Cyber Tips and News May24

Yes issuing cyber Tips and news:

Cisco vulnerability can cause some software to be compromised if not updated.  Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability (5/19/21)

Workarounds:  No workarounds available
CVSS Score:   Base 8.8

Vulnerable Products

This vulnerability affects Cisco Prime Infrastructure releases earlier than Release 3.9 and Cisco EPN Manager releases earlier than Release 5.1.

Next on list is some ransomware news:

ZDNet has a Ransomware story:    FBI identifies 16 Conti ransomware attacks striking US healthcare, first responders –  from the FBI Flash Advisory :

Summary:  The FBI identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 911 dispatch centers, and municipalities within the last year. These healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the U.S. Like most ransomware variants, Conti typically steals victims’ files and encrypts the servers and workstations in an effort to force a ransom payment from the victim. The ransom letter instructs victims to contact the actors through an online portal to complete the transaction. If the ransom is not paid, the stolen data is sold or published to a public site controlled by the Conti actors. Ransom amounts vary widely and we assess are tailored to the victim. Recent ransom demands have been as high as $25 million.

Technical Details: Conti actors gain unauthorized access to victim networks through weaponized malicious email links, attachments, or stolen Remote Desktop Protocol (RDP) credentials. Conti weaponizesWord documents with embedded Powershell scripts,initially stagingCobalt Strike via the Word documents and then dropping Emotet onto the network, giving the actor access to deploy ransomware.

Finally I want to remind you that KrebsonSecurity has had previous posts about the ransomware groups attacking the Colonial Pipeline:

“Our goal is to make money, and not creating problems for society,” the DarkSide criminals wrote last week. “From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

“DarkSide and other Russian-language affiliate moneymaking programs have long barred their criminal associates from installing malicious software on computers in a host of Eastern European countries, including Ukraine and Russia. This prohibition dates back to the earliest days of organized cybercrime, and it is intended to minimize scrutiny and interference from local authorities.”

And the following tip / trick :

Simply put, countless malware strains will check for the presence of one of these languages on the system, and if they’re detected the malware will exit and fail to install.

Russian – 419

Ukrainian – 422

Uzbek(Latin) – 443

Georgian – 437

Russian (Moldova) – 819

 

Thus one way to prevent the hackers from installing malware on your computer could be to install a Russian Language.

 

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.