April 22, 2022

Fortify Security Team
Apr 22, 2022

Title: Docker Servers Hacked in Ongoing Cryptomining Malware Campaign
Date Published: April 21, 2022

https://www.bleepingcomputer.com/news/security/docker-servers-hacked-in-ongoing-cryptomining-malware-campaign/

Excerpt: “Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon_Duck botnet. Cryptomining gangs are a constant threat to poorly secured or misconfigured Docker systems, with multiple mass-exploitation campaigns reported in recent years.”

Title: QNAP Firmware Updates Fix Apache HTTP Vulnerabilities in its NAS
Date Published: April 22, 2022

https://securityaffairs.co/wordpress/130481/hacking/qnap-nas-firmware-fix-apache-http-flaws.html

Excerpt: “Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943, addressed in the Apache HTTP server in March. “While CVE-2022-22719 and CVE-2022-22720 do not affect QNAP products, CVE-2022-22721 affects 32-bit QNAP NAS models, and CVE-2022-23943 affects users who have enabled mod_sed in Apache HTTP Server on their QNAP device.” reads the advisory published by the vendor. The flaws are a possible buffer overflow in LimitXMLRequestBody and an out-of-bounds write vulnerability in mod_sed of Apache HTTP. Both vulnerabilities received a CVSS severity score of 9.8 and affect Apache HTTP Server versions 2.4.52 and earlier. Apache foundation addressed the issue in March 2022 with the release of version 2.4.53.”

Title: Issue in Digital COVID-19 Test Could Have Allowed Individuals to Falsify Results
Date Published: April 22, 2022

https://www.helpnetsecurity.com/2022/04/22/swab-test-mobile-device/

Excerpt: “WithSecure and Cue Health have worked together to address a security issue that WithSecure discovered in Cue’s COVID-19 test, which delivers the results of a nasal swab test via bluetooth to a mobile device. The issue could have allowed a subset of users to change results within the platform’s Health App.”

Title: Leaks Fail to Dent Conti’s Successful Ransomware Operation
Date Published: April 21, 2022

https://www.bankinfosecurity.com/leaks-fail-to-dent-contis-successful-ransomware-operation-a-18938

Excerpt: “Despite the recent leak of internal communications and code from the Conti ransomware group, the criminal enterprise appears to have continued operations without breaking stride, in part thanks to constant innovation, security researchers report. On Feb. 27, a Ukrainian security researcher using the Twitter handle @ContiLeaks began leaking Jabber chat logs and source code generated by the Conti ransomware operation’s roughly 100-strong team.”

Title: Researcher Releases PoC for Recent Java Cryptographic Vulnerability
Date Published: April 22, 2022

https://thehackernews.com/2022/04/researcher-releases-poc-for-recent-java.html

Excerpt: “A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition -”

Title: Dr. Hacker: With ‘no carrot,’ Healthcare can’t Overcome Cybersecurity Failures
Date Published: April 21, 2022

https://www.scmagazine.com/analysis/device-security/dr-hacker-with-no-carrot-healthcare-cant-overcome-cybersecurity-failures

Excerpt: “Healthcare’s systemic cybersecurity challenges won’t improve without congressional action as there is simply “no carrot,” or incentive, to do so. And small, rural and low-resourced providers can’t afford to make necessary improvements without it, said Christian Dameff, MD, an emergency room physician at the University of California San Diego.”

Title: Hackers Earn $400K for Zero-Day ICS Exploits Demoed at Pwn2Own
Date Published: April  21, 2022

https://www.bleepingcomputer.com/news/security/hackers-earn-400k-for-zero-day-ics-exploits-demoed-at-pwn2own/

Excerpt: “Pwn2Own Miami 2022 has ended with competitors earning $400,000 for 26 zero-day exploits (and several bug collisions) targeting ICS and SCADA products demoed during the contest between April 19 and April 21. Security researchers targeted multiple production categories: Control Server, OPC Unified Architecture (OPC UA) Server, Data Gateway, and Human Machine Interface (HMI).”

Title: Lemon_Duck Cryptomining Botnet Targets Docker Servers
Date Published: April 22, 2022

https://securityaffairs.co/wordpress/130470/cyber-crime/lemon_duck-cryptomining-botnet-targets-docker.html

Excerpt: “Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. The Lemon_Duck cryptomining malware was first spotted in June 2019 by researchers from Trend Micro while targeting enterprise networks. At the time of its first discovery, the bot was gaining access to the MS SQL service via brute-force attacks and leveraging the EternalBlue exploit. Later operators added to the Lemon_Duck miner a port scanning module that searches for Internet-connected Linux systems listening on the 22 TCP port used for SSH Remote Login, then launches SSH brute force attacks.”

Title: Backup is Key for Cyber Recovery
Date Published: April 22, 2022

https://www.helpnetsecurity.com/2022/04/22/backup-data-recovery-ransomware/

Excerpt: “Granular and air-gapped backup are critical to data recovery, when, not if, a business falls victim to ransomware. Those are among the key takeaways from an Enterprise Strategy Group (ESG) study that surveyed information technology (IT) and cybersecurity professionals working within organizations across North America and Western Europe.”

Title: Windows 10 KB5012636 Cumulative Update Fixes Freezing Issues
Date Published: April 22, 2022

https://www.bleepingcomputer.com/news/security/windows-10-kb5012636-cumulative-update-fixes-freezing-issues/

Excerpt: “Microsoft has released the optional KB5012636 cumulative update preview for Windows 10 1809 and Windows Server 2019, with fixes for system freezing issues affecting client and server systems. This update is part of Microsoft’s scheduled April 2022 monthly “C” updates, and it allows Windows 10 users to test the fixes released on May 10th as part of next month’s Patch Tuesday.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...