January 20, 2022

Fortify Security Team
Jan 21, 2022

Title: New MoonBounce UEFI Malware Used by APT41 in Targeted Attacks
Date Published: January 20, 2022


Excerpt: “Security analysts have discovered and linked MoonBounce, “the most advanced” UEFI firmware implant found in the wild so far, to the Chinese-speaking APT41 hacker group (also known as Winnti). APT41 is a notorious hacking group that has been active for at least a decade and is primarily known for its stealthy cyber-espionage operations against high-profile organizations from various industry sectors. The discovery of MoonBounce is the work of researchers at Kaspersky, who have published a detailed technical report on their findings.”

Title: Red Cross Hit by a Sophisticated Cyberattack
Date Published: January 20, 2022


Excerpt: “A cyberattack on a Red Cross contractor resulted in the theft of personal data for more than 515,000 highly vulnerable people seeking missing families. The infamous attack was disclosed by the International Committee of the Red Cross (ICRC), which confirmed that the data originated from at least 60 different Red Cross and Red Crescent National Societies worldwide. Stolen data includes information belonging to individuals separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.”

Title: Endpoint Malware and Ransomware Detections Hit all-time High
Date Published: January 20, 2022


Excerpt: “Endpoint malware and ransomware detections surpassed the total volume seen in 2020 by the end of Q3 2021, according to researchers at the WatchGuard Threat Lab. In its latest report, WatchGuard also highlights that a significant percentage of malware continues to arrive over encrypted connections.

While zero-day malware increased by just 3% to 67.2% in Q3 2021, the percentage of malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. Data shows that many organizations are not decrypting these connections and therefore have poor visibility into the amount of malware hitting their networks.”

Title: Cyberattacks Top Health Tech Hazard for 2022, says ECRI
Date Published: January 19, 2022


Excerpt: “ECRI named cyberattacks as the No. 1 health tech hazard for 2022, following the momentum over the last year around patient safety risks posed by security incidents like ransomware attacks that can lead to healthcare delivery disruptions. The annual top 10 health technology hazards list released by ECRI is meant to inform the healthcare sector of important safety issues tied to the use of medical devices and systems. The compilation for 2022 reflects the ongoing volatility in healthcare brought on by the continued COVID-19 pandemic response.”

Title: Cisco Bug Gives Remote Attackers Root Privileges via Debug Mode
Date Published: January 20, 2022


Excerpt: “Cisco has fixed a critical security flaw discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software during internal security testing. The vulnerability, tracked as CVE-2022-20649, enables unauthenticated attackers to gain remote code execution (RCE) with root-level privileges on devices running the vulnerable software. “A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container,” Cisco said.”

Title: Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers
Date Published: January 20, 2022


Excerpt: “An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues impact both Zoom clients and Multimedia Router (MMR) servers, which transmit audio and video content between clients in on-premise deployments. The weaknesses have since been addressed by Zoom as part of updates shipped on November 24, 2021.”

Title: Biden Signs Memo to Boost US National Security Systems’ Defenses
Date Published: January 20, 2022


Excerpt: “President Joe Biden signed a national security memorandum (NSM) on Wednesday to increase the security of national security systems, part of critical US government networks used in military and intelligence activities when storing or transferring classified info. “Modernizing our cybersecurity defenses and protecting all federal networks is a priority for the Biden Administration, and this National Security Memorandum raises the bar for the cybersecurity of our most sensitive systems,” the White House said. Biden’s memo requires federal agencies to report breaches on national security systems to the National Security Agency (NSA), the “National Manager” for US government classified systems.”

Title: SolarWinds Serv-U Bug Exploited for Log4j Attacks
Date Published: January 20, 2022


Excerpt: “SolarWinds has addressed a vulnerability in Serv-U product that threat actors actively exploited to propagate Log4j attacks to internal devices on a network. The vulnerability, tracked as CVE-2021-35247, was discovered by Microsoft security researcher Jonathan Bar Or while monitoring attacks exploiting the vulnerabilities in the Log4j library. The flaw is an input validation vulnerability that could allow threat actors to build a query given some input and send that query over the network without sanitation.”

Title: Multicloud Environment Complexities Putting Digital Transformation at Risk
Date Published: January 20, 2022


Excerpt: “Dynatrace announced the findings of an independent global survey of 1,300 CIOs and senior IT practitioners involved in infrastructure management. The research reveals the challenges organizations face as they overwhelmingly turn to multicloud architectures to achieve the agility and scalability needed to keep up with the pace of digital transformation. Multicloud strategies have led to a surge in complexity, with infrastructure teams drowning in data as they try to monitor and manage their constantly changing environments. As a result, teams are spending more time on manual, routine tasks, limiting their ability to accelerate innovation and highlighting the need for increased use of AI and automation.”

Title: Log4Shell Update: VMware Horizon Targetede
Date Published: January 19, 2022


Excerpt: “Attackers have been actively targeting Log4j, or Log4shell, vulnerabilities in the servers of virtualization solution VMware Horizon to establish persistent access via web shells, according to an alert by the U.K. National Health Service. The web shells could allow unauthenticated attackers to remotely execute commands on a server affected by Log4Shell vulnerabilities to establish persistence within affected networks, the alert says, and adds that an attacker can use these web shells to deploy malicious software or ransomware and exfiltrate data.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...