April 6, 2022

Fortify Security Team
Apr 6, 2022

Title: U.S. Sanctions Crypto-Exchange Garantex for Aiding Hydra Market

Date Published: April 6, 2022

https://www.bleepingcomputer.com/news/security/us-sanctions-crypto-exchange-garantex-for-aiding-hydra-market/

Excerpt: “Microsoft has removed a compatibility hold blocking Windows 11 upgrades for Windows 10 customers after fixing a known issue leading to problems importing Internet Explorer 11 (IE11) data into Microsoft Edge. The safeguard hold was applied for Windows 10 systems where IE11 was the main or the default browser. The only customers impacted by the now-fixed known issue were those who didn’t import their IE11 information into Microsoft Edge before starting the Windows 11 upgrade process.”

Title: Block Discloses Data Breach Involving Cash App Potentially Impacting 8.2 million US Customers

Date Published: April 6, 2022

https://securityaffairs.co/wordpress/129892/data-breach/block-cash-app-data-breach.html

Excerpt: “The data breach involved a former employee that downloaded some unspecified reports of its Cash App Investing app that contained some U.S. customer information. Cash App is an app that allows users to easily send money, spend money, save money, and buy cryptocurrency.”

Title: Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info

Date Published: April 6, 2022

https://threatpost.com/attackers-whatsapp-voice-message/179244/

Excerpt: “Attackers are spoofing voice message notifications from WhatsApp in a malicious phishing campaign that uses a legitimate domain to spread an info-stealing malware, researchers have found. Researchers at cloud email security firm Armorblox discovered the malicious campaign targeting Office 365 and Google Workspace accounts using emails sent from domain associated with the Center for Road Safety, an entity believed to reside within the Moscow, Russia region. The site itself is legitimate, as it’s connected to the State Road Safety operations for Moscow and belongs to the Ministry of Internal Affairs of the Russian Federation, according to a blog post published Tuesday.”

Title: New Mirai-Based Campaign Targets Unpatched TOTOLINK Routers

Date Published: April 5, 2022

https://www.bankinfosecurity.com/new-mirai-based-campaign-targets-unpatched-totolink-routers-a-18840

Excerpt: “A new ongoing malware campaign is currently being conducted in the wild, targeting unpatched TOTOLINK routers. By leveraging a newly released exploit code, threat actors can potentially infect vulnerable devices, according to researchers at security firm FortiGuard Labs.”

Title: Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users

Date Published: April 6, 2022

https://thehackernews.com/2022/04/hackers-distributing-fake-shopping-apps.html

Excerpt: “Threat actors have been distributing malicious applications under the guise of seemingly harmless shopping apps to target customers of eight Malaysian banks since at least November 2021. The attacks involved setting up fraudulent but legitimate-looking websites to trick users into downloading the apps, Slovak cybersecurity firm ESET said in a report shared with The Hacker News.”

Title: Identity Fraud Skyrockets as Hackers Stick to Pre-Pandemic Techniques

Date Published: April 6, 2022

https://www.scmagazine.com/analysis/identity-and-access/identity-fraud-skyrockets-as-hackers-stick-to-pre-pandemic-techniques

Excerpt: “The more things change, the more they stay the same. That’s often true for financial cyberattacks, which have seen a steep rise in the impact of identity fraud, with criminals often sticking with or just reverting to “pre-pandemic” scams and techniques to steal sensitive data from financial firms and their customers, according to a recent report from Javelin Strategy & Research.”

Title: Australia Warns of Money Recovery Phishing Luring Past Victims

Date Published: April  5, 2022

https://www.bleepingcomputer.com/news/security/australia-warns-of-money-recovery-phishing-luring-past-victims/

Excerpt: “The Australian Competition & Consumer Commission is raising awareness about a spike in money recovery scams. The agency warns in an alert today that reports of money recovery scams this year have increased in Australia by 725% compared to the same period in 2021.”

Title: Russia-linked Armageddon APT targets Ukrainian State Organizations, CERT-UA Warns

Date Published: April 5, 2022

https://securityaffairs.co/wordpress/129859/apt/armageddon-apt-targets-ukrainian-state-orgs.html

Excerpt: “Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon, Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations. The phishing messages have been sent from “[email protected][.]ua,” the campaign aims at infecting the target systems with malware.”

Title: OT-IT Integration Raises Risk for Water Providers, Experts Say

Date Published: April 5, 2022

https://www.bankinfosecurity.com/ot-it-integration-raises-risk-for-water-providers-experts-say-a-18841

Excerpt: “At a congressional hearing Tuesday, “Mobilizing Our Cyber Defenses: Securing Critical Infrastructure Against Russian Cyber Threats,” a water trade association urged the federal government to follow the lead of the electric sector and institute minimum cybersecurity standards for water systems.”

Title: Ukraine Warns of Cyber attack Aiming to Hack Users’ Telegram Messenger Accounts

Date Published: April 6, 2022

https://thehackernews.com/2022/04/ukraine-warns-of-cyber-attack-aiming-to.html

Excerpt: “Ukraine’s technical security and intelligence service is warning of a new wave of cyber attacks that are aimed at gaining access to users’ Telegram accounts. “The criminals sent messages with malicious links to the Telegram website in order to gain unauthorized access to the records, including the possibility to transfer a one-time code from SMS,” the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine said in an alert.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...