June 14, 2022

Fortify Security Team
Jun 14, 2022

Title: Kaiser Permanente Data Breach Exposes Health Data of 69K People
Date Published: June 13, 2022


Excerpt: “Kaiser Permanente, one of America’s leading not-for-profit health plans and health care providers, has recently disclosed a data breach that exposed the health information of more than 69,000 individuals. Founded in 1945, Kaiser Permanente provides health care services to over 12.5 million members from 8 U.S. states and Washington, D.C.”

Title: SeaFlower Campaign Distributes Backdoored Versions of Web3 Wallets to Steal Seed Phrases
Date Published: June 14, 2022


Excerpt: “Researchers from Confiant have uncovered a sophisticated malware campaign, tracked as SeaFlower, targeting Web3 wallet users. Chinese crooks are spreading backdoored versions of iOS and Android Web3 wallets to steal users’ seed phrase. SeaFlower maintains the functionality of the original wallet, but it adds code to exfiltrate the seed phrase.”

Title: Linux Malware Deemed ‘Nearly Impossible’ to Detect
Date Published: June 14, 2022


Excerpt: “A new Linux malware that’s “nearly impossible to detect” can harvest credentials and gives attackers remote access and rootkit functionality by acting in a parasitic way to infect targets, researchers said. Researchers from The BlackBerry Research and Intelligence Team have been tracking the malware, the earliest detection of which is from November 2021, security researcher Joakim Kennedy wrote in a blog post on the BlackBerry Threat Vector Blog published last week.”

Title: Strong Passwords Still a Priority Strategy for Enterprises
Date Published: June 14, 2022


Excerpt: “Bitwarden announced the results of a global survey of enterprise security decision makers, conducted by 451 Research, which explores enterprise password management practices and intent. Overall, the survey finds that strong passwords remain a priority strategy and are important in shoring up the confidence of enterprise security decision makers. But, while security sentiments fall in line with best practices, implementation often falls short.”

Title: Russia Warns of Military Action If US Attacks Infrastructure
Date Published: June 13, 2022


Excerpt: “Russia’s top cyber diplomat warned of retaliation for cyberattacks launched in the wake of Moscow’s invasion of Ukraine, vowing his country “will not leave aggressive actions unanswered.” Comments from Andrei Krutskikh, posted to Russia’s Foreign Ministry website, came days after the Russian government urged the United States to desist from additional cyberspace incursions. U.S. Cyber Command Army Gen. Paul Nakasone, earlier this month revealed that the U.S. has conducted a “full spectrum” set of cyber operations to support Ukraine.”

Title: “Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison
Date Published: June  13, 2022


Excerpt: “A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites. Matthew Gatrel of St. Charles, Ill. was found guilty for violations of the Computer Fraud and Abuse Act (CFAA) related to his operation of downthem[.]org and ampnode[.]com, two DDoS-for-hire services that had thousands of customers who paid to launch more than 200,000 attacks.”

Title: Technical Details Released for ‘SynLapse’ RCE Vulnerability Reported in Microsoft Azure
Date Published: June  14, 2022


Excerpt: “Microsoft has incorporated additional improvements to address the recently disclosed SynLapse security vulnerability in order to meet comprehensive tenant isolation requirements in Azure Data Factory and Azure Synapse Pipelines. The latest safeguards include moving the shared integration runtimes to sandboxed ephemeral instances and using scoped tokens to prevent adversaries from using a client certificate to access other tenants’ information.”

Title: Chinese-Linked APT Adds Governments, Financial Companies to Target List
Date Published: June 13, 2022


Excerpt: “A suspected Chinese-linked hacking outfit known to target telecommunications infrastructure is expanding its portfolio to target entities in the financial and government sectors using a new piece of malware, according to researchers from Palo Alto Networks Unit 42.”

Title: CISA Recommends Organizations Update to the Latest Version of Google Chrome
Date Published: June 13, 2022


Excerpt: “The US Cybersecurity and Infrastructure Agency (CISA) Friday urged users and administrators to update to a new version of Chrome that Google released last week to fix a total of seven vulnerabilities in its browser. In an advisory, Google described four of the flaws — three of which were reported to the company by external researchers — as presenting a high risk for organizations. The company said it had decided to restrict access to bug details until most users have updated to the new version of Chrome (102.0.5005.115).”

Title: Gallium Hackers Backdoor Finance, Govt Orgs Using new PingPull Malware
Date Published: June 13, 2022


Excerpt: “The Gallium state-sponsored hacking group has been spotted using a new ‘PingPull’ remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa. These entities are based in Australia, Russia, Philippines, Belgium, Vietnam, Malaysia, Cambodia, and Afghanistan. Gallium is believed to originate from China, and its targeting scope of the telecommunications, finance, and government sectors in espionage operations aligns with the country’s interests.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...