April 15, 2022

Fortify Security Team
Apr 15, 2022

Title: Wind Turbine Firm Nordex Hit by Conti Ransomware Attack

Date Published: April 14, 2022

https://www.bleepingcomputer.com/news/security/wind-turbine-firm-nordex-hit-by-conti-ransomware-attack/

Excerpt: “The Conti ransomware operation has claimed responsibility for a cyberattack on wind turbine giant Nordex, which was forced to shut down IT systems and remote access to the managed turbines earlier this month. Nordex is one of the largest developers and manufacturers of wind turbines globally, with more than 8,500 employees worldwide.”

Title: Auth Bypass Flaw in Cisco Wireless LAN Controller Software Allows Device Takeover

Date Published: April 15, 2022

https://securityaffairs.co/wordpress/130217/security/auth-bypass-cisco-wireless-lan-controller.html

Excerpt: “Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695, in Cisco Wireless LAN Controller (WLC). A remote, unauthenticated attacker could exploit the flaw to bypass authentication and log in to the device through the management interface. The vulnerability resides in the authentication feature of Cisco Wireless LAN Controller (WLC) Software.”

Title: Feds: APTs Have Tools That Can Take Over Critical Infrastructure

Date Published: April 14, 2022

https://threatpost.com/feds-apts-critical-infrastructure/179291/

Excerpt: “Threat actors have built and are ready to deploy tools that can take over a number of widely used industrial control system (ICS) devices, which spells trouble for critical infrastructure providers—particularly those in the energy sector, federal agencies have warned. In a joint advisory, the Department of Energy (DoE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the FBI caution that “certain advanced persistent threat (APT) actors” have already demonstrated the capability “to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices,” according to the alert.”

Title: Critical Microsoft RPC runtime bug: No PoC Exploit Yet, but Patch ASAP! (CVE-2022-26809)

Date Published: April 15, 2022

https://www.helpnetsecurity.com/2022/04/15/cve-2022-26809/

Excerpt: “Three days have passed since Microsoft’s latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential. It’s easy to see why: it may be exploited by unauthenticated, remote attackers to breach systems and by attackers that already have access to a system and want to hop on others on the same network. It can also be exploited without the vulnerable system’s user doing anything at all (aka “zero-click” exploitation).”

Title: Feds Disrupt Cyberattack Aimed at Pacific Communications

Date Published: April 14, 2022

https://www.bankinfosecurity.com/feds-disrupt-cyberattack-aimed-at-pacific-communications-a-18907

Excerpt: “Federal agents blocked a cyberattack launched against a submarine cable in Hawaii that provides phone and internet services to several countries, an investigative branch of the U.S. Department of Homeland Security says. The Homeland Security Investigation agents say an unnamed Oahu-based private company that manages the cable was targeted by an international hacking group, but did not provide more details on the nationality or other specifics of the actors. Still, a suspect is in custody, according to a news report in the Honolulu Star Advertiser.”

Title: JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots

Date Published: April 15, 2022

https://thehackernews.com/2022/04/new-jekyllbot5-flaws-let-attackers-take.html

Excerpt: “As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. “Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow full control of robot functions, or expose sensitive information,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory published this week.”

Title: Email Warnings to Healthcare Employees After a PHI Breach Drastically Reduces Repeat Offenses

Date Published: April  14, 2022

https://www.scmagazine.com/analysis/compliance/email-warnings-to-healthcare-employees-after-a-phi-breach-drastically-reduces-repeat-offenses

Excerpt: “Research consistently shows healthcare is one of the worst sectors at stopping data breaches caused by insiders. New data published in JAMA Network Open reveals sending email warnings to employees after unauthorized access prevented a repeat occurrence in 95% of cases. The research was conducted by Michigan State University Professor and Plante Moran Faculty Fellow John Xuefeng Jiang, PhD; Protenus CEO Nick Culbertson; and Ge Bai, PhD, a professor at Johns Hopkins.”

Title: New Malware Tools Pose ‘Clear and Present Threat’ to ICS Environments

Date Published: April 14, 2022

https://www.darkreading.com/threat-intelligence/new-malware-tools-a-clear-and-present-threat-to-ics-environments

Excerpt: “The US Cybersecurity and Infrastructure Security Agency (CISA), along with the NSA, FBI, and others, this week urged critical infrastructure organizations — especially in the energy sector — to implement defenses against a set of highly sophisticated cyberattack tools designed to target and disrupt industrial environments.”

Title: Karakurt Revealed as Data Extortion Arm of Conti Cybercrime Syndicate

Date Published: April 15, 2022

https://www.bleepingcomputer.com/news/security/karakurt-revealed-as-data-extortion-arm-of-conti-cybercrime-syndicate/

Excerpt: “After breaching servers managed by the cybercriminals, security researchers found a connection between Conti ransomware and the recently emerged Karakurt data extortion group, showing that the two gangs are part of the same operation. The Conti ransomware syndicate is one of the most prolific cybercriminal groups today that operates unabated despite the massive leak of internal conversations and source code that a hacking group already used to cripple Russian organizations.”

Title: Google Fixed Third Zero-Day in Chrome Since the Start of 2022

Date Published: April 15, 2022

https://securityaffairs.co/wordpress/130213/security/google-chrome-zeroday-cve-2022-1364.html

Excerpt: “Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux to address a high-severity zero-day, tracked as CVE-2022-1364, that is actively exploited by threat actors in attacks. The CVE-2022-1364 zero-day is a type confusion issue that resides in the V8 JavaScript engine that was reported by Clément Lecigne of Google’s Threat Analysis Group on April 13, 2022. Shane Huntley, Google’s Threat Analysis Group chief, highlighted that the flaw was quicky addressed by the company.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...