Latest News Articles



--- TLP:WHITE ---

− Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service

A new traffic direction system (TDS) called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns. "The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites,"

https://thehackernews.com/2022/04/over-16500-sites-hacked-to-distribute.html

− Sandworm hackers fail to take down Ukrainian energy provider

The Russian state-sponsored hacking group known as Sandworm tried on Friday to take down a large Ukrainian energy provider by disconnecting its electrical substations with a new variant of the Industroyer malware for industrial control systems (ICS) and a new version of the CaddyWiper data destruction malware.

https://www.bleepingcomputer.com/news/security/sandworm-hackers-fail-to-take-down-ukrainian-energy-provider/

− Conti Ransomware Gang Claims Cyberattack on Wind Turbine Giant Nordex

The Conti ransomware gang has claimed responsibility for a cyberattack that forced wind turbine giant Nordex to shut down internal systems on March 31. The incident, the company revealed in early April, was identified at an early stage, but resulted in multiple systems across Nordex’s branches being taken offline.

https://www.securityweek.com/conti-ransomware-gang-claims-cyberattack-wind-turbine-giant-nordex

− New Hacking Campaign Targeting Ukrainian Government with IcedID Malware

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information.

https://thehackernews.com/2022/04/new-hacking-campaign-targeting.html

− Conti’s Ransomware Toll on the Healthcare Industry

Conti -- one of the most ruthless and successful Russian ransomware groups -- publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under the name "Ryuk."

https://krebsonsecurity.com/2022/04/contis-ransomware-toll-on-the-healthcare-industry/

Vulnerabilities

− Microsoft April 2022 Patch Tuesday fixes 119 flaws, 2 zero-days

Today is Microsoft's April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws.

https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2022-patch-tuesday-fixes-119-flaws-2-zero-days/

− Industroyer2: Industroyer reloaded

ESET researchers discovered a new variant of Industroyer malware, which we together with CERT-UA named Industroyer2. In this case, the Sandworm attackers made an attempt to deploy the Industroyer2 malware against high-voltage electrical substations in Ukraine.

https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/

− Vulnerability in Cisco Wireless LAN Controller (

Cisco has disclosed a critical vulnerability in Cisco Wireless LAN controllers that exists in devices with a non-default configuration, that allows an unauthenticated, remote attacker to bypass authentication controls and log into the management interface.

https://www.ncsc.gov.ie/pdfs/Cisco_Wireless_LAN_Controller-CVE2022-20695.pdf

− ICS Patch Tuesday: Siemens, Schneider Fix Several Critical Vulnerabilities

Siemens and Schneider Electric have addressed more than two dozen vulnerabilities in their April 2022 Patch Tuesday security advisories, including flaws that have a “critical” severity rating.

https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-fix-several-critical-vulnerabilities

− Microsoft Patch Tuesday, April 2022 Edition

Microsoft on Tuesday released updates to fix roughly 120 security vulnerabilities in its Windows operating systems and other software. Two of the flaws have been publicly detailed prior to this week, and one is already seeing active exploitation, according to a report from the U.S. National Security Agency (NSA).

https://krebsonsecurity.com/2022/04/microsoft-patch-tuesday-april-2022-edition/

− https://www.ncsc.gov.ie/pdfs/MS-Patch-Tuesday-130422.pdf

The NCSC is highlighting some critical vulnerabilities which have been included in Microsoft’s monthly patch Tuesday release. The CVE’s highlighted in this alert include Remote Code Execution vulnerabilities where exploitation has been assessed as being “more likely” by Microsoft

https://www.ncsc.gov.ie/pdfs/MS-Patch-Tuesday-130422.pdf

− Russia-Linked Pipedream/Incontroller ICS Malware Designed to Target Energy Facilities

Schneider Electric says no evidence that Incontroller/Pipedream malware exploits vulnerabilities

https://www.securityweek.com/russia-linked-pipedreamincontroller-ics-malware-designed-target-energy-facilities

− US and allies warn of Russian hacking threat to critical infrastructure

Today, Five Eyes cybersecurity authorities warned critical infrastructure network defenders of an increased risk that Russia-backed hacking groups could target organizations within and outside Ukraine's borders.

https://www.cisa.gov/uscert/ncas/alerts/aa22-110a

Community News

− Detecting DNS Root Manipulation

In 2021, reports emerged that hosts in Mexico were unable to reach whatsapp.net. It was determined that middleboxes were to blame, intercepting the queries to the root instance hosted in China and sending a bogus reply. This article investigates the prevalence of middleboxes using RIPE Atlas probes.

https://labs.ripe.net/author/qasim-lone/detecting-dns-root-manipulation/

--- TLP:WHITE ---