May 6, 2022

Fortify Security Team
May 6, 2022

Title: Google Docs Crashes on Seeing “And. And. And. And. And.”
Date Published: May 6, 2022

https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/

Excerpt: “A bug in Google Docs is causing it to crash when a series of words are typed into a document opened with the online word processor. Once crashed, you may not be able to easily re-access the document as doing so would trigger the crash again. BleepingComputer was able to reproduce the issue last night and reached out to Google.”

Title: Vulnerable Docker Installations Are A Playhouse for Malware Attacks
Date Published: May 6, 2022

https://securityaffairs.co/wordpress/130973/cyber-crime/uptycs-docker-malware-attacks.html

Excerpt: “The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375. The attacks are related to crypto miners and reverse shells on the vulnerable servers using base64-encoded commands in the cmdline, built to evade defense mechanisms. This article briefly discusses three types of attacks which we observed lately in our Docker honeypot.”

Title: USB-based Wormable Malware Targets Windows Installer
Date Published: May 6, 2022

https://threatpost.com/usb-malware-targets-windows-installer/179521/

Excerpt: “Wormable malware dubbed Raspberry Robin has been active since last September and  is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found.”

Title: Hackers Using PrivateLoader PPI Service to Distribute New NetDooka Malware
Date Published: May 6, 2022

https://thehackernews.com/2022/05/hackers-using-privateloader-ppi-service.html

Excerpt: “A pay-per-install (PPI) malware service known as PrivateLoader has been spotted distributing a “fairly sophisticated” framework called NetDooka, granting attackers complete control over the infected devices.

“The framework is distributed via a pay-per-install (PPI) service and contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured remote access trojan (RAT) that implements its own network communication protocol,” Trend Micro said in a report published Thursday.”

Title: DHS Board Reignites Debate on Proper Role of Feds When Fighting Disinformation
Date Published: May 6, 2022

https://www.scmagazine.com/analysis/critical-infrastructure/dhs-board-reignites-debate-on-proper-role-of-feds-when-fighting-disinformation

Excerpt: “A top Republican on the House Homeland Security’s Committee is pressing the Department of Homeland Security for more information about the scope and authorities of a recently stood-up disinformation group. In a letter dated May 4, Rep. Andrew Garbarino, R-N.Y., said he had “serious privacy and civil liberties concerns” with the recently announced Disinformation Governance Board at DHS and asks Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, for more information on its makeup and authorities.”

Title: SheetJS Ditches NPM Registry Over 2FA Requirement and ‘Legal Matters’
Date Published: May 6, 2022

https://www.bleepingcomputer.com/news/software/sheetjs-ditches-npm-registry-over-2fa-requirement-and-legal-matters/

Excerpt: “In a surprising move, the popular open source project, SheetJS aka “xlsx,” has dropped support for the npm registry. Downloaded about 1.4 million times weekly on npm, SheetJS is relied upon by NodeJS developers looking to craft and parse Excel spreadsheets using nothing but JavaScript. The project’s maintainer suggests that the decision to pull out of the npm registry is based on the newly introduced two-factor requirements for top projects, GitHub’s abrupt decision-making, and ongoing ‘legal matters’ between SheetJS and npm.”

Title: Ukraine IT Army Hit EGAIS Portal Impacting Russia’s Alcohol Distribution
Date Published: May  6, 2022

https://securityaffairs.co/wordpress/130966/cyber-warfare-2/ukraine-it-army-hit-egais.html

Excerpt: “The collective of hacktivists Ukraine IT Army has launched a series of massive DDoS attacks on the Unified State Automated Alcohol Accounting Information System (EGAIS) portal, which is considered crucial for alcohol distribution in Russia. “Producers and distributors of alcohol for the first May holidays could not ship products to their customers due to a large-scale failure in the operation of the Unified State Automated Alcohol Accounting Information System (EGAIS). This was reported to Vedomosti by four participants in this market, a representative of a large retailer and an employee of a specialized association.” reported Vedomosti “Apparently, we are talking about DDoS attacks.” Alcohol producers and distributors were not able to ship products due to the unavailability of EGAIS system, and retail points warned of possible shortages due to the current situation.”

Title: Nothing personal: Training Employees to Identify a Spear Phishing Attack
Date Published: May 6, 2022

https://www.helpnetsecurity.com/2022/05/06/spear-phishing-cyberattack/

Excerpt: “Phishing attacks began years ago as simple spam, designed to trick recipients into visiting sites and becoming customers. In the meantime, they have morphed into a worldwide criminal industry. In recent years, threat actors have refined their methods of phishing, becoming increasingly more sophisticated as people have become wise to the traditional, obvious and unrealistic emails, which now often trigger suspicion.”

Title: Experts Uncover New Espionage Attacks by Chinese ‘Mustang Panda’ Hackers
Date Published: May 6, 2022

https://thehackernews.com/2022/05/experts-uncover-new-espionage-attacks.html

Excerpt: “The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. “Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves,” Cisco Talos said in a new report detailing the group’s evolving modus operandi.”

Title: New Framework Aims to Secure Digital Health Apps not Covered by HIPAA
Date Published: May 5, 2022

https://www.scmagazine.com/analysis/privacy/new-framework-aims-to-secure-digital-health-apps-not-covered-by-hipaa

Excerpt: “A new framework developed and released by several healthcare stakeholder groups takes aim at securing digital health technologies and mobile health apps, the vast majority of which fall outside of The Health Insurance Portability and Accountability Act regulation. Developed in partnership between The American College of Physicians, the American Telemedicine Association, and the Organization for the Review of Care and Health Applications, the U.S. framework is meant to support both healthcare professionals and consumers.”

Recent Posts

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...

April 26, 2022

Title: CISA Adds 7 Vulnerabilities to List of Bugs Exploited in Attacks Date Published: April 25, 2022 https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/ Excerpt: “The U.S. Cybersecurity and Infrastructure...