May 6, 2022

Fortify Security Team
May 6, 2022

Title: Google Docs Crashes on Seeing “And. And. And. And. And.”
Date Published: May 6, 2022

https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/

Excerpt: “A bug in Google Docs is causing it to crash when a series of words are typed into a document opened with the online word processor. Once crashed, you may not be able to easily re-access the document as doing so would trigger the crash again. BleepingComputer was able to reproduce the issue last night and reached out to Google.”

Title: Vulnerable Docker Installations Are A Playhouse for Malware Attacks
Date Published: May 6, 2022

https://securityaffairs.co/wordpress/130973/cyber-crime/uptycs-docker-malware-attacks.html

Excerpt: “The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375. The attacks are related to crypto miners and reverse shells on the vulnerable servers using base64-encoded commands in the cmdline, built to evade defense mechanisms. This article briefly discusses three types of attacks which we observed lately in our Docker honeypot.”

Title: USB-based Wormable Malware Targets Windows Installer
Date Published: May 6, 2022

https://threatpost.com/usb-malware-targets-windows-installer/179521/

Excerpt: “Wormable malware dubbed Raspberry Robin has been active since last September and  is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found.”

Title: Hackers Using PrivateLoader PPI Service to Distribute New NetDooka Malware
Date Published: May 6, 2022

https://thehackernews.com/2022/05/hackers-using-privateloader-ppi-service.html

Excerpt: “A pay-per-install (PPI) malware service known as PrivateLoader has been spotted distributing a “fairly sophisticated” framework called NetDooka, granting attackers complete control over the infected devices.

“The framework is distributed via a pay-per-install (PPI) service and contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured remote access trojan (RAT) that implements its own network communication protocol,” Trend Micro said in a report published Thursday.”

Title: DHS Board Reignites Debate on Proper Role of Feds When Fighting Disinformation
Date Published: May 6, 2022

https://www.scmagazine.com/analysis/critical-infrastructure/dhs-board-reignites-debate-on-proper-role-of-feds-when-fighting-disinformation

Excerpt: “A top Republican on the House Homeland Security’s Committee is pressing the Department of Homeland Security for more information about the scope and authorities of a recently stood-up disinformation group. In a letter dated May 4, Rep. Andrew Garbarino, R-N.Y., said he had “serious privacy and civil liberties concerns” with the recently announced Disinformation Governance Board at DHS and asks Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, for more information on its makeup and authorities.”

Title: SheetJS Ditches NPM Registry Over 2FA Requirement and ‘Legal Matters’
Date Published: May 6, 2022

https://www.bleepingcomputer.com/news/software/sheetjs-ditches-npm-registry-over-2fa-requirement-and-legal-matters/

Excerpt: “In a surprising move, the popular open source project, SheetJS aka “xlsx,” has dropped support for the npm registry. Downloaded about 1.4 million times weekly on npm, SheetJS is relied upon by NodeJS developers looking to craft and parse Excel spreadsheets using nothing but JavaScript. The project’s maintainer suggests that the decision to pull out of the npm registry is based on the newly introduced two-factor requirements for top projects, GitHub’s abrupt decision-making, and ongoing ‘legal matters’ between SheetJS and npm.”

Title: Ukraine IT Army Hit EGAIS Portal Impacting Russia’s Alcohol Distribution
Date Published: May  6, 2022

https://securityaffairs.co/wordpress/130966/cyber-warfare-2/ukraine-it-army-hit-egais.html

Excerpt: “The collective of hacktivists Ukraine IT Army has launched a series of massive DDoS attacks on the Unified State Automated Alcohol Accounting Information System (EGAIS) portal, which is considered crucial for alcohol distribution in Russia. “Producers and distributors of alcohol for the first May holidays could not ship products to their customers due to a large-scale failure in the operation of the Unified State Automated Alcohol Accounting Information System (EGAIS). This was reported to Vedomosti by four participants in this market, a representative of a large retailer and an employee of a specialized association.” reported Vedomosti “Apparently, we are talking about DDoS attacks.” Alcohol producers and distributors were not able to ship products due to the unavailability of EGAIS system, and retail points warned of possible shortages due to the current situation.”

Title: Nothing personal: Training Employees to Identify a Spear Phishing Attack
Date Published: May 6, 2022

https://www.helpnetsecurity.com/2022/05/06/spear-phishing-cyberattack/

Excerpt: “Phishing attacks began years ago as simple spam, designed to trick recipients into visiting sites and becoming customers. In the meantime, they have morphed into a worldwide criminal industry. In recent years, threat actors have refined their methods of phishing, becoming increasingly more sophisticated as people have become wise to the traditional, obvious and unrealistic emails, which now often trigger suspicion.”

Title: Experts Uncover New Espionage Attacks by Chinese ‘Mustang Panda’ Hackers
Date Published: May 6, 2022

https://thehackernews.com/2022/05/experts-uncover-new-espionage-attacks.html

Excerpt: “The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. “Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves,” Cisco Talos said in a new report detailing the group’s evolving modus operandi.”

Title: New Framework Aims to Secure Digital Health Apps not Covered by HIPAA
Date Published: May 5, 2022

https://www.scmagazine.com/analysis/privacy/new-framework-aims-to-secure-digital-health-apps-not-covered-by-hipaa

Excerpt: “A new framework developed and released by several healthcare stakeholder groups takes aim at securing digital health technologies and mobile health apps, the vast majority of which fall outside of The Health Insurance Portability and Accountability Act regulation. Developed in partnership between The American College of Physicians, the American Telemedicine Association, and the Organization for the Review of Care and Health Applications, the U.S. framework is meant to support both healthcare professionals and consumers.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...