Title: HackerOne Apologizes to Ukrainian Hackers for Mistakenly Blocking Payouts
Date Published: March 15, 2022
Excerpt: “Today, Chris Evans, the CISO of bug bounty platform HackerOne, apologized to Ukrainian hackers after the company erroneously blocked their bug bounty payouts following sanctions imposed on Russia and Belarus in the wake of Ukraine’s invasion. The bounty hunters were informed of this in emails notifying them that all transactions to HackerOne accounts from Ukraine, Russia, or Belarus have been paused.”
Title: Hacker Breaches Key Russian Ministry in Blink of an Eye
Date Published: March 16, 2022
https://securityaffairs.co/wordpress/129108/hacking/russian-ministry-hack.html
Excerpt: “Spielerkid89, who wished to remain anonymous, did not intend to harm the organization and left its systems intact. However, his experiment is a perfect example of how poor cyber hygiene can leave organizations vulnerable to cyber attacks. Russian state-sponsored cyber attacks can be devastating and leave hundreds of thousands of the Kremlin’s foes without water or electricity.”
Title: Phony Instagram ‘Support Staff’ Emails Hit Insurance Company
Date Published: March 16, 2022
https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Excerpt: “A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed.According to a report published by Armorblox on Wednesday, the attack combined brand impersonation with social engineering and managed to bypass Google’s email security by using a valid domain name, eventually reaching the mailboxes of hundreds of employees.”
Title: Veeam Fixes Critical RCEs in Backup Solution (CVE-2022-26500, CVE-2022-26501)
Date Published: March 15, 2022
https://www.helpnetsecurity.com/2022/03/15/cve-2022-26500-cve-2022-26501/
Excerpt: “Veeam Software has patched two critical vulnerabilities (CVE-2022-26500, CVE-2022-26501) affecting its popular Veeam Backup & Replication solution, which could be exploited by unauthenticated attackers to remotely execute malicious code. Veeam Backup & Replication is an enteprise data protection solution that allows admins to create image-level backups of virtual, physical, cloud machines and restore from them.”
Title: Sanctions Halt Rewards for Bug Hunters in Belarus, Russia
Date Published: March 16, 2022
https://www.bankinfosecurity.com/sanctions-halt-rewards-for-bug-hunters-in-belarus-russia-a-18724
Excerpt: “Sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers in those countries who are signed up with bug bounty programs. Some of the sanctions are directed at banks and financial institutions, and Western companies can no longer legally send payments. It means researchers who are due payments, which are often sent by a bank wire transfer, may not get paid until those sanctions are lifted.”
Title: FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
Date Published: March 16, 2022
https://thehackernews.com/2022/03/fbi-cisa-warn-of-russian-hackers.html
Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws. “As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [multi-factor authentication] protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network,” the agencies said.”
Title: Dozens of Ransomware Variants Used in 722 Attacks Over 3 Months
Date Published: March 15, 2022
https://www.bleepingcomputer.com/news/security/dozens-of-ransomware-variants-used-in-722-attacks-over-3-months/
Excerpt: “The ransomware space was very active in the last quarter of 2021, with threat analysts observing 722 distinct attacks deploying 34 different variants. This massive amount of activity creates problems for the defenders, making it harder to keep up with individual group tactics, indicators of compromise, and detection opportunities. Compared to Q3 2021, the last quarter had 18% higher attack volume, while the comparison to Q2 2021 results in a difference of 22%, so there’s a trend of increasing attack numbers.”
Title: CVE-2022-0778 DoS flaw in OpenSSL was Fixed
Date Published: March 15, 2022
https://securityaffairs.co/wordpress/129104/security/openssl-dos-vulnerability.html
Excerpt: “OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, that affects the BN_mod_sqrt() function used when certificate parsing. The flaw was discovered by the popular Google Project Zero researchers Tavis Ormandy. An attacker can trigger the vulnerability by crafting a malformed certificate with invalid explicit curve parameters.”
Title: Attackers Using Default Credentials to Target Businesses, Raspberry Pi and Linux Top Targets
Date Published: March 16, 2022
https://www.helpnetsecurity.com/2022/03/16/attackers-using-default-credentials/
Excerpt: “Findings from a Bulletproof report highlight the issue posed by poor security hygiene as automated attacks remain a high security threat to businesses. The research gathered throughout 2021, showed that 70% of total web activity is currently bot traffic. With attackers increasingly deploying automated attack methods, default credentials are the most common passwords used by these bad actors, acting in effect as a ‘skeleton key’ for criminal access.”
Title: Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters
Date Published: March 16, 2022
https://thehackernews.com/2022/03/unpatched-rce-bug-in-dompdf-project.html
Excerpt: “Researchers have disclosed an unpatched security vulnerability in “dompdf,” a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations. “By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it from the web,” Positive Security researchers Maximilian Kirchmeier and Fabian Bräunlein said in a report published today.”