March 16, 2022

Fortify Security Team
Mar 16, 2022

Title: HackerOne Apologizes to Ukrainian Hackers for Mistakenly Blocking Payouts
Date Published: March 15, 2022

https://www.bleepingcomputer.com/news/security/hackerone-apologizes-to-ukrainian-hackers-for-mistakenly-blocking-payouts/

Excerpt: “Today, Chris Evans, the CISO of bug bounty platform HackerOne, apologized to Ukrainian hackers after the company erroneously blocked their bug bounty payouts following sanctions imposed on Russia and Belarus in the wake of Ukraine’s invasion. The bounty hunters were informed of this in emails notifying them that all transactions to HackerOne accounts from Ukraine, Russia, or Belarus have been paused.”

Title: Hacker Breaches Key Russian Ministry in Blink of an Eye
Date Published: March 16, 2022

https://securityaffairs.co/wordpress/129108/hacking/russian-ministry-hack.html

Excerpt: “Spielerkid89, who wished to remain anonymous, did not intend to harm the organization and left its systems intact. However, his experiment is a perfect example of how poor cyber hygiene can leave organizations vulnerable to cyber attacks. Russian state-sponsored cyber attacks can be devastating and leave hundreds of thousands of the Kremlin’s foes without water or electricity.”

Title: Phony Instagram ‘Support Staff’ Emails Hit Insurance Company
Date Published: March 16, 2022

https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Excerpt: “A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed.According to a report published by Armorblox on Wednesday, the attack combined brand impersonation with social engineering and managed to bypass Google’s email security by using a valid domain name, eventually reaching the mailboxes of hundreds of employees.”

Title: Veeam Fixes Critical RCEs in Backup Solution (CVE-2022-26500, CVE-2022-26501)
Date Published: March 15, 2022

https://www.helpnetsecurity.com/2022/03/15/cve-2022-26500-cve-2022-26501/

Excerpt: “Veeam Software has patched two critical vulnerabilities (CVE-2022-26500, CVE-2022-26501) affecting its popular Veeam Backup & Replication solution, which could be exploited by unauthenticated attackers to remotely execute malicious code. Veeam Backup & Replication is an enteprise data protection solution that allows admins to create image-level backups of virtual, physical, cloud machines and restore from them.”

Title: Sanctions Halt Rewards for Bug Hunters in Belarus, Russia
Date Published: March 16, 2022

https://www.bankinfosecurity.com/sanctions-halt-rewards-for-bug-hunters-in-belarus-russia-a-18724

Excerpt: “Sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers in those countries who are signed up with bug bounty programs. Some of the sanctions are directed at banks and financial institutions, and Western companies can no longer legally send payments. It means researchers who are due payments, which are often sent by a bank wire transfer, may not get paid until those sanctions are lifted.”

Title: FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
Date Published: March 16,  2022

https://thehackernews.com/2022/03/fbi-cisa-warn-of-russian-hackers.html

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws. “As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [multi-factor authentication] protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network,” the agencies said.”

Title: Dozens of Ransomware Variants Used in 722 Attacks Over 3 Months
Date Published: March 15, 2022

https://www.bleepingcomputer.com/news/security/dozens-of-ransomware-variants-used-in-722-attacks-over-3-months/
Excerpt: “The ransomware space was very active in the last quarter of 2021, with threat analysts observing 722 distinct attacks deploying 34 different variants. This massive amount of activity creates problems for the defenders, making it harder to keep up with individual group tactics, indicators of compromise, and detection opportunities. Compared to Q3 2021, the last quarter had 18% higher attack volume, while the comparison to Q2 2021 results in a difference of 22%, so there’s a trend of increasing attack numbers.”

Title: CVE-2022-0778 DoS flaw in OpenSSL was Fixed
Date Published: March 15, 2022

https://securityaffairs.co/wordpress/129104/security/openssl-dos-vulnerability.html
Excerpt: “OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, that affects the BN_mod_sqrt() function used when certificate parsing. The flaw was discovered by the popular Google Project Zero researchers Tavis Ormandy. An attacker can trigger the vulnerability by crafting a malformed certificate with invalid explicit curve parameters.”

Title: Attackers Using Default Credentials to Target Businesses, Raspberry Pi and Linux Top Targets
Date Published: March 16, 2022

https://www.helpnetsecurity.com/2022/03/16/attackers-using-default-credentials/

Excerpt: “Findings from a Bulletproof report highlight the issue posed by poor security hygiene as automated attacks remain a high security threat to businesses. The research gathered throughout 2021, showed that 70% of total web activity is currently bot traffic. With attackers increasingly deploying automated attack methods, default credentials are the most common passwords used by these bad actors, acting in effect as a ‘skeleton key’ for criminal access.”

Title: Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters
Date Published: March 16, 2022

https://thehackernews.com/2022/03/unpatched-rce-bug-in-dompdf-project.html

Excerpt: “Researchers have disclosed an unpatched security vulnerability in “dompdf,” a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations. “By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it from the web,” Positive Security researchers Maximilian Kirchmeier and Fabian Bräunlein said in a report published today.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...