June 17, 2022

Fortify Security Team
Jun 17, 2022

Title: QNAP ‘Thoroughly Investigating’ New DeadBolt Ransomware Attacks
Date Published: June 17, 2022


Excerpt: “Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware. The company is urging users to update their NAS devices to the latest firmware version and ensure they’re not exposed to remote access over the Internet.”

Title: Microsoft: June Windows Updates may Break Wi-Fi Hotspots
Date Published: June 17, 2022


Excerpt: “Microsoft is investigating a newly acknowledged issue causing connectivity issues when using Wi-Fi hotspots after deploying Windows updates released during the June 2022 Patch Tuesday. The Wi-Fi hotspot feature allows users to share their Wi-Fi, Ethernet, or cellular data Internet connection with other devices on their network. According to a new entry on the Windows release health dashboard, Windows devices where one of the June updates has been installed might be unable to use the Wi-Fi hotspot feature.”

Title: Sophos Firewall Zero-Day Bug Exploited Weeks Before Fix
Date Published: June 16, 2022


Excerpt: “Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. The security issue has been fixed in the meantime but various threat actors continue to exploit it to bypass authentication and run arbitrary code remotely on multiple organizations.”

Title: Anker Eufy Smart Home Hubs Exposed to RCE Attacks by Critical Flaw
Date Published: June 16, 2022


Excerpt: “Anker’s central smart home device hub, Eufy Homebase 2, was vulnerable to three vulnerabilities, one of which is a critical remote code execution (RCE) flaw. Homebase 2 is the video storage and networking gateway for all Anker’s Eufy smart home devices, including video doorbells, indoor security cameras, smart locks, alarm systems, and more. Homebase operates as a central station for Eufy devices, and it connects to the cloud to provide services that enhance the functionality of those products, give users remote control via an app, etc. Researchers at Cisco Talos have discovered that Homebase 2 is plagued by three potentially dangerous vulnerabilities that could result in privacy intrusion, service disruption, and code execution.”

Title: Criminal IP Analysis Report on Zero-Day Vulnerability in Atlassian Confluence
Date Published: June 17, 2022


Excerpt: “According to Volexity, a webshell was discovered in Atlassian Confluence server during an incident response investigation. Volexity determined that it was a zero-day vulnerability that could execute remote code even after the latest patch was completed and reported the issue to Atlassian. After receiving the issue report and identifying it as a zero-day, Atlassian issued a security advisory for the critical unauthenticated remote code execution.”

Title: Cyber Criminals Continue to Target and Exploit People
Date Published: June  17, 2022


Excerpt: “Proofpoint unveiled its annual Human Factor report, which provides a comprehensive examination of the three main facets of user risk — vulnerability, attacks, and privilege — and how threat actors continue their ceaseless creativity as they exploit the many opportunities presented by people. The report dives deep into user risk, drawing on data and insight from a year’s worth of research, covering threats detected, mitigated, and resolved across one of the largest datasets in cybersecurity.”

Title: Fraud Trends and Scam Tactics Consumers Should be Aware Of
Date Published: June  17, 2022


Excerpt: “If it seems like you’re receiving more spam than normal, you probably are. Seventy-four percent of consumers say they have received a scam text so far this year, while as many as 83% have received a scam phone call, according to Allstate Identity Protection’s (AIP) first quarter Identity Fraud in Focus report. Of those, nearly half report receiving 11 or more spam attempts via text or call every week. Although even successful scams sometimes fail to escalate to instances of full-blown identity theft – and therefore are not counted toward Allstate Identity Protection case counts – they are nonetheless burdensome and costly to victims.”

Title: BlackCat Ransomware Affiliates Target Unpatched Microsoft Exchange Servers
Date Published: June 16, 2022


Excerpt: “Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations worldwide. The compromise of Exchange servers allows threat actors to access the target networks, perform internal reconnaissance and lateral movement activities, and steal sensitive documents before encrypting them.”

Title: Experts Discovered a Feature in Microsoft 365 Suite that Could be Abused to Encrypt Files Stored on SharePoint and OneDrive and Target Cloud Infrastructure
Date Published: June 17, 2022


Excerpt: “Researchers from Proofpoint reported that a feature in the Microsoft 365 suite could be abused to encrypt files stored on SharePoint and OneDrive. The researchers detailed an attack chain that allows encrypting files in the compromised users’ accounts, unfortunately for the victims, these files can then only be retrieved by paying a ransom to receive the decryption keys.”

Title: Android Spyware ‘Hermit’ Discovered in Targeted Attacks
Date Published: June 16, 2022


Excerpt: “Researchers have discovered an enterprise-grade Android family of modular spyware dubbed Hermit conducting surveillance on citizens of Kazakhstan by their government. Lookout Threat Lab researchers – who spotted the spyware – surmise that the secretive Italian spyware vendor RCS Lab developed it and say Hermit was previously deployed by Italian authorities in a 2019 anti-corruption operation in Italy. The spyware also was found in northeastern Syria, home to the country’s Kurdish majority and a site of ongoing crises, including the Syrian civil war.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...