Blacksite’s Intelligence Report – Week of March 28th, 2022
The Blacksite Weekly Intelligence Report
Google Issues Update to Patch Exploited Vulnerability
More information: https://crbug.com/1309225
North Korean Hacker’s Exploit Chromium Vulnerability
Google says it acted to mitigate threats from two North Korean government-backed attackers. The attacks targeted U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries. The earliest evidence we have of this exploit kit being actively deployed is January 4, 2022, researchers say. The exploit kit is fashioned as a multi-stage infection chain that involves embedding the attack code within hidden internet frames on both compromised websites as well as rogue websites under their control. Google TAG, which discovered the intrusions on February 10, noted that it was “unable to recover any of the stages that followed the initial RCE,”. The threat actors made use of several safeguards, including the use of AES encryption, designed explicitly to obscure their tracks and hinder the recovery of intermediate stages.
More information: https://blog.google/threat-analysis-group/countering-threats-north-korea/
Western Digital Addresses Critical Bug in My Cloud NAS
Western Digital has fixed a critical severity vulnerability that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices. The bug is an out-of-bounds heap read/write (tracked as CVE-2021-44142) in the Samba vfs_fruit VFS module. Western Digital also fixed one more critical vulnerability in the open-source Netatalk Apple File Protocol fileserver used to access network shares and perform Time Machine backups.
More information: https://www.westerndigital.com/support/product-security/wdc-22006-my-cloud-os5-firmware-5-21-104
Sophos Fixes Critical Vulnerability in Firewall Product
Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE). The vulnerability exists in the User Portal and Webadmin areas of the product. The vulnerability was responsibly reported to Sophos by an external security researcher via the company’s bug bounty program. To address the flaw, Sophos released hotfixes that should reach most instances automatically. Some older versions and end-of-life products may need to be updated manually.
More information: https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce
Kaspersky and Chinese Telecom are Added to National Security Threat List by FCC
The U.S. Federal Communications Commission added Kaspersky Lab to the “covered list” of companies that pose an “unacceptable risk to the national security”. The development marks the first time a Russian entity has been added to the list that’s been otherwise dominated by Chinese telecommunications firms. Kaspersky in response, said it was disappointed with the FCC’s decision and that it’s “being made on political grounds” without any technical assessment of its products. The company said it “finds this unilateral action an unacceptable behavior”.
More information: https://www.fcc.gov/document/fcc-expands-list-equipment-and-services-pose-security-threat
FBI Reported 649 Organizations in Critical Infrastructure Sectors Affected by Ransomware
The FBI stated in its 2021 Internet Crime Report that ransomware gangs breached networks of at least 649 organizations from multiple US critical infrastructure sectors last year. The actual number is most likely bigger given that the FBI only started tracking reported ransomware incidents connected to critical infrastructure sector organizations in June 2021. The FBI did not include attacks in its statistics such as if the victims did not file a complaint with the FBI’s Internet Crime Complaint Center (IC3). The top three gangs that breached critical infrastructure orgs networks, based on the number of attacks, were CONTI (with 87 victims), LockBit (58), and REvil/Sodinokibi (51).
More information: https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf
Cyber Risk Management Doesn’t Have To Be Difficult …
How Blacksite ZTNA Can Help Protect Your Business Against Cyber Threats
The first step in protecting your company against cyber threats is to make sure you have a solid cybersecurity plan. A cybersecurity plan helps you make sure that your company has the proper safeguards in place to protect your business. Expert security company Blacksite can help you with all your cybersecurity needs. At Blacksite we can help your company develop a cybersecurity plan that is tailored to your business needs. Blacksite implements the latest ZTNA technology to keep your business apps, data, and services safe from prying eyes and potential cybersecurity threats that you might experience in the future. Blacksite specializes in providing cybersecurity solutions in data protection, risk management, encryption, cyber security strategy, and cyber security education at an affordable price to accommodate your business whether it’s a small family owned to that of the size of a fortune 500.
For more information, please contact us and we’ll be glad to assist you.
Become invisible, become secure.