March 16, 2022

Fortify Security Team
Mar 16, 2022

Title: HackerOne Apologizes to Ukrainian Hackers for Mistakenly Blocking Payouts
Date Published: March 15, 2022

https://www.bleepingcomputer.com/news/security/hackerone-apologizes-to-ukrainian-hackers-for-mistakenly-blocking-payouts/

Excerpt: “Today, Chris Evans, the CISO of bug bounty platform HackerOne, apologized to Ukrainian hackers after the company erroneously blocked their bug bounty payouts following sanctions imposed on Russia and Belarus in the wake of Ukraine’s invasion. The bounty hunters were informed of this in emails notifying them that all transactions to HackerOne accounts from Ukraine, Russia, or Belarus have been paused.”

Title: Hacker Breaches Key Russian Ministry in Blink of an Eye
Date Published: March 16, 2022

https://securityaffairs.co/wordpress/129108/hacking/russian-ministry-hack.html

Excerpt: “Spielerkid89, who wished to remain anonymous, did not intend to harm the organization and left its systems intact. However, his experiment is a perfect example of how poor cyber hygiene can leave organizations vulnerable to cyber attacks. Russian state-sponsored cyber attacks can be devastating and leave hundreds of thousands of the Kremlin’s foes without water or electricity.”

Title: Phony Instagram ‘Support Staff’ Emails Hit Insurance Company
Date Published: March 16, 2022

https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Excerpt: “A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed.According to a report published by Armorblox on Wednesday, the attack combined brand impersonation with social engineering and managed to bypass Google’s email security by using a valid domain name, eventually reaching the mailboxes of hundreds of employees.”

Title: Veeam Fixes Critical RCEs in Backup Solution (CVE-2022-26500, CVE-2022-26501)
Date Published: March 15, 2022

https://www.helpnetsecurity.com/2022/03/15/cve-2022-26500-cve-2022-26501/

Excerpt: “Veeam Software has patched two critical vulnerabilities (CVE-2022-26500, CVE-2022-26501) affecting its popular Veeam Backup & Replication solution, which could be exploited by unauthenticated attackers to remotely execute malicious code. Veeam Backup & Replication is an enteprise data protection solution that allows admins to create image-level backups of virtual, physical, cloud machines and restore from them.”

Title: Sanctions Halt Rewards for Bug Hunters in Belarus, Russia
Date Published: March 16, 2022

https://www.bankinfosecurity.com/sanctions-halt-rewards-for-bug-hunters-in-belarus-russia-a-18724

Excerpt: “Sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers in those countries who are signed up with bug bounty programs. Some of the sanctions are directed at banks and financial institutions, and Western companies can no longer legally send payments. It means researchers who are due payments, which are often sent by a bank wire transfer, may not get paid until those sanctions are lifted.”

Title: FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
Date Published: March 16,  2022

https://thehackernews.com/2022/03/fbi-cisa-warn-of-russian-hackers.html

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws. “As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [multi-factor authentication] protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network,” the agencies said.”

Title: Dozens of Ransomware Variants Used in 722 Attacks Over 3 Months
Date Published: March 15, 2022

https://www.bleepingcomputer.com/news/security/dozens-of-ransomware-variants-used-in-722-attacks-over-3-months/
Excerpt: “The ransomware space was very active in the last quarter of 2021, with threat analysts observing 722 distinct attacks deploying 34 different variants. This massive amount of activity creates problems for the defenders, making it harder to keep up with individual group tactics, indicators of compromise, and detection opportunities. Compared to Q3 2021, the last quarter had 18% higher attack volume, while the comparison to Q2 2021 results in a difference of 22%, so there’s a trend of increasing attack numbers.”

Title: CVE-2022-0778 DoS flaw in OpenSSL was Fixed
Date Published: March 15, 2022

https://securityaffairs.co/wordpress/129104/security/openssl-dos-vulnerability.html
Excerpt: “OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, that affects the BN_mod_sqrt() function used when certificate parsing. The flaw was discovered by the popular Google Project Zero researchers Tavis Ormandy. An attacker can trigger the vulnerability by crafting a malformed certificate with invalid explicit curve parameters.”

Title: Attackers Using Default Credentials to Target Businesses, Raspberry Pi and Linux Top Targets
Date Published: March 16, 2022

https://www.helpnetsecurity.com/2022/03/16/attackers-using-default-credentials/

Excerpt: “Findings from a Bulletproof report highlight the issue posed by poor security hygiene as automated attacks remain a high security threat to businesses. The research gathered throughout 2021, showed that 70% of total web activity is currently bot traffic. With attackers increasingly deploying automated attack methods, default credentials are the most common passwords used by these bad actors, acting in effect as a ‘skeleton key’ for criminal access.”

Title: Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters
Date Published: March 16, 2022

https://thehackernews.com/2022/03/unpatched-rce-bug-in-dompdf-project.html

Excerpt: “Researchers have disclosed an unpatched security vulnerability in “dompdf,” a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations. “By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it from the web,” Positive Security researchers Maximilian Kirchmeier and Fabian Bräunlein said in a report published today.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...