April 8, 2022

Fortify Security Team
Apr 8, 2022

Title: Raspberry Pi Removes Default User to Hinder Brute-Force Attacks
Date Published: April 8, 2022

https://www.bleepingcomputer.com/news/security/raspberry-pi-removes-default-user-to-hinder-brute-force-attacks/

Excerpt: “American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago. Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched software.”

Title: A Ukrainian Man is the Third FIN7 Member Sentenced in the United States
Date Published: April 8, 2022

https://securityaffairs.co/wordpress/129986/cyber-crime/third-fin7-member-sentenced.html

Excerpt: “Denys Iarmak, a Ukrainian national (32), has been sentenced to five years in prison in the U.S. for high-level hacking activity in the cybercrime group FIN7 (aka Carbanak Group and the Navigator Group). The man was arrested in Bangkok, Thailand in November 2019 at the request of U.S. law enforcement, then he was extradited to the U.S. in May 2020.”

Title: 18% of the Top 99 Insurance Carriers Have a High Susceptibility to Ransomware
Date Published: April 8, 2022

https://www.helpnetsecurity.com/2022/04/08/insurance-sector-ransomware-susceptibility/

Excerpt: “Black Kite released a report that examines rising cyber risk concerns and ransomware susceptibility in the insurance sector. The most notable takeaway: nearly 20% of the top 99 insurance carriers have a high susceptibility to ransomware.”

Title: US Sanctions Darknet Market Hydra, Crypto Exchange Garantex
Date Published: April 6, 2022

https://www.bankinfosecurity.com/us-sanctions-darknet-market-hydra-crypto-exchange-garantex-a-18851

Excerpt: “The U.S. Department of the Treasury has sanctioned Russian darknet marketplace Hydra and cryptocurrency exchange Garantex. The news comes on the day after Hydra was shuttered in a joint operation by the German Federal Criminal Police Office – aka the Bundeskriminalamt or BKA – and U.S. law enforcement agencies. Garantex has been involved in ransomware and other cybercriminal activities targeting U.S. citizens and other entities in the country, the Treasury Department statement says.”

Title: Ukrainian FIN7 Hacker Gets 5-Year Sentence in the United States
Date Published: April 8, 2022

https://thehackernews.com/2022/04/ukrainian-fin7-hacker-gets-5-year.html

Excerpt: “A 32-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for the individual’s criminal work as a “high-level hacker” in the financially motivated group FIN7. Denys Iarmak, who worked as a penetration tester for the cartel from November 2016 through November 2018, had been previously arrested in Bangkok, Thailand in November 2019, before being extradited to the U.S. in May 2020.”

Title: Ransomware Negotiations are Taking Longer (and that’s a good thing)
Date Published: April 7, 2022

https://www.scmagazine.com/analysis/business-contunuity/ransomware-negotiations-are-taking-longer-and-thats-a-good-thing

Excerpt: “It’s taking longer to negotiate ransomware demands. That is a good thing. Law firm BakerHosteler, which handles more than 1,250 cyber-related incidents a year, said in its annual Data Security and Incident Response report that the typical ransomware negotiation for its clients in 2021 lasted eight days. That is roughly twice as long as the five days in 2020.”

Title: BlackCat Purveyor Shows Ransomware Operators Have 9 Lives
Date Published: April  7, 2022

https://www.darkreading.com/attacks-breaches/blackcat-purveyor-shows-ransomware-operators-have-nine-lives

Excerpt: “A ransomware group boasting its members come from now-shuttered groups BlackMatter and REvil has emerged from the shadows to launch a new ransomware-as-a-service, already attacking an enterprise resource planning (ERP) service provider and an industrial firm, new research shows.”

Title: Microsoft takes down APT28 domains used in Attacks Against Ukraine
Date Published: April 7, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-takes-down-apt28-domains-used-in-attacks-against-ukraine/

Excerpt: “Microsoft has successfully disrupted attacks against Ukrainian targets coordinated by the Russian APT28 hacking group after taking down seven domains used as attack infrastructure.Strontium (also tracked as Fancy Bear or APT28), linked to Russia’s military intelligence service GRU, used these domains to target multiple Ukrainian institutions, including media organizations.”

Title: Hamas-Linked Threat Actors Target High-Profile Israeli Individuals
Date Published: April 8, 2022

https://securityaffairs.co/wordpress/129973/apt/hamas-linked-apt-targets-israeli-individuals.html

Excerpt: “Researchers from Cybereason observed a sophisticated cyberespionage campaign conducted by APT-C-23 group campaigns targeting Israeli high-profile targets working for sensitive defense, law enforcement, and emergency services organizations. The threat actors use sophisticated social engineering techniques to infect Windows and Android devices of the victims with previously undocumented backdoors.

Title: New Octo Banking Trojan Spreading via Fake Apps on Google Play Store
Date Published: April 7, 2022

https://thehackernews.com/2022/04/new-octo-banking-trojan-spreading-via.html

Excerpt: “A number of rogue Android apps that have been cumulatively installed from the official Google Play Store more than 50,000 times are being used to target banks and other financial entities. The rental banking trojan, dubbed Octo, is said to be a rebrand of another Android malware called ExobotCompact, which, in turn, is a “lite” replacement for its Exobot predecessor, Dutch mobile security firm ThreatFabric said in a report shared with The Hacker News.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...