June 28, 2022

Fortify Security Team
Jun 28, 2022

Title: Over 900,000 Kubernetes Instances Found Exposed Online

Date Published: June 28, 2022

https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/

Excerpt: “Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. Kubernetes is a highly versatile open-source container orchestration system for hosting online services and managing containerized workloads via a uniform API interface. It enjoys massive adoption and growth rates thanks to its scalability, flexibility in multi-cloud environments, portability, cost, app development, and system deployment time reductions.”

Title: Bank of the West Found Debit Card-Stealing Skimmers on ATMs

Date Published: June 27, 2022

https://www.bleepingcomputer.com/news/security/bank-of-the-west-found-debit-card-stealing-skimmers-on-atms/

Excerpt: “The Bank of the West is warning customers that their debit card numbers and PINs have been stolen by skimmers installed on several of the bank’s ATMs. The financial institute, which operates over 600 branches in the United States, first detected a wave of suspicious withdrawal attempts in November 2021 and coordinated with law enforcement to conduct an in-depth investigation. A review of the bank’s entire ATM network was completed on April 18, 2022, revealing that someone had installed skimmers on an undisclosed number of cash-withdrawal terminals.”
Title: Android Malware ‘Revive’ Impersonates BBVA Bank’s 2FA App

Date Published: June 27, 2022

https://www.bleepingcomputer.com/news/security/android-malware-revive-impersonates-bbva-bank-s-2fa-app/

Excerpt: “A new Android banking malware named Revive has been discovered that impersonates a 2FA application required to log into BBVA bank accounts in Spain. The new banking trojan follows a more focused approach targeting the BBVA bank instead of attempting to compromise customers of multiple financial institutes. While Revive is in an early development phase, it’s already capable of advanced functions like intercepting two-factor authentication (2FA) codes and one-time passwords.”

Title: Microsoft Will Fix Windows RRAS, VPN Issues for all Users in July

Date Published: June 27, 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-will-fix-windows-rras-vpn-issues-for-all-users-in-july/

Excerpt: “Microsoft has finally confirmed Internet connectivity issues affecting servers with Routing and Remote Access Service (RRAS) enabled after installing Windows updates released as part of this month’s Patch Tuesday. RRAS is a Windows service that offers additional routing and TCP connectivity features (e.g., remote access or site-to-site connectivity) with the help of virtual private networks (VPN) or dial-up connections. Besides RRAS servers having issues when routing traffic, Redmond says that client devices might also experience problems after connecting to the affected servers, with the servers also likely losing their Internet connection in the process.”

Title: Vice Society Claims Ransomware Attack on Med. University of Innsbruck

Date Published: June 27, 2022

https://www.bleepingcomputer.com/news/security/vice-society-claims-ransomware-attack-on-med-university-of-innsbruck/

Excerpt: “The Vice Society ransomware gang has claimed responsibility for last week’s cyberattack against the Medical University of Innsbruck, which caused severe IT service disruption and the alleged theft of data. The research university has 3,400 students and 2,200 employees and offers extensive medical care services, including surgeries. The Austrian university disclosed an IT outage on June 20, 2022, restricting access to online servers and computer systems.”

Title: Microsoft Exchange Bug Abused to Hack Building Automation Systems

Date Published: June  27, 2022

https://www.bleepingcomputer.com/news/security/microsoft-exchange-bug-abused-to-hack-building-automation-systems/

Excerpt: “A Chinese-speaking threat actor has hacked into the building automation systems (used to control HVAC, fire, and security functions) of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks. The APT group, whose activity was spotted by Kaspersky ICS CERT researchers, focused on devices unpatched against CVE-2021-26855, one of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon. The threat actors had a considerable number of potential victims to target, seeing that the Dutch Institute for Vulnerability Disclosure (DIVD) found 46,000 servers unpatched against the ProxyLogon flaws one week after Microsoft patched them.”

Title: LockBit 3.0 Introduces the First Ransomware Bug Bounty Program

Date Published: June  27, 2022

https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/

Excerpt: “The LockBit ransomware operation has released ‘LockBit 3.0,’ introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options. The ransomware operation launched in 2019 and has since grown to be the most prolific ransomware operation, accounting for 40% of all known ransomware attacks in May 2022. Over the weekend, the cybercrime gang released a revamped ransomware-as-a-service (RaaS) operation called LockBit 3.0 after beta testing for the past two months, with the new version already used in attacks.”

