Cyber Security Headlines: Fosshost goes dark, DHS reviews Lapsus$, Rackspace security incident – CISO Series

Fosshost project volunteers announced this development this past weekend following months of difficulties in reaching the leadership including the CEO. Users are being urged to immediately back up their data and migrate to alternative hosting platforms. As a UK-based non-profit, Fosshost has been providing services to several high profile open source projects like GNOME, Armbian, Debian and Free Software Foundation Europe (FSFE) completely free of charge. But as of this week various links are returning 404 error messages as the service closes.
(Bleeping Computer)
The Department of Homeland Security Cyber Safety Review Board has announced that it will review cyberattacks linked to the extortion gang Lapsus$, a global extortion-focused hacker group that has reportedly employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and geographic areas.” The review aims at developing a set of actionable recommendations for how organizations can improve their resilience to these types of attacks. The final report will be transmitted to President Biden through Secretary of Homeland Security Alejandro N. Mayorkas and CISA Director Jen Easterly. 
(Security Affairs)
Some of Rackspace’s hosted Microsoft Exchange services have been taken down by what the company has described as a “security incident.” The incident has been described by the company as “isolated to a portion of our Hosted Exchange platform,” and no estimated time to restoration had been announced.
(The Register)
In November, security experts at Akamai described a Golang-based botnet that they had discovered, hijacking PCs via SSH and weak credentials in order to launch distributed denial-of-service (DDoS) attacks and mine cryptocurrency. The botnet, which the researchers called KmsdBot attacked both Windows and Linux devices, and was seen targeting technology companies, gaming firms, and luxury car manufacturers. In a recent follow-up blog post, researcher Larry Cashdollar described how, in an attempt to better understand its functionality they sent commands to the bot in a controlled environment, at which point the bot stopped sending commands. It transpired that whoever coded the bot had not put sufficient effort into building an error-checking system that would properly validate commands being sent to it.
Microsoft says that parts of the Windows Task Manager might become unreadable for some customers after installing this month’s KB5020044 preview update for Windows 11 22H2 systems. On affected devices, users might see that some user interface elements of the Task Manager are being shown using unexpected colors, making them unreadable, especially for users who have activate “Custom”, in the Personalization -> colors section of Settings.” Microsoft is currently working on a fix to address this known issue and says it will provide an update in an upcoming release.
(Bleeping Computer)
Google has released an update for Chrome for Windows, Mac, and Linux users to address a single high-severity security flaw, the ninth Chrome zero-day exploited in the wild and patched since the start of the year. The zero-day vulnerability (CVE-2022-4262) is due to a high-severity type confusion weakness in the Chrome V8 JavaScript engine. Type confusion security flaws generally lead to browser crashes after successful exploitation by reading or writing memory out of buffer bounds, but threat actors can also exploit them for arbitrary code execution. According to Google, the new version has started rolling out to users in the Stable Desktop channel, and it will reach the entire user base within a matter of days or weeks.
(Bleeping Computer)
ENC Security, a software company based in The Netherlands, has been leaking critical business data since May 2021. ENC makes encryption software for Sony, Lexar, and Sandisk USB keys and other storage devices. The company touts “military-grade data protection” solutions through its popular DataVault encryption software. Unfortunately, ENC has been leaking its configuration and certificate files for more than a year, according to a research team at Cybernews. ENC has blamed the leak on a misconfiguration by a third-party supplier and fixed it immediately upon having been notified.
(Security Affairs)
Last week’s big news was the Republic of Colombia’s health system being severely disrupted by a ransomware attack on Keralty, one of the country’s largest healthcare providers, directly impacting medical attention to patients. The attack was conducted by the RansomHouse ransomware operation, which claims to have stolen 3TB of data during the attack. This week’s other news includes an uptick in attacks by the rebranded Trigona ransomware operation and reports of a new data wiper named CryWiper targeting local government agencies in Russia. The FBI disclosed that the Cuba ransomware earned $60 million from over 100 victims, Sandworm launching Monster ransomware attacks on Ukraine, Guilford College in North Carolina was affected, ransomware in loan assistance apps on Google and IoS app stores, and British water company South Staffordshire water losing customer payment data in an August attack launched by the Clop gang.
(Bleeping Computer and Cyber Security Headlines)
Acting as a media network for cyber information and exchange, CISO Series is just a member of this fantastic community that unfortunately has some conflicts. We’re just putting ourselves at the center of the conversation, acting as couples counseling for security vendors and practitioners.

CISO Series: Delivering the most fun you’ll have in cybersecurity.
Contact us: [email protected]
© 2021 CISO Series



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page