June 17, 2022

Fortify Security Team
Jun 17, 2022

Title: QNAP ‘Thoroughly Investigating’ New DeadBolt Ransomware Attacks
Date Published: June 17, 2022


Excerpt: “Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware. The company is urging users to update their NAS devices to the latest firmware version and ensure they’re not exposed to remote access over the Internet.”

Title: Microsoft: June Windows Updates may Break Wi-Fi Hotspots
Date Published: June 17, 2022


Excerpt: “Microsoft is investigating a newly acknowledged issue causing connectivity issues when using Wi-Fi hotspots after deploying Windows updates released during the June 2022 Patch Tuesday. The Wi-Fi hotspot feature allows users to share their Wi-Fi, Ethernet, or cellular data Internet connection with other devices on their network. According to a new entry on the Windows release health dashboard, Windows devices where one of the June updates has been installed might be unable to use the Wi-Fi hotspot feature.”

Title: Sophos Firewall Zero-Day Bug Exploited Weeks Before Fix
Date Published: June 16, 2022


Excerpt: “Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. The security issue has been fixed in the meantime but various threat actors continue to exploit it to bypass authentication and run arbitrary code remotely on multiple organizations.”

Title: Anker Eufy Smart Home Hubs Exposed to RCE Attacks by Critical Flaw
Date Published: June 16, 2022


Excerpt: “Anker’s central smart home device hub, Eufy Homebase 2, was vulnerable to three vulnerabilities, one of which is a critical remote code execution (RCE) flaw. Homebase 2 is the video storage and networking gateway for all Anker’s Eufy smart home devices, including video doorbells, indoor security cameras, smart locks, alarm systems, and more. Homebase operates as a central station for Eufy devices, and it connects to the cloud to provide services that enhance the functionality of those products, give users remote control via an app, etc. Researchers at Cisco Talos have discovered that Homebase 2 is plagued by three potentially dangerous vulnerabilities that could result in privacy intrusion, service disruption, and code execution.”

Title: Criminal IP Analysis Report on Zero-Day Vulnerability in Atlassian Confluence
Date Published: June 17, 2022


Excerpt: “According to Volexity, a webshell was discovered in Atlassian Confluence server during an incident response investigation. Volexity determined that it was a zero-day vulnerability that could execute remote code even after the latest patch was completed and reported the issue to Atlassian. After receiving the issue report and identifying it as a zero-day, Atlassian issued a security advisory for the critical unauthenticated remote code execution.”

Title: Cyber Criminals Continue to Target and Exploit People
Date Published: June  17, 2022


Excerpt: “Proofpoint unveiled its annual Human Factor report, which provides a comprehensive examination of the three main facets of user risk — vulnerability, attacks, and privilege — and how threat actors continue their ceaseless creativity as they exploit the many opportunities presented by people. The report dives deep into user risk, drawing on data and insight from a year’s worth of research, covering threats detected, mitigated, and resolved across one of the largest datasets in cybersecurity.”

Title: Fraud Trends and Scam Tactics Consumers Should be Aware Of
Date Published: June  17, 2022


Excerpt: “If it seems like you’re receiving more spam than normal, you probably are. Seventy-four percent of consumers say they have received a scam text so far this year, while as many as 83% have received a scam phone call, according to Allstate Identity Protection’s (AIP) first quarter Identity Fraud in Focus report. Of those, nearly half report receiving 11 or more spam attempts via text or call every week. Although even successful scams sometimes fail to escalate to instances of full-blown identity theft – and therefore are not counted toward Allstate Identity Protection case counts – they are nonetheless burdensome and costly to victims.”

Title: BlackCat Ransomware Affiliates Target Unpatched Microsoft Exchange Servers
Date Published: June 16, 2022


Excerpt: “Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations worldwide. The compromise of Exchange servers allows threat actors to access the target networks, perform internal reconnaissance and lateral movement activities, and steal sensitive documents before encrypting them.”

Title: Experts Discovered a Feature in Microsoft 365 Suite that Could be Abused to Encrypt Files Stored on SharePoint and OneDrive and Target Cloud Infrastructure
Date Published: June 17, 2022


Excerpt: “Researchers from Proofpoint reported that a feature in the Microsoft 365 suite could be abused to encrypt files stored on SharePoint and OneDrive. The researchers detailed an attack chain that allows encrypting files in the compromised users’ accounts, unfortunately for the victims, these files can then only be retrieved by paying a ransom to receive the decryption keys.”

Title: Android Spyware ‘Hermit’ Discovered in Targeted Attacks
Date Published: June 16, 2022


Excerpt: “Researchers have discovered an enterprise-grade Android family of modular spyware dubbed Hermit conducting surveillance on citizens of Kazakhstan by their government. Lookout Threat Lab researchers – who spotted the spyware – surmise that the secretive Italian spyware vendor RCS Lab developed it and say Hermit was previously deployed by Italian authorities in a 2019 anti-corruption operation in Italy. The spyware also was found in northeastern Syria, home to the country’s Kurdish majority and a site of ongoing crises, including the Syrian civil war.”

Recent Posts

July 27, 2022

Title: Phishing Attacks Skyrocket With Microsoft and Facebook as Most Abused Brands Date Published: July 26, 2022 https://threatpost.com/popular-bait-in-phishing-attacks/180281/ Excerpt: “The bloom is back on phishing attacks with criminals doubling down on fake...

July 26, 2022

Title: Nist Updates Healthcare Security Guidance Date Published: July 25, 2022 https://www.infosecurity-magazine.com/news/nist-healthcare-guidance/ Excerpt: “The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for...

July 25, 2022

Title: Lockbit Ransomware Gang Claims to Have Breached the Italian Revenue Agency Date Published: July 25, 2022 https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html Excerpt: “The ransomware gang Lockbit claims to have...

July 22, 2022

Title: Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’ Date Published: July 21, 2022 https://threatpost.com/hackers-cyber-mercenaries/180263/ Excerpt: “A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and...

July 21, 2022

Title: Windows 11 Now Blocks Rdp Brute-Force Attacks by Default Date Published: July 21, 2022 https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/ Excerpt: “Recent Windows 11 builds come with the Account Lockout...

July 20, 2022

Title: New Luna Ransomware Encrypts Windows, Linux, and Esxi Systems Date Published: July 20, 2022 https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/ Excerpt: “A new ransomware family dubbed Luna can be used to...

July 18, 2022

Title: A Massive Cyberattack Hit Albania Date Published: July 18, 2022 https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html Excerpt: “Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A...