Open source software host Fosshost shutting down, CEO unreachable
Fosshost project volunteers announced this development this past weekend after experiencing months of difficulties in trying to reach the company’s leadership. They recommend that users back up their data and migrate to alternative hosting platforms. As a UK-based non-profit, Fosshost had been providing services to several open source projects like GNOME, Armbian, Debian and Free Software Foundation Europe (FSFE) completely free of charge. But as of this week various fosshost.org links are returning 404 error messages as the service closes.
DHS Cyber Safety Review Board to review Lapsus$ attacks
The Department of Homeland Security Cyber Safety Review Board has announced its intention to review cyberattacks linked to Lapsus$, which has reportedly “employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and geographic areas.” The review seeks to develop actionable recommendations for how organizations can improve their resilience to these types of attacks. The final report will be transmitted to President Biden through Secretary of Homeland Security Alejandro N. Mayorkas and CISA Director Jen Easterly.
Rackspace rocked by ‘security incident’ that has taken out hosted Exchange services
Some of Rackspace’s hosted Microsoft Exchange services have been taken down by what the company has described as a “security incident.” The incident has been described by the company as “isolated to a portion of our Hosted Exchange platform,” and no estimated time to restoration had been announced.
Researchers accidentally crash botnet used to launch DDoS and cryptomining campaigns
According to Graham Cluley writing in Tripwire, “in November, security experts at Akamai described a Golang-based botnet that they had discovered, hijacking PCs via SSH and weak credentials in order to launch distributed denial-of-service (DDoS) attacks and mine cryptocurrency.” This botnet, named KmsdBot targeted Windows and Linux devices to access technology companies, gaming firms, and luxury car manufacturers. In a recent follow-up blog post, researcher Larry Cashdollar described how, “in an attempt to better understand its functionality they sent commands to the bot in a controlled environment, at which point the bot stopped sending commands.” Apparently, the person in charge of coding the bot “had not put sufficient effort into building an error-checking system that would properly validate commands being sent to it.”
(Tripwire)
Thanks to this week’s episode sponsor, PlexTrac
Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and collaboration platform.
Microsoft preview update makes Task Manager partially unreadable
According to Bleeping ComputerMicrosoft has announced that that parts of the Windows Task Manager might become “unreadable for some customers after installing this month’s KB5020044 preview update for Windows 11 22H2 systems.” Some user interface elements of the Task Manager are being shown using unexpected colors, making them unreadable, especially for users who have activate “Custom”, in the Personalization -> colors section of Settings.” Microsoft is currently working on a fix to address this known issue and says it will provide an update in an upcoming release.
Google Chrome emergency update fixes 9th zero-day of the year
Google has released an update for Chrome for Windows, Mac, and Linux users to address a single high-severity security flaw, which happens to be the ninth Chrome zero-day that has been both exploited in the wild and patched since the start of the year. The zero-day vulnerability (CVE-2022-4262) occurs becasue of a high-severity type confusion weakness in the Chrome V8 JavaScript engine. Type confusion security flaws generally lead to browser crashes after successful exploitation by reading or writing memory out of buffer bounds, but threat actors can also exploit them for arbitrary code execution. According to Google, the new version has started rolling out to users in the Stable Desktop channel, and it will reach the entire user base within a matter of days or weeks.
Encryption provider for Sony and Lexar leaked sensitive data for over a year
ENC Security, a software company based in The Netherlands, has been leaking critical business data since May 2021. ENC makes encryption software for Sony, Lexar, and Sandisk USB keys and other storage devices. The company touts “military-grade data protection” solutions through its popular DataVault encryption software. Unfortunately, ENC has been leaking its configuration and certificate files for more than a year, according to a research team at Cybernews. ENC has blamed the leak on a misconfiguration by a third-party supplier and fixed it immediately upon having been notified.
Last week in ransomware
Last week’s big news was the Republic of Colombia’s health system being severely disrupted by a ransomware attack on Keralty, one of the country’s largest healthcare providers, directly impacting medical attention to patients. The attack was conducted by the RansomHouse ransomware operation, which claims to have stolen 3TB of data during the attack. This week’s other news includes an uptick in attacks by the rebranded Trigona ransomware operation and reports of a new data wiper named CryWiper targeting local government agencies in Russia. The FBI disclosed that the Cuba ransomware earned $60 million from over 100 victims, Sandworm launching Monster ransomware attacks on Ukraine, Guilford College in North Carolina was affected, ransomware in loan assistance apps on Google and IoS app stores, and British water company South Staffordshire water losing customer payment data in an August attack launched by the Clop gang.