May 2, 2022

Fortify Security Team
May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor
Date Published: May 2, 2022

https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/

Excerpt: “The U.S. Department of Justice (DoJ) has announced the conviction of Sercan Oyuntur, 40, resident of California, for multiple counts relating to a phishing operation that caused $23.5 million in damages to the U.S. Department of Defense (DoD). The fraudster managed to divert to his personal bank account DoD funds destined for a jet fuel supplier.

Title: Group-IB CEO Remains in Prison – the Russian-Led Company has Been ‘Blacklisted’ in Italy
Date Published: May 2, 2022

https://securityaffairs.co/wordpress/130806/security/group-ib-ceo-remains-in-prison.html

Excerpt: “The latest executive order from the Italian National Cybersecurity Agency (NCA) banned Group-IB, a Russian-led cybersecurity company from working in the government sector, including 2 other companies – Kaspersky Labs and Positive Technologies. Originally founded in Moscow, the company landed itself into controversy after one of the Group-IB employees Nikita Kislitsin was indicted by the FBI for computer-related crimes – the selling of stolen customer data from major U.S.-based corporations. Kislitsin continues to work for Group-IB and is still currently listed on the Russian version of their official WEB-site. Later, Group-IB CEO Ilya Sachkov was arrested and detained by law enforcement and placed in prison – which has only lead to more questions.”

Title: Deep Dive: Protecting Against Container Threats in the Cloud
Date Published: May 2, 2022

https://threatpost.com/container_threats_cloud_defend/179452/

Excerpt: “Containers are self-contained pods representing complete, portable application environments. They contain everything an application needs to run, including binaries, libraries, configuration files and dependencies (Docker and Amazon Elastic, for instance, are two of the more well-known offerings). Multiple containers can run on a shared infrastructure and use the same operating system kernel, but they’re abstracted from that layer and have little contact with the underlying hosting resources (which could be, for example, a public cloud instance).”

Title: Ukraine and Romania Suffer Large-Scale DDoS Attacks
Date Published: April 30, 2022

https://www.bankinfosecurity.com/ukraine-romania-suffer-large-scale-ddos-attacks-a-18999

Excerpt: “The Computer Emergency Response Team of Ukraine and the National Bank of Ukraine are warning of massive DDoS attacks against pro-Ukrainian targets. The intelligence service in Romania, SRI, also warns of a similar type of attack targeting sites belonging to its national authorities. According to the CERT-UA, the unknown threat actors are targeting compromised WordPress sites and injecting malicious JavaScript code called BrownFlood to perform the attacks.”

Title: Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia
Date Published: May 2, 2022

https://thehackernews.com/2022/05/russian-hackers-targeting-diplomatic.html

Excerpt: “A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 (aka Cozy Bear), with some set of the activities associated with the crew assigned the moniker Nobelium (aka UNC2452/2652).”

Title: REvil ransomware returns: New Malware Sample Confirms Gang is Back
Date Published: May 1, 2022

https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/

Excerpt: “The notorious REvil ransomware operation has returned amidst rising tensions between Russia and the USA, with new infrastructure and a modified encryptor allowing for more targeted attacks. In October, the REvil ransomware gang shut down after a law enforcement operation hijacked their Tor servers, followed by arrests of members by Russian law enforcement.”

Title: Hackers Stole +80M from DeFi Platforms Rari Capital and Fei Protocol
Date Published: May  1, 2022

https://securityaffairs.co/wordpress/130768/hacking/80m-hack-defi-rari-capital-fei-protocol.html

Excerpt: “Threat actors stole more than $80 million from the decentralized finance (DeFi) platforms Rari Capital and Fei Protocol on Saturday. Researchers from smart contract analysis firm Block Sec reported that attackers exploited a reentrancy bug in Rari’s Fuse lending protocol. Rari Capital paused borrowing globally in response to the hack and ensured that all other funds are secure.”

Title: New US Breach Reporting Rules for Banks Take Effect May 1
Date Published: April 29, 2022

https://www.bankinfosecurity.com/new-us-breach-reporting-rules-for-banks-take-effect-may-1-a-18998

Excerpt: “New cyber incident reporting rules are set to come into effect in the U.S. on May 1. Banks in the country will be required to notify regulators within the first 36 hours after an organization suffers a qualifying “computer-security incident.” The regulation was first passed in November 2021. The rule was passed by a collective of U.S. regulators, including the Federal Deposit Insurance Corp., the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency.”

Title: Chinese “Override Panda” Hackers Resurface With New Espionage Attacks
Date Published: May 2, 2022

https://thehackernews.com/2022/05/chinese-override-panda-hackers.html

Excerpt: “A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. “The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as ‘Viper,'” Cluster25 said in a report published last week.”

Title: Open Source ‘Package Analysis’ Tool Finds Malicious npm, PyPI Packages
Date Published: May 1, 2022

https://www.bleepingcomputer.com/news/security/open-source-package-analysis-tool-finds-malicious-npm-pypi-packages/

Excerpt: “The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the ‘Package Analysis’ tool that aims to catch and counter malicious attacks on open source registries. In a pilot run that lasted less than a month, the open source project released on GitHub, was able to identify over 200 malicious npm and PyPI packages.”

Recent Posts

June 23, 2022

Title: New MetaMask Phishing Campaign uses KYC Lures to Steal Passphrases Date Published: June 23, 2022 https://www.bleepingcomputer.com/news/security/new-metamask-phishing-campaign-uses-kyc-lures-to-steal-passphrases/ Excerpt: “A new phishing campaign is targeting...

June 22, 2022

Title: Microsoft Reveals Cause Behind this Week’s Microsoft 365 Outage Date Published: June 22, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/ Excerpt: “Microsoft has revealed that this week's...

June 21, 2022

Title: Microsoft 365 Outage Affects Microsoft Teams and Exchange Online Date Published: June 21, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-affects-microsoft-teams-and-exchange-online/ Excerpt: “An ongoing outage affects multiple...

June 17, 2022

Title: QNAP 'Thoroughly Investigating' New DeadBolt Ransomware Attacks Date Published: June 17, 2022 https://www.bleepingcomputer.com/news/security/qnap-thoroughly-investigating-new-deadbolt-ransomware-attacks/ Excerpt: “Network-attached storage (NAS) vendor QNAP once...

June 17, 2022

Title: QNAP 'Thoroughly Investigating' New DeadBolt Ransomware Attacks Date Published: June 17, 2022 https://www.bleepingcomputer.com/news/security/qnap-thoroughly-investigating-new-deadbolt-ransomware-attacks/ Excerpt: “Network-attached storage (NAS) vendor QNAP once...

June 16, 2022

Title: Microsoft Office 365 Feature Can Help Cloud Ransomware Attacks Date Published: June 16, 2022 https://www.bleepingcomputer.com/news/security/microsoft-office-365-feature-can-help-cloud-ransomware-attacks/ Excerpt: “Security researchers are warning that threat...

June 15, 2022

Title: New Go Botnet Panchan Spreading Rapidly in Education Networks Date Published: June 15, 2022 https://www.bleepingcomputer.com/news/security/new-go-botnet-panchan-spreading-rapidly-in-education-networks/ Excerpt: “A new peer-to-peer botnet named Panchan appeared...