April 22, 2022

Fortify Security Team
Apr 22, 2022

Title: Docker Servers Hacked in Ongoing Cryptomining Malware Campaign
Date Published: April 21, 2022


Excerpt: “Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon_Duck botnet. Cryptomining gangs are a constant threat to poorly secured or misconfigured Docker systems, with multiple mass-exploitation campaigns reported in recent years.”

Title: QNAP Firmware Updates Fix Apache HTTP Vulnerabilities in its NAS
Date Published: April 22, 2022


Excerpt: “Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943, addressed in the Apache HTTP server in March. “While CVE-2022-22719 and CVE-2022-22720 do not affect QNAP products, CVE-2022-22721 affects 32-bit QNAP NAS models, and CVE-2022-23943 affects users who have enabled mod_sed in Apache HTTP Server on their QNAP device.” reads the advisory published by the vendor. The flaws are a possible buffer overflow in LimitXMLRequestBody and an out-of-bounds write vulnerability in mod_sed of Apache HTTP. Both vulnerabilities received a CVSS severity score of 9.8 and affect Apache HTTP Server versions 2.4.52 and earlier. Apache foundation addressed the issue in March 2022 with the release of version 2.4.53.”

Title: Issue in Digital COVID-19 Test Could Have Allowed Individuals to Falsify Results
Date Published: April 22, 2022


Excerpt: “WithSecure and Cue Health have worked together to address a security issue that WithSecure discovered in Cue’s COVID-19 test, which delivers the results of a nasal swab test via bluetooth to a mobile device. The issue could have allowed a subset of users to change results within the platform’s Health App.”

Title: Leaks Fail to Dent Conti’s Successful Ransomware Operation
Date Published: April 21, 2022


Excerpt: “Despite the recent leak of internal communications and code from the Conti ransomware group, the criminal enterprise appears to have continued operations without breaking stride, in part thanks to constant innovation, security researchers report. On Feb. 27, a Ukrainian security researcher using the Twitter handle @ContiLeaks began leaking Jabber chat logs and source code generated by the Conti ransomware operation’s roughly 100-strong team.”

Title: Researcher Releases PoC for Recent Java Cryptographic Vulnerability
Date Published: April 22, 2022


Excerpt: “A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition -”

Title: Dr. Hacker: With ‘no carrot,’ Healthcare can’t Overcome Cybersecurity Failures
Date Published: April 21, 2022


Excerpt: “Healthcare’s systemic cybersecurity challenges won’t improve without congressional action as there is simply “no carrot,” or incentive, to do so. And small, rural and low-resourced providers can’t afford to make necessary improvements without it, said Christian Dameff, MD, an emergency room physician at the University of California San Diego.”

Title: Hackers Earn $400K for Zero-Day ICS Exploits Demoed at Pwn2Own
Date Published: April  21, 2022


Excerpt: “Pwn2Own Miami 2022 has ended with competitors earning $400,000 for 26 zero-day exploits (and several bug collisions) targeting ICS and SCADA products demoed during the contest between April 19 and April 21. Security researchers targeted multiple production categories: Control Server, OPC Unified Architecture (OPC UA) Server, Data Gateway, and Human Machine Interface (HMI).”

Title: Lemon_Duck Cryptomining Botnet Targets Docker Servers
Date Published: April 22, 2022


Excerpt: “Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. The Lemon_Duck cryptomining malware was first spotted in June 2019 by researchers from Trend Micro while targeting enterprise networks. At the time of its first discovery, the bot was gaining access to the MS SQL service via brute-force attacks and leveraging the EternalBlue exploit. Later operators added to the Lemon_Duck miner a port scanning module that searches for Internet-connected Linux systems listening on the 22 TCP port used for SSH Remote Login, then launches SSH brute force attacks.”

Title: Backup is Key for Cyber Recovery
Date Published: April 22, 2022


Excerpt: “Granular and air-gapped backup are critical to data recovery, when, not if, a business falls victim to ransomware. Those are among the key takeaways from an Enterprise Strategy Group (ESG) study that surveyed information technology (IT) and cybersecurity professionals working within organizations across North America and Western Europe.”

Title: Windows 10 KB5012636 Cumulative Update Fixes Freezing Issues
Date Published: April 22, 2022


Excerpt: “Microsoft has released the optional KB5012636 cumulative update preview for Windows 10 1809 and Windows Server 2019, with fixes for system freezing issues affecting client and server systems. This update is part of Microsoft’s scheduled April 2022 monthly “C” updates, and it allows Windows 10 users to test the fixes released on May 10th as part of next month’s Patch Tuesday.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...