Fosshost goes dark, DHS reviews Lapsus$, Rackspace security incident
Open source software host Fosshost shutting down, CEO unreachable
Fosshost project volunteers announced this development this past weekend following months of difficulties in reaching the leadership including the CEO. Users are being urged to immediately back up their data and migrate to alternative hosting platforms. As a UK-based non-profit, Fosshost has been providing services to several high profile open source projects like GNOME, Armbian, Debian and Free Software Foundation Europe (FSFE) completely free of charge. But as of this week various fosshost.org links are returning 404 error messages as the service closes.
DHS Cyber Safety Review Board to review Lapsus$ attacks
The Department of Homeland Security Cyber Safety Review Board has announced that it will review cyberattacks linked to the extortion gang Lapsus$, a global extortion-focused hacker group that has reportedly employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and geographic areas.” The review aims at developing a set of actionable recommendations for how organizations can improve their resilience to these types of attacks. The final report will be transmitted to President Biden through Secretary of Homeland Security Alejandro N. Mayorkas and CISA Director Jen Easterly.?
Rackspace rocked by ‘security incident’ that has taken out hosted Exchange services
Some of Rackspace’s hosted Microsoft Exchange services have been taken down by what the company has described as a “security incident.” The incident has been described by the company as “isolated to a portion of our Hosted Exchange platform,” and no estimated time to restoration had been announced.
Researchers accidentally crash botnet used to launch DDoS and cryptomining campaigns
In November, security experts at Akamai described a Golang-based botnet that they had discovered, hijacking PCs via SSH and weak credentials in order to launch distributed denial-of-service (DDoS) attacks and mine cryptocurrency. The botnet, which the researchers called KmsdBot attacked both Windows and Linux devices, and was seen targeting technology companies, gaming firms, and luxury car manufacturers. In a recent follow-up blog post, researcher Larry Cashdollar described how, in an attempt to better understand its functionality they sent commands to the bot in a controlled environment, at which point the bot stopped sending commands. It transpired that whoever coded the bot had not put sufficient effort into building an error-checking system that would properly validate commands being sent to it.
(Tripwire)
Thanks to this week’s episode sponsor, PlexTrac
Microsoft preview update makes Task Manager partially unreadable
Microsoft says that parts of the Windows Task Manager might become unreadable for some customers after installing this month’s KB5020044 preview update for Windows 11 22H2 systems. On affected devices, users might see that some user interface elements of the Task Manager are being shown using unexpected colors, making them unreadable, especially for users who have activate “Custom”, in the Personalization -> colors section of Settings.” Microsoft is currently working on a fix to address this known issue and says it will provide an update in an upcoming release.
Google Chrome emergency update fixes 9th zero-day of the year
Google has released an update for Chrome for Windows, Mac, and Linux users to address a single high-severity security flaw, the ninth Chrome zero-day exploited in the wild and patched since the start of the year. The zero-day vulnerability (CVE-2022-4262) is due to a high-severity type confusion weakness in the Chrome V8 JavaScript engine. Type confusion security flaws generally lead to browser crashes after successful exploitation by reading or writing memory out of buffer bounds, but threat actors can also exploit them for arbitrary code execution. According to Google, the new version has started rolling out to users in the Stable Desktop channel, and it will reach the entire user base within a matter of days or weeks.
Encryption provider for Sony and Lexar leaked sensitive data for over a year
ENC Security, a software company based in The Netherlands, has been leaking critical business data since May 2021. ENC makes encryption software for Sony, Lexar, and Sandisk USB keys and other storage devices. The company touts “military-grade data protection” solutions through its popular DataVault encryption software. Unfortunately, ENC has been leaking its configuration and certificate files for more than a year, according to a research team at Cybernews. ENC has blamed the leak on a misconfiguration by a third-party supplier and fixed it immediately upon having been notified.
Last week in ransomware
Last week’s big news was the Republic of Colombia’s health system being severely disrupted by a ransomware attack on Keralty, one of the country’s largest healthcare providers, directly impacting medical attention to patients. The attack was conducted by the RansomHouse ransomware operation, which claims to have stolen 3TB of data during the attack. This week’s other news includes an uptick in attacks by the rebranded Trigona ransomware operation and reports of a new data wiper named CryWiper targeting local government agencies in Russia. The FBI disclosed that the Cuba ransomware earned $60 million from over 100 victims, Sandworm launching Monster ransomware attacks on Ukraine, Guilford College in North Carolina was affected, ransomware in loan assistance apps on Google and IoS app stores, and British water company South Staffordshire water losing customer payment data in an August attack launched by the Clop gang.