April 6, 2022

Fortify Security Team
Apr 6, 2022

Title: U.S. Sanctions Crypto-Exchange Garantex for Aiding Hydra Market

Date Published: April 6, 2022


Excerpt: “Microsoft has removed a compatibility hold blocking Windows 11 upgrades for Windows 10 customers after fixing a known issue leading to problems importing Internet Explorer 11 (IE11) data into Microsoft Edge. The safeguard hold was applied for Windows 10 systems where IE11 was the main or the default browser. The only customers impacted by the now-fixed known issue were those who didn’t import their IE11 information into Microsoft Edge before starting the Windows 11 upgrade process.”

Title: Block Discloses Data Breach Involving Cash App Potentially Impacting 8.2 million US Customers

Date Published: April 6, 2022


Excerpt: “The data breach involved a former employee that downloaded some unspecified reports of its Cash App Investing app that contained some U.S. customer information. Cash App is an app that allows users to easily send money, spend money, save money, and buy cryptocurrency.”

Title: Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info

Date Published: April 6, 2022


Excerpt: “Attackers are spoofing voice message notifications from WhatsApp in a malicious phishing campaign that uses a legitimate domain to spread an info-stealing malware, researchers have found. Researchers at cloud email security firm Armorblox discovered the malicious campaign targeting Office 365 and Google Workspace accounts using emails sent from domain associated with the Center for Road Safety, an entity believed to reside within the Moscow, Russia region. The site itself is legitimate, as it’s connected to the State Road Safety operations for Moscow and belongs to the Ministry of Internal Affairs of the Russian Federation, according to a blog post published Tuesday.”

Title: New Mirai-Based Campaign Targets Unpatched TOTOLINK Routers

Date Published: April 5, 2022


Excerpt: “A new ongoing malware campaign is currently being conducted in the wild, targeting unpatched TOTOLINK routers. By leveraging a newly released exploit code, threat actors can potentially infect vulnerable devices, according to researchers at security firm FortiGuard Labs.”

Title: Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users

Date Published: April 6, 2022


Excerpt: “Threat actors have been distributing malicious applications under the guise of seemingly harmless shopping apps to target customers of eight Malaysian banks since at least November 2021. The attacks involved setting up fraudulent but legitimate-looking websites to trick users into downloading the apps, Slovak cybersecurity firm ESET said in a report shared with The Hacker News.”

Title: Identity Fraud Skyrockets as Hackers Stick to Pre-Pandemic Techniques

Date Published: April 6, 2022


Excerpt: “The more things change, the more they stay the same. That’s often true for financial cyberattacks, which have seen a steep rise in the impact of identity fraud, with criminals often sticking with or just reverting to “pre-pandemic” scams and techniques to steal sensitive data from financial firms and their customers, according to a recent report from Javelin Strategy & Research.”

Title: Australia Warns of Money Recovery Phishing Luring Past Victims

Date Published: April  5, 2022


Excerpt: “The Australian Competition & Consumer Commission is raising awareness about a spike in money recovery scams. The agency warns in an alert today that reports of money recovery scams this year have increased in Australia by 725% compared to the same period in 2021.”

Title: Russia-linked Armageddon APT targets Ukrainian State Organizations, CERT-UA Warns

Date Published: April 5, 2022


Excerpt: “Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon, Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations. The phishing messages have been sent from “vadim_melnik88@i[.]ua,” the campaign aims at infecting the target systems with malware.”

Title: OT-IT Integration Raises Risk for Water Providers, Experts Say

Date Published: April 5, 2022


Excerpt: “At a congressional hearing Tuesday, “Mobilizing Our Cyber Defenses: Securing Critical Infrastructure Against Russian Cyber Threats,” a water trade association urged the federal government to follow the lead of the electric sector and institute minimum cybersecurity standards for water systems.”

Title: Ukraine Warns of Cyber attack Aiming to Hack Users’ Telegram Messenger Accounts

Date Published: April 6, 2022


Excerpt: “Ukraine’s technical security and intelligence service is warning of a new wave of cyber attacks that are aimed at gaining access to users’ Telegram accounts. “The criminals sent messages with malicious links to the Telegram website in order to gain unauthorized access to the records, including the possibility to transfer a one-time code from SMS,” the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine said in an alert.”

Recent Posts

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...