatics-phishing/

Excerpt: “Phishing, a longstanding cyberattack technique through which attackers impersonate others to gain access to confidential information, has become immensely popular as of late, hitting an all-time high in December 2021, with attacks tripling since the previous year.”

Title: Hackers Target Wind Turbine Manufacturer Nordex
Date Published: April 4, 2022

https://www.bankinfosecurity.com/hackers-target-wind-turbine-manufacturer-nordex-a-18833

Excerpt: “German wind turbine manufacturer Nordex has switched off its IT systems in multiple locations after a reported cybersecurity incident. The company says that customers, employees and other stakeholders may be affected by the shutdown. The Nordex Group, along with its subsidiaries, develops, manufactures and distributes wind power systems across the world.”

Title: Despite Hopes for Decline, Ransomware Attacks Increased During Russia-Ukraine Conflict
Date Published: April 5, 2022

https://www.scmagazine.com/analysis/ransomware/despite-hopes-for-decline-ransomware-attacks-increased-during-russia-ukraine-conflict Excerpt: “There are a bevy of reasons that ransomware attacks should have declined during the Russian invasion of Ukraine. Squabbles between Ukrainian affiliates and Russian Ransomware designers. Destruction of Ukrainian infrastructure. Enlistments. Fear of boiling the emerging cold war.”

Title: Apple Gift Card Scammers Sentenced for Role in $1.5M Fraud Date Published: April 4, 2022
https://www.darkreading.com/attacks-breaches/apple-gift-card-scammers-sentenced-for-role-in-1-5m-fraud

Excerpt: “Two men who engineered a massive gift card scam against Apple have been sentenced to federal prison for a $1.5 million Apple gift card scheme that included the theft of several Apple store point-of-sale systems in order to load credits onto gift cards that they then used to purchase Apple products.”

Title: Ukraine Spots Russian-Linked ‘Armageddon’ Phishing Attacks
Date Published: April  5, 2022

https://www.bleepingcomputer.com/news/security/ukraine-spots-russian-linked-armageddon-phishing-attacks/

Excerpt: “The Computer Emergency Response Team of Ukraine (CERT-UA) has spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon (Gamaredon). The malicious emails attempt to trick the recipients with lures themed after the war in Ukraine and infect the target systems with espionage-focused malware.”

Title: MailChimp Breached, Intruders Conducted Phishing Attacks Against Crypto Customers
Date Published: April 5, 2022

https://securityaffairs.co/wordpress/129831/data-breach/mailchimp-breached-cryptocurrency-phishing.html

Excerpt: “During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. The fake data breach notification emails urged Trezort customers to reset the PIN of their hardware wallets by downloading malicious software that could have allowed attackers to steal the funds in the wallets.”

Title: 49% of Small Medical Practices Don’t have a Cyberattack Response Plan
Date Published: April 5, 2022

https://www.helpnetsecurity.com/2022/04/05/cyberattacks-healthcare-providers/
Excerpt: “Sophisticated cyberattacks are crippling healthcare providers by posing a threat to core functions and patient privacy, according to Software Advice survey. Findings reveal that 22% of small practices and 45% of large practices have experienced a ransomware attack at some point, with numbers rising in the past three years. Small practices risk more significant losses in the event of a cyberattack, often due to lack of training and inadequate security technology.”

Title: Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin
Date Published: April 5, 2022

https://thehackernews.com/2022/04/germany-shuts-down-russian-hydra.html

Excerpt: “Germany’s Federal Criminal Police Office, the Bundeskriminalamt (BKA), on Tuesday announced the official takedown of Hydra, the world’s largest illegal dark web marketplace that has cumulatively facilitated over $5 billion in Bitcoin transactions to date. “Bitcoins amounting to currently the equivalent of approximately €23 million were seized, which are attributed to the marketplace,” the BKA said in a press release. Blockchain analytics firm Elliptic confirmed that the seizure occurred on April 5, 2022 in a series of 88 transactions amounting to 543.3 BTC.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...