Blacksite's Intelligence Report - Week of March 28th, 2022

 The Blacksite Weekly Intelligence Report

Google Issues Update to Patch Exploited Vulnerability

Google shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild. The zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. Google Chrome users are highly recommended to update to the latest version 99.0.4844.84 for Windows, Mac, and Linux. Users of Chromium-based browsers such as Microsoft Edge, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

More information: https://crbug.com/1309225


North Korean Hacker’s Exploit Chromium Vulnerability

Google says it acted to mitigate threats from two North Korean government-backed attackers. The attacks targeted U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries. The earliest evidence we have of this exploit kit being actively deployed is January 4, 2022, researchers say. The exploit kit is fashioned as a multi-stage infection chain that involves embedding the attack code within hidden internet frames on both compromised websites as well as rogue websites under their control. Google TAG, which discovered the intrusions on February 10, noted that it was "unable to recover any of the stages that followed the initial RCE,". The threat actors made use of several safeguards, including the use of AES encryption, designed explicitly to obscure their tracks and hinder the recovery of intermediate stages.

More information: https://blog.google/threat-analysis-group/countering-threats-north-korea/


Western Digital Addresses Critical Bug in My Cloud NAS

Western Digital has fixed a critical severity vulnerability that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices. The bug is an out-of-bounds heap read/write (tracked as CVE-2021-44142) in the Samba vfs_fruit VFS module. Western Digital also fixed one more critical vulnerability in the open-source Netatalk Apple File Protocol fileserver used to access network shares and perform Time Machine backups.

More information: https://www.westerndigital.com/support/product-security/wdc-22006-my-cloud-os5-firmware-5-21-104


Sophos Fixes Critical Vulnerability in Firewall Product

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE). The vulnerability exists in the User Portal and Webadmin areas of the product. The vulnerability was responsibly reported to Sophos by an external security researcher via the company's bug bounty program. To address the flaw, Sophos released hotfixes that should reach most instances automatically. Some older versions and end-of-life products may need to be updated manually.

More information: https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce


Kaspersky and Chinese Telecom are Added to National Security Threat List by FCC

The U.S. Federal Communications Commission added Kaspersky Lab to the "covered list" of companies that pose an "unacceptable risk to the national security". The development marks the first time a Russian entity has been added to the list that's been otherwise dominated by Chinese telecommunications firms. Kaspersky in response, said it was disappointed with the FCC's decision and that it's "being made on political grounds" without any technical assessment of its products. The company said it "finds this unilateral action an unacceptable behavior".

More information: https://www.fcc.gov/document/fcc-expands-list-equipment-and-services-pose-security-threat


FBI Reported 649 Organizations in Critical Infrastructure Sectors Affected by Ransomware

The FBI stated in its 2021 Internet Crime Report that ransomware gangs breached networks of at least 649 organizations from multiple US critical infrastructure sectors last year. The actual number is most likely bigger given that the FBI only started tracking reported ransomware incidents connected to critical infrastructure sector organizations in June 2021. The FBI did not include attacks in its statistics such as if the victims did not file a complaint with the FBI's Internet Crime Complaint Center (IC3). The top three gangs that breached critical infrastructure orgs networks, based on the number of attacks, were CONTI (with 87 victims), LockBit (58), and REvil/Sodinokibi (51).

More information: https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf

 Cyber Risk Management Doesn’t Have To Be Difficult …

 
How Blacksite ZTNA Can Help Protect Your Business Against Cyber Threats

The first step in protecting your company against cyber threats is to make sure you have a solid cybersecurity plan. A cybersecurity plan helps you make sure that your company has the proper safeguards in place to protect your business. Expert security company Blacksite can help you with all your cybersecurity needs. At Blacksite we can help your company develop a cybersecurity plan that is tailored to your business needs. Blacksite implements the latest ZTNA technology to keep your business apps, data, and services safe from prying eyes and potential cybersecurity threats that you might experience in the future. Blacksite specializes in providing cybersecurity solutions in data protection, risk management, encryption, cyber security strategy, and cyber security education at an affordable price to accommodate your business whether it’s a small family owned to that of the size of a fortune 500.

For more information, please contact us and we’ll be glad to assist you.

Become invisible, become secure.