April 21, 2022

Fortify Security Team
Apr 21, 2022

Title: Cisco Umbrella Default SSH Key Allows Theft of Admin Credentials
Date Published: April 21, 2022

https://www.bleepingcomputer.com/news/security/cisco-umbrella-default-ssh-key-allows-theft-of-admin-credentials/

Excerpt: “Cisco has released security updates to address a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), allowing unauthenticated attackers to steal admin credentials remotely. Fraser Hess of Pinnacol Assurance found the flaw (tracked as CVE-2022-20773) in the key-based SSH authentication mechanism of Cisco Umbrella VA.”

Title: CVE-2022-20685 Flaw in the Modbus Preprocessor of the Snort Makes it Unusable
Date Published: April 21, 2022

https://securityaffairs.co/wordpress/130436/security/snort-bug-makes-it-unusable.html

Excerpt: “Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS)  which is currently developed by Cisco. The software performs real-time traffic analysis and packet logging on Internet Protocol (IP) networks, protocol analysis, content searching and matching. The project is also known for its use in attack detection.”

Title: Most Email Security Approaches Fail to Block Common Threats
Date Published: April 20, 2022

https://threatpost.com/email-security-fail-block-threats/179370/

Excerpt: “On overwhelming number of security teams believe their email security systems to be ineffective against the most serious inbound threats, including ransomware. That’s according to a survey of business customers using Microsoft 365 for email commissioned by Cyren and conducted by Osterman Research, which examined concerns with phishing, business email compromise (BEC), and ransomware threats, attacks that became costly incidents, and preparedness to deal with attacks and incidents.”

Title: Financial Leaders Grappling with More Aggressive and Sophisticated Attack Methods
Date Published: April 21, 2022

https://www.helpnetsecurity.com/2022/04/21/cybercriminal-cartels-financial-sector/
Excerpt: “VMware released a report which takes the pulse of the financial industry’s top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift of the financial sector. The report found that financial institutions are facing increased destructive attacks and falling victim to ransomware more than in years’ past, as sophisticated cybercrime cartels evolve beyond wire transfer fraud to now target market strategies, take over brokerage accounts and island hop into banks.”

Title: Killer Robots in the Air: Slouching Toward Full Autonomy
Date Published: April 21, 2022

https://www.bankinfosecurity.com/killer-robots-in-air-slouching-toward-full-autonomy-a-18929

Excerpt: “Fresh warnings are being sounded about the threat posed by fully autonomous killing machines both on and above the battlefield, especially because such devices cannot be made hack-proof. Last month, as yet unconfirmed reports emerged that Russia was using a new unmanned aerial vehicle system called KUB-BLA, or “Cube,” to attack targets in Ukraine. The catapult-launched drone, also known as KYB-UAV, is built by Russian manufacturer Zala Aero, which is a subsidiary of defense contractor Kalashnikov Group.”

Title: Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails
Date Published: April 21, 2022

https://thehackernews.com/2022/04/unpatched-bug-in-rainloop-webmail-could.html

Excerpt: “An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims’ inboxes. “The code vulnerability […] can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client,” SonarSource security researcher Simon Scannell said in a report published this week.”

Title: Concerns Raised for DeFi Platforms After Attack causes Beanstalk to lose $182 Million
Date Published: April  20, 2022

https://www.scmagazine.com/analysis/application-security/concerns-raised-for-defi-platforms-after-attack-causes-beanstalk-to-lose-182-million

Excerpt: “Just as Jack climbed the beanstalk in the popular fairy tale, so too have bad actors achieved access to the decentralized (DeFi) credit platform known as Beanstalk, according to reports earlier this week. The attack reportedly caused Beanstalk to lose $182 million — but the reverberations of this hit on a DeFi system have pointed to concerns which could affect the whole market.”

Title: FBI: BlackCat Ransomware Breached at Least 60 Entities Worldwide
Date Published: April 21, 2022

https://www.bleepingcomputer.com/news/security/fbi-blackcat-ransomware-breached-at-least-60-entities-worldwide/

Excerpt: “The Federal Bureau of Investigation (FBI) says the Black Cat ransomware gang, also known as ALPHV, has breached the networks of at least 60 organizations worldwide between November 2021 and March 2022. The FBI’s Cyber Division revealed this in a TLP:WHITE flash alert released on Wednesday in coordination with the Cybersecurity and Infrastructure Security Agency (DHS/CISA).”

Title: US, Australia, Canada, New Zealand, and the UK Warn of Russia-Linked Threat Actors’ Attacks
Date Published: April 21, 2022

https://securityaffairs.co/wordpress/130430/cyber-warfare-2/russia-threat-actors-cyber-attacks.html

Excerpt: “Cybersecurity agencies of the Five Eyes intelligence alliance (United States, Australia, Canada, New Zealand, and the United Kingdom) issued a joint advisory warning of cyber attacks on critical infrastructure conducted by Russia-linked threat actors and criminal cyber threats. The alert warns organizations that Russia’s invasion of Ukraine could lead to spillover effect across Europe. Intelligence agencies state that the Russia-linked APT groups are exploring options for potential cyberattacks.”

Title: Critical Chipset Bugs Open Millions of Android Devices to Remote Spying
Date Published: April 21, 2022

https://thehackernews.com/2022/04/critical-chipset-bug-opens-millions-of.html

Excerpt: “Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices. According to Israeli cybersecurity company Check Point, the issues could be used as a launchpad to carry out remote code execution (RCE) attacks simply by sending a specially crafted audio file.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...