Microsoft:  Windows Autopatch will be released in July 2022.

Views expressed in this cybersecurity-cybercrime update are those of the reporters and correspondents.

Accessed on 10 April 2022, 0638 UTC.

Content supplied by “Google”, “The Hacker News”, “Windows Autopatch Tuesday”, “Security Affairs”, “Dark Reading”, and “Cyber Scoop.”


Please click link or scroll down to read your selections.

Security News Bundle


SharkBot Banking Trojan spreads through fake AV apps on Google Play

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Researchers from the Check Point Research (CPR) team discovered several malicious Android apps on the official Google Play Store masqueraded as antivirus solutions that were used to deliver the SharkBot banking Trojan.
Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware

The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. “The exploitation allows threat actors to download the Mirai sample to the ‘/tmp’ folder and execute them after permission change using ‘chmod,'” Trend Micro researchers Deep Patel, Nitesh


A DDoS attack took down Finnish govt sites as Ukraine’s President addresses MPs

A massive DDoS attack took down Finnish government websites while Ukrainian President Zelenskyy addressed Finland’s members of parliament (MPs). On April 8, a denial-of-service attack took down the websites of the Finnish ministries of Defense and Foreign Affairs. The attack started at about noon, while Ukrainian President Zelenskyy addressed Finland’s members of parliament (MPs).
China-linked threat actors target Indian Power Grid organizations

China-linked threat actors continue to target Indian power grid organizations, most of the attacks involved the ShadowPad backdoor. Recorded Future’s Insikt Group researchers uncovered a campaign conducted by a China-linked threat actor targeting Indian power grid organizations. The security firm is tracking this cluster of malicious activities under the moniker Threat Activity Group 38 aka TAG-3


A Mirai-based botnet is exploiting the Spring4Shell vulnerability

Experts warn of a Mirai-based botnet exploiting the recently discovered Spring4Shell vulnerability in attacks in the wild. Trend Micro Threat Research reported that the recently discovered Spring4Shell vulnerability ( CVE-2022-22965 ) is actively exploited by a Mirai-based botnet. Researchers from Chinese cybersecurity firm Qihoo 360 first reported the exploitation of the Spring4Shell by a Mirai-
Microsoft dogs Strontium domains to stop attacks on Ukraine

Software giant sinkholes systems used by Russian gang Microsoft this week seized seven internet domains run by Russia-linked threat group Strontium, which was using the infrastructure to target Ukrainian institutions as well as think tanks in the US and EU, apparently to support Russian’s invasion of its neighbor.…
DOJ’s Sandworm operation raises questions about how far feds can go to disarm botnets

The notion that citizens are protected from unreasonable search and seizure is a bedrock legal principle: A court must issue a search warrant before police can enter a private home and ransack it looking for evidence. In what former prosecutors and legal experts call a landmark operation, the Department of Justice has now tested that principle to disrupt a Russian botnet that was spreading malwar
Denial-of-service disrupts Finnish government sites during Zelenskyy speech

A denial-of-service attack knocked the websites for Finland’s defense and foreign ministries offline Friday, the government there said, just as Ukrainian President Volodymyr Zelenskyy spoke to the Finnish parliament. The disruption also coincided with Finland weighing a bid to join NATO and the same day the Finnish defense agency said a Russian aircraft violated its airspace . The Finns didn’t po
Chinese Hacker Groups Continue to Target Indian Power Grid Assets

China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named ShadowPad, according to Recorded Future’s Insikt Group, a sophisticated remote access trojan which has been dubbed a “masterpiece
Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity

Cybersecurity researchers have uncovered further links between BlackCat (aka AlphaV) and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. “At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool […] and which has only been observed in
Server-Side-Request-Forgery Enabled Administrative Account Takeover on FinTech Platform

Salt Labs has uncovered a Server-Side-Request Forgery on a major FinTech platform, enabling an administrative account takeover. Researchers identified API vulnerabilities allowing them to launch attacks where: Attackers could gain administrative access to the banking platform Attackers could leak users’ personal data Attackers could access users’ banking details and financial transactions Attacke
Anonymous and the IT ARMY of Ukraine continue to target Russian entities

The popular hacking Anonymous and the IT ARMY of Ukraine continue to target Russian government entities and private businesses. This week Anonymous claimed to have hacked multiple private businesses and leaked their data through the DDoSecrets platform. The list of recently compromised businesses includes: Forest – The hacktivists leaked 37,500 emails stolen from the company which is a Russian lo
US eases sanctions that may lead to Russia’s Internet isolation

Today, the U.S. has announced exemptions on previously imposed sanctions on Russia related to telecommunications and internet-based communications, likely to prevent Russians from being isolated from Western news sources.

For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts.  Thanks for joining us today.

Russ Roberts (machine learning, artificial intelligence, IoT, and information security)