January 18, 2022

Fortify Security Team
Jan 19, 2022

Title: Europol Shuts Down VPN Service Used by Ransomware Groups
Date Published: January 18, 2022


Excerpt: “Law enforcement authorities from 10 countries took down VPNLab.net, a VPN service provider used by ransomware operators and malware actors. The disruptive joint action was coordinated by Europol and took place on January 17, 2022. It involved simultaneous law enforcement actions in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States, and the United Kingdom. The law operatives seized 15 servers used by the VPNLab.net service and took down its main site, so the platform is no longer available.”

Title: Zoho fixes a Critical Vulnerability (CVE-2021-44757) in Desktop Central Solutions
Date Published: January 17, 2022


Excerpt: “Zoho fixed a new critical severity flaw, tracked as CVE-2021-44757, that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions.The issue is an authentication bypass vulnerability, a remote attacker can exploit it to perform unauthorized actions in the server. The Zoho ManageEngine Desktop Central endpoint management solution helps organizations in managing servers, laptops, desktops, smartphones, and tablets from a central location. “An authentication bypass vulnerability that can allow a remote user to perform unauthorized actions in the server.” reads the advisory published by the Zoho’s ManageEngine Team. “If exploited, this vulnerability may allow an attacker to read unauthorized data or write an arbitrary zip file on the server.

Title: Organizations Face a ‘Losing Battle’ Against Vulnerabilities
Date Published: January 18, 2022


Excerpt: “After a banner year for vulnerabilities and cyberattacks in 2021, organizations believe they are fighting a “losing battle” against security vulnerabilities and threats, “despite the billions of dollars spent collectively on cybersecurity technology,” according to an annual security report from BugCrowd. This perception comes after 2021 found organizations grappling with the complexities of hybrid environments—with many corporate workers still at home due to the pandemic–an explosion of ransomware, and the emergence of the supply chain as a major attack surface, according to the report, Priority One Report 2022.”

Title: Microsoft Releases Emergency Fixes for Windows Server, VPN bugs
Date Published: January 17, 2022


Excerpt: “Microsoft has released emergency out-of-band (OOB) updates to address multiple issues caused by Windows Updates issued during the January 2021 Patch Tuesday. “Microsoft is releasing Out-of-band (OOB) updates today, January 18, 2022, for some versions of Windows,” the company said. “This update addresses issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machines start failures, and ReFS-formatted removable media failing to mount.”

Title: GAO: SolarWinds, Exchange Hacks Reveal Info-Sharing Gaps
Date Published: January 17, 2022


Excerpt: “Auditors at the U.S. Government Accountability Office say in a new report that the federal government’s response to both the SolarWinds software supply chain attack in late 2020 and the exploitation of Microsoft Exchange Servers just months later sharpened its coordination efforts with the private sector, but exposed gaps in its information-sharing abilities.The report, issued by Nick Marinos, managing director of information technology and cybersecurity at the GAO, and Jennifer R. Franks, the office’s director of information technology and cybersecurity, describes the federal response to the two high-profile cybersecurity incidents.”

Title: Ukraine: Wiper malware masquerading as ransomware hits government organizations
Date Published: January 17, 2022


Excerpt: “ In the wake of last week’s attention-grabbing defacements of many Ukrainian government websites, Microsoft researchers have revealed evidence of a malware operation targeting multiple organizations in Ukraine, deploying what seems to be ransomware but is actually Master Boot Records (MBR) wiper malware.
“On the night of January 13-14, a number of government websites, including the Ministry of Foreign Affairs, the Ministry of Education and Science and others, were hacked. Provocative messages were posted on the main page of these sites. The content of the sites was not changed and the leakage of personal data, according to preliminary information, did not occur,” the Computer Emergency Response Team of Ukraine (CERT-UA) said. The team noted that it’s possible that the attackers exploited CVE-2021-32648, a vulnerability in the October CMS, to reset the admin account password and gain access to it, allowing them to post the taunting messages.”

Title: Microsoft: Edge will mitigate ‘unforeseen active’ zero day bugs
Date Published: January 17, 2022


Excerpt: “Microsoft Edge has added a new feature to the Beta channel that will mitigate future in-the-wild exploitation of unknown zero-day vulnerabilities. The new capability is part of a new browsing mode designed to focus on the Microsoft Edge’s security while navigating the web. “This feature is a huge step forward because it lets us mitigate unforeseen active zero days (based on historical trends),” Microsoft explains.”

Title: Several Crypto.com Users Reported Suspicious Transactions that Stole Thousands of Dollars in Ethereum (ETH) from their Wallets.
Date Published: January 18, 2022


Excerpt: “Several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) despite their accounts being protected with 2FA. Crypto.com is a cryptocurrency exchange app based in Singapore, the app currently has 10 million users and 3,000 employees.

The company has confirmed the unauthorized access to wallets belonging to a ‘small number’ of users. In response to the users’ reports of suspicious transactions, the company temporarily suspended all withdrawals and launched an internal investigation. The cryptocurrency exchange app now has restored withdrawal services and reassured its users saying that all funds are safe:”

Title: Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors
Date Published: January 18, 2022


Excerpt: “An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. “The list of its victims includes high-value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong, COVID-19 research organizations, and the media, amongst others,” Trend Micro researchers said in a new report. “However, the threat actor also seems to be financially motivated, as it also took aim at gambling and cryptocurrency companies.”

Title: Industrial Security Posturers are Improving – but Still Struggle to Keep Up with Growing Threats
Date Published: January 18, 2022


Excerpt: “Over the past few years, Information Technology (IT) networks and Operational Technology (OT) environments have become interconnected, which has exposed a variety of vulnerabilities and weaknesses in the security of both, but especially OT. OT security and Industrial Control System Security (ICS), while improving, has not kept up with their evolving ecosystem, leaving systems exposed — as seen by attacks on Colonial Pipeline, the Florida Water system and other critical infrastructure. A recent Nozomi Networks-sponsored SANS 2021 OT/ICS Cybersecurity report reinforces this, revealing that ICS cybersecurity threats remain high and are only growing in severity.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...