April 15, 2022

Fortify Security Team
Apr 15, 2022

Title: Wind Turbine Firm Nordex Hit by Conti Ransomware Attack

Date Published: April 14, 2022


Excerpt: “The Conti ransomware operation has claimed responsibility for a cyberattack on wind turbine giant Nordex, which was forced to shut down IT systems and remote access to the managed turbines earlier this month. Nordex is one of the largest developers and manufacturers of wind turbines globally, with more than 8,500 employees worldwide.”

Title: Auth Bypass Flaw in Cisco Wireless LAN Controller Software Allows Device Takeover

Date Published: April 15, 2022


Excerpt: “Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695, in Cisco Wireless LAN Controller (WLC). A remote, unauthenticated attacker could exploit the flaw to bypass authentication and log in to the device through the management interface. The vulnerability resides in the authentication feature of Cisco Wireless LAN Controller (WLC) Software.”

Title: Feds: APTs Have Tools That Can Take Over Critical Infrastructure

Date Published: April 14, 2022


Excerpt: “Threat actors have built and are ready to deploy tools that can take over a number of widely used industrial control system (ICS) devices, which spells trouble for critical infrastructure providers—particularly those in the energy sector, federal agencies have warned. In a joint advisory, the Department of Energy (DoE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the FBI caution that “certain advanced persistent threat (APT) actors” have already demonstrated the capability “to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices,” according to the alert.”

Title: Critical Microsoft RPC runtime bug: No PoC Exploit Yet, but Patch ASAP! (CVE-2022-26809)

Date Published: April 15, 2022


Excerpt: “Three days have passed since Microsoft’s latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential. It’s easy to see why: it may be exploited by unauthenticated, remote attackers to breach systems and by attackers that already have access to a system and want to hop on others on the same network. It can also be exploited without the vulnerable system’s user doing anything at all (aka “zero-click” exploitation).”

Title: Feds Disrupt Cyberattack Aimed at Pacific Communications

Date Published: April 14, 2022


Excerpt: “Federal agents blocked a cyberattack launched against a submarine cable in Hawaii that provides phone and internet services to several countries, an investigative branch of the U.S. Department of Homeland Security says. The Homeland Security Investigation agents say an unnamed Oahu-based private company that manages the cable was targeted by an international hacking group, but did not provide more details on the nationality or other specifics of the actors. Still, a suspect is in custody, according to a news report in the Honolulu Star Advertiser.”

Title: JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots

Date Published: April 15, 2022


Excerpt: “As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. “Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow full control of robot functions, or expose sensitive information,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory published this week.”

Title: Email Warnings to Healthcare Employees After a PHI Breach Drastically Reduces Repeat Offenses

Date Published: April  14, 2022


Excerpt: “Research consistently shows healthcare is one of the worst sectors at stopping data breaches caused by insiders. New data published in JAMA Network Open reveals sending email warnings to employees after unauthorized access prevented a repeat occurrence in 95% of cases. The research was conducted by Michigan State University Professor and Plante Moran Faculty Fellow John Xuefeng Jiang, PhD; Protenus CEO Nick Culbertson; and Ge Bai, PhD, a professor at Johns Hopkins.”

Title: New Malware Tools Pose ‘Clear and Present Threat’ to ICS Environments

Date Published: April 14, 2022


Excerpt: “The US Cybersecurity and Infrastructure Security Agency (CISA), along with the NSA, FBI, and others, this week urged critical infrastructure organizations — especially in the energy sector — to implement defenses against a set of highly sophisticated cyberattack tools designed to target and disrupt industrial environments.”

Title: Karakurt Revealed as Data Extortion Arm of Conti Cybercrime Syndicate

Date Published: April 15, 2022


Excerpt: “After breaching servers managed by the cybercriminals, security researchers found a connection between Conti ransomware and the recently emerged Karakurt data extortion group, showing that the two gangs are part of the same operation. The Conti ransomware syndicate is one of the most prolific cybercriminal groups today that operates unabated despite the massive leak of internal conversations and source code that a hacking group already used to cripple Russian organizations.”

Title: Google Fixed Third Zero-Day in Chrome Since the Start of 2022

Date Published: April 15, 2022


Excerpt: “Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux to address a high-severity zero-day, tracked as CVE-2022-1364, that is actively exploited by threat actors in attacks. The CVE-2022-1364 zero-day is a type confusion issue that resides in the V8 JavaScript engine that was reported by Clément Lecigne of Google’s Threat Analysis Group on April 13, 2022. Shane Huntley, Google’s Threat Analysis Group chief, highlighted that the flaw was quicky addressed by the company.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...