Title: Properly Securing APIs is Becoming Increasingly Urgent

Date Published: June 28, 2022

https://www.helpnetsecurity.com/2022/06/28/properly-securing-apis/

Excerpt: “Imperva released a new study that uncovers the rising global costs of vulnerable or insecure APIs. The analysis of nearly 117,000 unique cybersecurity incidents estimates that API insecurity results in $41-$75 billion of losses annually. The study, conducted by the Marsh McLennan Cyber Risk Analytics Center, found that larger organizations were statistically more likely to have a higher percentage of API-related incidents. In fact, enterprises with revenues of at least $100 billion were 3-4x more likely to experience API insecurity than small or midsize businesses. The data suggests that large companies are particularly vulnerable to the security risks associated with exposed or unprotected APIs as these mature organizations accelerate digital transformation. An API is the invisible connective tissue that enables applications to share data to improve end-user experiences and outcomes. The volume of APIs used by businesses is growing rapidly; nearly half of all businesses have between 50-500 deployed, either internally or publicly, while some have over a thousand active APIs.”

Title: Latest OpenSSL Version is Affected by a Remote Memory Corruption Flaw

Date Published: June 28, 2022

https://securityaffairs.co/wordpress/132697/security/openssl-remote-memory-corruption-flaw.html

Excerpt: “Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. The library was released on June 21, 2022, and affects x64 systems with the AVX-512 instruction set. “OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to remote memory corruption which can be triggered trivially by an attacker. BoringSSL, LibreSSL and the OpenSSL 1.1.1 branch are not affected. Furthermore, only x64 systems with AVX512 support are affected. The bug is fixed in the repository but a new release is still pending.” reads the post published by Vranken. The issue can be easily exploited by threat actors and it will be addressed with the next release.”

Title: Two Critical Flaws Affect CODESYS ICS Automation Software

Date Published: June 28, 2022

https://securityaffairs.co/wordpress/132685/security/codesys-ics-automation-software-flaws.html

Excerpt: “CODESYS has released security patches to fix eleven 11 vulnerabilities in its ICS Automation Software. CoDeSys is a development environment for programming controller applications according to the international industrial standard IEC 61131-3. The main product of the software suite is the CODESYS Development System, an IEC 61131-3 tool. An attacker could exploit the flaw to trigger a denial-of-service (DoS) condition, disclose information, execute arbitrary code, and conduct other malicious activities. Two of these vulnerabilities, tracked as CVE-2022-31805 and CVE-2022-31806, have been rated critical (CVSS scores: 9.8), 7 as high risk, and 2 as medium risk.”

Recent Posts

July 27, 2022

Title: Phishing Attacks Skyrocket With Microsoft and Facebook as Most Abused Brands Date Published: July 26, 2022 https://threatpost.com/popular-bait-in-phishing-attacks/180281/ Excerpt: “The bloom is back on phishing attacks with criminals doubling down on fake...

July 26, 2022

Title: Nist Updates Healthcare Security Guidance Date Published: July 25, 2022 https://www.infosecurity-magazine.com/news/nist-healthcare-guidance/ Excerpt: “The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for...

July 25, 2022

Title: Lockbit Ransomware Gang Claims to Have Breached the Italian Revenue Agency Date Published: July 25, 2022 https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html Excerpt: “The ransomware gang Lockbit claims to have...

July 22, 2022

Title: Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’ Date Published: July 21, 2022 https://threatpost.com/hackers-cyber-mercenaries/180263/ Excerpt: “A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and...

July 21, 2022

Title: Windows 11 Now Blocks Rdp Brute-Force Attacks by Default Date Published: July 21, 2022 https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/ Excerpt: “Recent Windows 11 builds come with the Account Lockout...

July 20, 2022

Title: New Luna Ransomware Encrypts Windows, Linux, and Esxi Systems Date Published: July 20, 2022 https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/ Excerpt: “A new ransomware family dubbed Luna can be used to...

July 18, 2022

Title: A Massive Cyberattack Hit Albania Date Published: July 18, 2022 https://securityaffairs.co/wordpress/133363/cyber-warfare-2/albania-cyber-attack.html Excerpt: “Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A...