January 20, 2022

Fortify Security Team
Jan 21, 2022

Title: New MoonBounce UEFI Malware Used by APT41 in Targeted Attacks
Date Published: January 20, 2022


Excerpt: “Security analysts have discovered and linked MoonBounce, “the most advanced” UEFI firmware implant found in the wild so far, to the Chinese-speaking APT41 hacker group (also known as Winnti). APT41 is a notorious hacking group that has been active for at least a decade and is primarily known for its stealthy cyber-espionage operations against high-profile organizations from various industry sectors. The discovery of MoonBounce is the work of researchers at Kaspersky, who have published a detailed technical report on their findings.”

Title: Red Cross Hit by a Sophisticated Cyberattack
Date Published: January 20, 2022


Excerpt: “A cyberattack on a Red Cross contractor resulted in the theft of personal data for more than 515,000 highly vulnerable people seeking missing families. The infamous attack was disclosed by the International Committee of the Red Cross (ICRC), which confirmed that the data originated from at least 60 different Red Cross and Red Crescent National Societies worldwide. Stolen data includes information belonging to individuals separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.”

Title: Endpoint Malware and Ransomware Detections Hit all-time High
Date Published: January 20, 2022


Excerpt: “Endpoint malware and ransomware detections surpassed the total volume seen in 2020 by the end of Q3 2021, according to researchers at the WatchGuard Threat Lab. In its latest report, WatchGuard also highlights that a significant percentage of malware continues to arrive over encrypted connections.

While zero-day malware increased by just 3% to 67.2% in Q3 2021, the percentage of malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. Data shows that many organizations are not decrypting these connections and therefore have poor visibility into the amount of malware hitting their networks.”

Title: Cyberattacks Top Health Tech Hazard for 2022, says ECRI
Date Published: January 19, 2022


Excerpt: “ECRI named cyberattacks as the No. 1 health tech hazard for 2022, following the momentum over the last year around patient safety risks posed by security incidents like ransomware attacks that can lead to healthcare delivery disruptions. The annual top 10 health technology hazards list released by ECRI is meant to inform the healthcare sector of important safety issues tied to the use of medical devices and systems. The compilation for 2022 reflects the ongoing volatility in healthcare brought on by the continued COVID-19 pandemic response.”

Title: Cisco Bug Gives Remote Attackers Root Privileges via Debug Mode
Date Published: January 20, 2022


Excerpt: “Cisco has fixed a critical security flaw discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software during internal security testing. The vulnerability, tracked as CVE-2022-20649, enables unauthenticated attackers to gain remote code execution (RCE) with root-level privileges on devices running the vulnerable software. “A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container,” Cisco said.”

Title: Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers
Date Published: January 20, 2022


Excerpt: “An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues impact both Zoom clients and Multimedia Router (MMR) servers, which transmit audio and video content between clients in on-premise deployments. The weaknesses have since been addressed by Zoom as part of updates shipped on November 24, 2021.”

Title: Biden Signs Memo to Boost US National Security Systems’ Defenses
Date Published: January 20, 2022


Excerpt: “President Joe Biden signed a national security memorandum (NSM) on Wednesday to increase the security of national security systems, part of critical US government networks used in military and intelligence activities when storing or transferring classified info. “Modernizing our cybersecurity defenses and protecting all federal networks is a priority for the Biden Administration, and this National Security Memorandum raises the bar for the cybersecurity of our most sensitive systems,” the White House said. Biden’s memo requires federal agencies to report breaches on national security systems to the National Security Agency (NSA), the “National Manager” for US government classified systems.”

Title: SolarWinds Serv-U Bug Exploited for Log4j Attacks
Date Published: January 20, 2022


Excerpt: “SolarWinds has addressed a vulnerability in Serv-U product that threat actors actively exploited to propagate Log4j attacks to internal devices on a network. The vulnerability, tracked as CVE-2021-35247, was discovered by Microsoft security researcher Jonathan Bar Or while monitoring attacks exploiting the vulnerabilities in the Log4j library. The flaw is an input validation vulnerability that could allow threat actors to build a query given some input and send that query over the network without sanitation.”

Title: Multicloud Environment Complexities Putting Digital Transformation at Risk
Date Published: January 20, 2022


Excerpt: “Dynatrace announced the findings of an independent global survey of 1,300 CIOs and senior IT practitioners involved in infrastructure management. The research reveals the challenges organizations face as they overwhelmingly turn to multicloud architectures to achieve the agility and scalability needed to keep up with the pace of digital transformation. Multicloud strategies have led to a surge in complexity, with infrastructure teams drowning in data as they try to monitor and manage their constantly changing environments. As a result, teams are spending more time on manual, routine tasks, limiting their ability to accelerate innovation and highlighting the need for increased use of AI and automation.”

Title: Log4Shell Update: VMware Horizon Targetede
Date Published: January 19, 2022


Excerpt: “Attackers have been actively targeting Log4j, or Log4shell, vulnerabilities in the servers of virtualization solution VMware Horizon to establish persistent access via web shells, according to an alert by the U.K. National Health Service. The web shells could allow unauthenticated attackers to remotely execute commands on a server affected by Log4Shell vulnerabilities to establish persistence within affected networks, the alert says, and adds that an attacker can use these web shells to deploy malicious software or ransomware and exfiltrate data.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...