January 18, 2022

Fortify Security Team
Jan 19, 2022

Title: Europol Shuts Down VPN Service Used by Ransomware Groups
Date Published: January 18, 2022


Excerpt: “Law enforcement authorities from 10 countries took down VPNLab.net, a VPN service provider used by ransomware operators and malware actors. The disruptive joint action was coordinated by Europol and took place on January 17, 2022. It involved simultaneous law enforcement actions in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States, and the United Kingdom. The law operatives seized 15 servers used by the VPNLab.net service and took down its main site, so the platform is no longer available.”

Title: Zoho fixes a Critical Vulnerability (CVE-2021-44757) in Desktop Central Solutions
Date Published: January 17, 2022


Excerpt: “Zoho fixed a new critical severity flaw, tracked as CVE-2021-44757, that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions.The issue is an authentication bypass vulnerability, a remote attacker can exploit it to perform unauthorized actions in the server. The Zoho ManageEngine Desktop Central endpoint management solution helps organizations in managing servers, laptops, desktops, smartphones, and tablets from a central location. “An authentication bypass vulnerability that can allow a remote user to perform unauthorized actions in the server.” reads the advisory published by the Zoho’s ManageEngine Team. “If exploited, this vulnerability may allow an attacker to read unauthorized data or write an arbitrary zip file on the server.

Title: Organizations Face a ‘Losing Battle’ Against Vulnerabilities
Date Published: January 18, 2022


Excerpt: “After a banner year for vulnerabilities and cyberattacks in 2021, organizations believe they are fighting a “losing battle” against security vulnerabilities and threats, “despite the billions of dollars spent collectively on cybersecurity technology,” according to an annual security report from BugCrowd. This perception comes after 2021 found organizations grappling with the complexities of hybrid environments—with many corporate workers still at home due to the pandemic–an explosion of ransomware, and the emergence of the supply chain as a major attack surface, according to the report, Priority One Report 2022.”

Title: Microsoft Releases Emergency Fixes for Windows Server, VPN bugs
Date Published: January 17, 2022


Excerpt: “Microsoft has released emergency out-of-band (OOB) updates to address multiple issues caused by Windows Updates issued during the January 2021 Patch Tuesday. “Microsoft is releasing Out-of-band (OOB) updates today, January 18, 2022, for some versions of Windows,” the company said. “This update addresses issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machines start failures, and ReFS-formatted removable media failing to mount.”

Title: GAO: SolarWinds, Exchange Hacks Reveal Info-Sharing Gaps
Date Published: January 17, 2022


Excerpt: “Auditors at the U.S. Government Accountability Office say in a new report that the federal government’s response to both the SolarWinds software supply chain attack in late 2020 and the exploitation of Microsoft Exchange Servers just months later sharpened its coordination efforts with the private sector, but exposed gaps in its information-sharing abilities.The report, issued by Nick Marinos, managing director of information technology and cybersecurity at the GAO, and Jennifer R. Franks, the office’s director of information technology and cybersecurity, describes the federal response to the two high-profile cybersecurity incidents.”

Title: Ukraine: Wiper malware masquerading as ransomware hits government organizations
Date Published: January 17, 2022


Excerpt: “ In the wake of last week’s attention-grabbing defacements of many Ukrainian government websites, Microsoft researchers have revealed evidence of a malware operation targeting multiple organizations in Ukraine, deploying what seems to be ransomware but is actually Master Boot Records (MBR) wiper malware.
“On the night of January 13-14, a number of government websites, including the Ministry of Foreign Affairs, the Ministry of Education and Science and others, were hacked. Provocative messages were posted on the main page of these sites. The content of the sites was not changed and the leakage of personal data, according to preliminary information, did not occur,” the Computer Emergency Response Team of Ukraine (CERT-UA) said. The team noted that it’s possible that the attackers exploited CVE-2021-32648, a vulnerability in the October CMS, to reset the admin account password and gain access to it, allowing them to post the taunting messages.”

Title: Microsoft: Edge will mitigate ‘unforeseen active’ zero day bugs
Date Published: January 17, 2022


Excerpt: “Microsoft Edge has added a new feature to the Beta channel that will mitigate future in-the-wild exploitation of unknown zero-day vulnerabilities. The new capability is part of a new browsing mode designed to focus on the Microsoft Edge’s security while navigating the web. “This feature is a huge step forward because it lets us mitigate unforeseen active zero days (based on historical trends),” Microsoft explains.”

Title: Several Crypto.com Users Reported Suspicious Transactions that Stole Thousands of Dollars in Ethereum (ETH) from their Wallets.
Date Published: January 18, 2022


Excerpt: “Several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) despite their accounts being protected with 2FA. Crypto.com is a cryptocurrency exchange app based in Singapore, the app currently has 10 million users and 3,000 employees.

The company has confirmed the unauthorized access to wallets belonging to a ‘small number’ of users. In response to the users’ reports of suspicious transactions, the company temporarily suspended all withdrawals and launched an internal investigation. The cryptocurrency exchange app now has restored withdrawal services and reassured its users saying that all funds are safe:”

Title: Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors
Date Published: January 18, 2022


Excerpt: “An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. “The list of its victims includes high-value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong, COVID-19 research organizations, and the media, amongst others,” Trend Micro researchers said in a new report. “However, the threat actor also seems to be financially motivated, as it also took aim at gambling and cryptocurrency companies.”

Title: Industrial Security Posturers are Improving – but Still Struggle to Keep Up with Growing Threats
Date Published: January 18, 2022


Excerpt: “Over the past few years, Information Technology (IT) networks and Operational Technology (OT) environments have become interconnected, which has exposed a variety of vulnerabilities and weaknesses in the security of both, but especially OT. OT security and Industrial Control System Security (ICS), while improving, has not kept up with their evolving ecosystem, leaving systems exposed — as seen by attacks on Colonial Pipeline, the Florida Water system and other critical infrastructure. A recent Nozomi Networks-sponsored SANS 2021 OT/ICS Cybersecurity report reinforces this, revealing that ICS cybersecurity threats remain high and are only growing in severity.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...