April 22, 2022

Fortify Security Team
Apr 22, 2022

Title: Docker Servers Hacked in Ongoing Cryptomining Malware Campaign
Date Published: April 21, 2022


Excerpt: “Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon_Duck botnet. Cryptomining gangs are a constant threat to poorly secured or misconfigured Docker systems, with multiple mass-exploitation campaigns reported in recent years.”

Title: QNAP Firmware Updates Fix Apache HTTP Vulnerabilities in its NAS
Date Published: April 22, 2022


Excerpt: “Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943, addressed in the Apache HTTP server in March. “While CVE-2022-22719 and CVE-2022-22720 do not affect QNAP products, CVE-2022-22721 affects 32-bit QNAP NAS models, and CVE-2022-23943 affects users who have enabled mod_sed in Apache HTTP Server on their QNAP device.” reads the advisory published by the vendor. The flaws are a possible buffer overflow in LimitXMLRequestBody and an out-of-bounds write vulnerability in mod_sed of Apache HTTP. Both vulnerabilities received a CVSS severity score of 9.8 and affect Apache HTTP Server versions 2.4.52 and earlier. Apache foundation addressed the issue in March 2022 with the release of version 2.4.53.”

Title: Issue in Digital COVID-19 Test Could Have Allowed Individuals to Falsify Results
Date Published: April 22, 2022


Excerpt: “WithSecure and Cue Health have worked together to address a security issue that WithSecure discovered in Cue’s COVID-19 test, which delivers the results of a nasal swab test via bluetooth to a mobile device. The issue could have allowed a subset of users to change results within the platform’s Health App.”

Title: Leaks Fail to Dent Conti’s Successful Ransomware Operation
Date Published: April 21, 2022


Excerpt: “Despite the recent leak of internal communications and code from the Conti ransomware group, the criminal enterprise appears to have continued operations without breaking stride, in part thanks to constant innovation, security researchers report. On Feb. 27, a Ukrainian security researcher using the Twitter handle @ContiLeaks began leaking Jabber chat logs and source code generated by the Conti ransomware operation’s roughly 100-strong team.”

Title: Researcher Releases PoC for Recent Java Cryptographic Vulnerability
Date Published: April 22, 2022


Excerpt: “A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition -”

Title: Dr. Hacker: With ‘no carrot,’ Healthcare can’t Overcome Cybersecurity Failures
Date Published: April 21, 2022


Excerpt: “Healthcare’s systemic cybersecurity challenges won’t improve without congressional action as there is simply “no carrot,” or incentive, to do so. And small, rural and low-resourced providers can’t afford to make necessary improvements without it, said Christian Dameff, MD, an emergency room physician at the University of California San Diego.”

Title: Hackers Earn $400K for Zero-Day ICS Exploits Demoed at Pwn2Own
Date Published: April  21, 2022


Excerpt: “Pwn2Own Miami 2022 has ended with competitors earning $400,000 for 26 zero-day exploits (and several bug collisions) targeting ICS and SCADA products demoed during the contest between April 19 and April 21. Security researchers targeted multiple production categories: Control Server, OPC Unified Architecture (OPC UA) Server, Data Gateway, and Human Machine Interface (HMI).”

Title: Lemon_Duck Cryptomining Botnet Targets Docker Servers
Date Published: April 22, 2022


Excerpt: “Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. The Lemon_Duck cryptomining malware was first spotted in June 2019 by researchers from Trend Micro while targeting enterprise networks. At the time of its first discovery, the bot was gaining access to the MS SQL service via brute-force attacks and leveraging the EternalBlue exploit. Later operators added to the Lemon_Duck miner a port scanning module that searches for Internet-connected Linux systems listening on the 22 TCP port used for SSH Remote Login, then launches SSH brute force attacks.”

Title: Backup is Key for Cyber Recovery
Date Published: April 22, 2022


Excerpt: “Granular and air-gapped backup are critical to data recovery, when, not if, a business falls victim to ransomware. Those are among the key takeaways from an Enterprise Strategy Group (ESG) study that surveyed information technology (IT) and cybersecurity professionals working within organizations across North America and Western Europe.”

Title: Windows 10 KB5012636 Cumulative Update Fixes Freezing Issues
Date Published: April 22, 2022


Excerpt: “Microsoft has released the optional KB5012636 cumulative update preview for Windows 10 1809 and Windows Server 2019, with fixes for system freezing issues affecting client and server systems. This update is part of Microsoft’s scheduled April 2022 monthly “C” updates, and it allows Windows 10 users to test the fixes released on May 10th as part of next month’s Patch Tuesday.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...