/ Raspberry Robin gets the worm early

Red Canary is tracking a worm spread by external drives that leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL:

https://redcanary.com/blog/raspberry-robin/

Red Canary

Raspberry Robin gets the worm early

Raspberry Robin is a worm spread by external drives that leverages Windows Installer to download a malicious DLL.

/ Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations

Newst updated document frim NIST

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf

/ Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM...

Critical

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9

Cisco

Cisco Security Advisory: Cisco Enterprise NFV Infrastructure Software Vulnerabilities

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to…

/ CVE-2022-21449: Psychic Signatures in Java

It’s hard to overstate the severity of this bug. If you are using ECDSA signatures for any of these security mechanisms, then an attacker can trivially and completely bypass them if your server is running any Java 15, 16, 17, or 18..:

https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/

Neil Madden

CVE-2022-21449: Psychic Signatures in Java

The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, thi…

/ **Attackers linger on government agency computers before deploying Lockbit ransomware

https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/**

Sophos News

Attackers linger on government agency computers before deploying Lockbit ransomware

Threat actors spent more than five months remotely googling for tools from the target’s machines

/ Microsoft Exchange Servers are targetted by Hive ransomware

https://cloud7.news/security/microsoft-exchange-servers-are-targetted-by-hive-ransomware/amp/

Cloud7 News

Microsoft Exchange Servers are targetted by Hive ransomware

A security company, Varonis, has shared some details for the ongoing attacks targetting Microsoft Exchange Server instances through three different

/ Multiple Vulnerabilities in Schneider Electric APC Smart-UPS Could Allow for Remote Code Execution

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-schneider-electric-apc-smart-ups-could-allow-for-remote-code-execution_2022-035

CIS

Multiple Vulnerabilities in Schneider Electric APC Smart-UPS Could Allow for Remote Code Execution

<p>Multiple vulnerabilities have been discovered in Schneider Electric APC Smart-UPS that could allow for remote code execution. Schneider Electric APC Smart-UPS are devices that protect equipment and provide emergency backup power for mission-critical assets.…