June 17, 2022

Fortify Security Team
Jun 17, 2022

Title: QNAP ‘Thoroughly Investigating’ New DeadBolt Ransomware Attacks
Date Published: June 17, 2022


Excerpt: “Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware. The company is urging users to update their NAS devices to the latest firmware version and ensure they’re not exposed to remote access over the Internet.”

Title: Microsoft: June Windows Updates may Break Wi-Fi Hotspots
Date Published: June 17, 2022


Excerpt: “Microsoft is investigating a newly acknowledged issue causing connectivity issues when using Wi-Fi hotspots after deploying Windows updates released during the June 2022 Patch Tuesday. The Wi-Fi hotspot feature allows users to share their Wi-Fi, Ethernet, or cellular data Internet connection with other devices on their network. According to a new entry on the Windows release health dashboard, Windows devices where one of the June updates has been installed might be unable to use the Wi-Fi hotspot feature.”

Title: Sophos Firewall Zero-Day Bug Exploited Weeks Before Fix
Date Published: June 16, 2022


Excerpt: “Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. The security issue has been fixed in the meantime but various threat actors continue to exploit it to bypass authentication and run arbitrary code remotely on multiple organizations.”

Title: Anker Eufy Smart Home Hubs Exposed to RCE Attacks by Critical Flaw
Date Published: June 16, 2022


Excerpt: “Anker’s central smart home device hub, Eufy Homebase 2, was vulnerable to three vulnerabilities, one of which is a critical remote code execution (RCE) flaw. Homebase 2 is the video storage and networking gateway for all Anker’s Eufy smart home devices, including video doorbells, indoor security cameras, smart locks, alarm systems, and more. Homebase operates as a central station for Eufy devices, and it connects to the cloud to provide services that enhance the functionality of those products, give users remote control via an app, etc. Researchers at Cisco Talos have discovered that Homebase 2 is plagued by three potentially dangerous vulnerabilities that could result in privacy intrusion, service disruption, and code execution.”

Title: Criminal IP Analysis Report on Zero-Day Vulnerability in Atlassian Confluence
Date Published: June 17, 2022


Excerpt: “According to Volexity, a webshell was discovered in Atlassian Confluence server during an incident response investigation. Volexity determined that it was a zero-day vulnerability that could execute remote code even after the latest patch was completed and reported the issue to Atlassian. After receiving the issue report and identifying it as a zero-day, Atlassian issued a security advisory for the critical unauthenticated remote code execution.”

Title: Cyber Criminals Continue to Target and Exploit People
Date Published: June  17, 2022


Excerpt: “Proofpoint unveiled its annual Human Factor report, which provides a comprehensive examination of the three main facets of user risk — vulnerability, attacks, and privilege — and how threat actors continue their ceaseless creativity as they exploit the many opportunities presented by people. The report dives deep into user risk, drawing on data and insight from a year’s worth of research, covering threats detected, mitigated, and resolved across one of the largest datasets in cybersecurity.”

Title: Fraud Trends and Scam Tactics Consumers Should be Aware Of
Date Published: June  17, 2022


Excerpt: “If it seems like you’re receiving more spam than normal, you probably are. Seventy-four percent of consumers say they have received a scam text so far this year, while as many as 83% have received a scam phone call, according to Allstate Identity Protection’s (AIP) first quarter Identity Fraud in Focus report. Of those, nearly half report receiving 11 or more spam attempts via text or call every week. Although even successful scams sometimes fail to escalate to instances of full-blown identity theft – and therefore are not counted toward Allstate Identity Protection case counts – they are nonetheless burdensome and costly to victims.”

Title: BlackCat Ransomware Affiliates Target Unpatched Microsoft Exchange Servers
Date Published: June 16, 2022


Excerpt: “Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations worldwide. The compromise of Exchange servers allows threat actors to access the target networks, perform internal reconnaissance and lateral movement activities, and steal sensitive documents before encrypting them.”

Title: Experts Discovered a Feature in Microsoft 365 Suite that Could be Abused to Encrypt Files Stored on SharePoint and OneDrive and Target Cloud Infrastructure
Date Published: June 17, 2022


Excerpt: “Researchers from Proofpoint reported that a feature in the Microsoft 365 suite could be abused to encrypt files stored on SharePoint and OneDrive. The researchers detailed an attack chain that allows encrypting files in the compromised users’ accounts, unfortunately for the victims, these files can then only be retrieved by paying a ransom to receive the decryption keys.”

Title: Android Spyware ‘Hermit’ Discovered in Targeted Attacks
Date Published: June 16, 2022


Excerpt: “Researchers have discovered an enterprise-grade Android family of modular spyware dubbed Hermit conducting surveillance on citizens of Kazakhstan by their government. Lookout Threat Lab researchers – who spotted the spyware – surmise that the secretive Italian spyware vendor RCS Lab developed it and say Hermit was previously deployed by Italian authorities in a 2019 anti-corruption operation in Italy. The spyware also was found in northeastern Syria, home to the country’s Kurdish majority and a site of ongoing crises, including the Syrian civil war.”

Recent Posts

November 29, 2022

Title: Malicious Android App Found Powering Account Creation Service Date Published: November 28, 2022 https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/ Excerpt: “A fake Android SMS application, with 100,000...

November 28, 2022

Title: Ransomboggs Ransomware Hit Several Ukrainian Entities, Experts Attribute It to Russia Date Published: November 28, 2022 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html Excerpt: “Several Ukrainian...

November 23, 2022

Title: Microsoft Releases Out-Of-Band Update to Fix Kerberos Auth Issues Caused by a Patch for Cve-2022-37966 Date Published: November 23, 2022 https://securityaffairs.co/wordpress/138869/security/out-of-band-fix-kerberos-issues.html Excerpt: “Microsoft released an...

November 22, 2022

Title: Aurora Infostealer Malware Increasingly Adopted by Cybergangs Date Published: November 21, 2022 https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/ Excerpt: “Cybercriminals are increasingly turning to a...

November 21, 2022

Title: New Ransomware Encrypts Files, Then Steals Your Discord Account Date Published: November 20, 2022 https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/ Excerpt: “The new 'AXLocker' ransomware family is...

November 18, 2022

Title: Phishing Kit Impersonates Well-Known Brands to Target Us Shoppers Date Published: November 17, 2022 https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/ Excerpt: “A sophisticated phishing kit has been...

November 17, 2022

Title: Iran-Linked Threat Actors Compromise US Federal Network Date Published: November 17, 2022 https://securityaffairs.co/wordpress/138639/apt/iran-compromises-us-federal-network.html Excerpt: “Iran-linked threat actors compromised a Federal Civilian Executive...