May 2, 2022

Fortify Security Team
May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor
Date Published: May 2, 2022

https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/

Excerpt: “The U.S. Department of Justice (DoJ) has announced the conviction of Sercan Oyuntur, 40, resident of California, for multiple counts relating to a phishing operation that caused $23.5 million in damages to the U.S. Department of Defense (DoD). The fraudster managed to divert to his personal bank account DoD funds destined for a jet fuel supplier.

Title: Group-IB CEO Remains in Prison – the Russian-Led Company has Been ‘Blacklisted’ in Italy
Date Published: May 2, 2022

https://securityaffairs.co/wordpress/130806/security/group-ib-ceo-remains-in-prison.html

Excerpt: “The latest executive order from the Italian National Cybersecurity Agency (NCA) banned Group-IB, a Russian-led cybersecurity company from working in the government sector, including 2 other companies – Kaspersky Labs and Positive Technologies. Originally founded in Moscow, the company landed itself into controversy after one of the Group-IB employees Nikita Kislitsin was indicted by the FBI for computer-related crimes – the selling of stolen customer data from major U.S.-based corporations. Kislitsin continues to work for Group-IB and is still currently listed on the Russian version of their official WEB-site. Later, Group-IB CEO Ilya Sachkov was arrested and detained by law enforcement and placed in prison – which has only lead to more questions.”

Title: Deep Dive: Protecting Against Container Threats in the Cloud
Date Published: May 2, 2022

https://threatpost.com/container_threats_cloud_defend/179452/

Excerpt: “Containers are self-contained pods representing complete, portable application environments. They contain everything an application needs to run, including binaries, libraries, configuration files and dependencies (Docker and Amazon Elastic, for instance, are two of the more well-known offerings). Multiple containers can run on a shared infrastructure and use the same operating system kernel, but they’re abstracted from that layer and have little contact with the underlying hosting resources (which could be, for example, a public cloud instance).”

Title: Ukraine and Romania Suffer Large-Scale DDoS Attacks
Date Published: April 30, 2022

https://www.bankinfosecurity.com/ukraine-romania-suffer-large-scale-ddos-attacks-a-18999

Excerpt: “The Computer Emergency Response Team of Ukraine and the National Bank of Ukraine are warning of massive DDoS attacks against pro-Ukrainian targets. The intelligence service in Romania, SRI, also warns of a similar type of attack targeting sites belonging to its national authorities. According to the CERT-UA, the unknown threat actors are targeting compromised WordPress sites and injecting malicious JavaScript code called BrownFlood to perform the attacks.”

Title: Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia
Date Published: May 2, 2022

https://thehackernews.com/2022/05/russian-hackers-targeting-diplomatic.html

Excerpt: “A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 (aka Cozy Bear), with some set of the activities associated with the crew assigned the moniker Nobelium (aka UNC2452/2652).”

Title: REvil ransomware returns: New Malware Sample Confirms Gang is Back
Date Published: May 1, 2022

https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/

Excerpt: “The notorious REvil ransomware operation has returned amidst rising tensions between Russia and the USA, with new infrastructure and a modified encryptor allowing for more targeted attacks. In October, the REvil ransomware gang shut down after a law enforcement operation hijacked their Tor servers, followed by arrests of members by Russian law enforcement.”

Title: Hackers Stole +80M from DeFi Platforms Rari Capital and Fei Protocol
Date Published: May  1, 2022

https://securityaffairs.co/wordpress/130768/hacking/80m-hack-defi-rari-capital-fei-protocol.html

Excerpt: “Threat actors stole more than $80 million from the decentralized finance (DeFi) platforms Rari Capital and Fei Protocol on Saturday. Researchers from smart contract analysis firm Block Sec reported that attackers exploited a reentrancy bug in Rari’s Fuse lending protocol. Rari Capital paused borrowing globally in response to the hack and ensured that all other funds are secure.”

Title: New US Breach Reporting Rules for Banks Take Effect May 1
Date Published: April 29, 2022

https://www.bankinfosecurity.com/new-us-breach-reporting-rules-for-banks-take-effect-may-1-a-18998

Excerpt: “New cyber incident reporting rules are set to come into effect in the U.S. on May 1. Banks in the country will be required to notify regulators within the first 36 hours after an organization suffers a qualifying “computer-security incident.” The regulation was first passed in November 2021. The rule was passed by a collective of U.S. regulators, including the Federal Deposit Insurance Corp., the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency.”

Title: Chinese “Override Panda” Hackers Resurface With New Espionage Attacks
Date Published: May 2, 2022

https://thehackernews.com/2022/05/chinese-override-panda-hackers.html

Excerpt: “A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. “The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as ‘Viper,'” Cluster25 said in a report published last week.”

Title: Open Source ‘Package Analysis’ Tool Finds Malicious npm, PyPI Packages
Date Published: May 1, 2022

https://www.bleepingcomputer.com/news/security/open-source-package-analysis-tool-finds-malicious-npm-pypi-packages/

Excerpt: “The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the ‘Package Analysis’ tool that aims to catch and counter malicious attacks on open source registries. In a pilot run that lasted less than a month, the open source project released on GitHub, was able to identify over 200 malicious npm and PyPI packages.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...