New Ransomware Strain Exploiting Fortinet VPN Flaw Shut Down Two Factories in Europe

Cisco issues security updates including one for severe RCE flaw, India vows to combat Chinese cyberattacks, Microsoft product flaws garner over $400,000 in first day of Pwn2Own, more

Check out my latest CSO column, which focuses on the less-than-positive reactions by infosec professionals to the leaked details of the Biden administration’s upcoming cybersecurity executive order.

Researchers at Kaspersky Lab say a new human-operated ransomware strain known as Cring (also known as Crypt3r, Vjiszy1lo, Ghost, Phantom) exploits a Fortinet VPN flaw to breach and encrypt industrial sector companies' networks. The ransomware operators shut down two production facilities belonging to a multinational firm headquartered in Germany that has factories in Italy.

The attackers exploit internet-exposed Fortigate SSL VPN servers unpatched against the CVE-2018-13379 vulnerability, which allows them to breach their targets' network and move laterally, stealing Windows user credentials to gain control of the domain administrator account and facilitating the delivery of ransomware.

Fortinet urges customers to implement upgrades and mitigations for the vulnerability immediately, flagged earlier this week in a warning issued by the FBI and CISA. (Sean Lyngaas / Cyberscoop)

Related: Dark ReadingExploit One, Bleeping ComputerSecurity Affairs, Kaspersky ICS Cert, Security News | Tech TimesArs Technica

Cisco released three security updates, including one that addresses a critical pre-authentication remote code execution (RCE) vulnerability affecting SD-WAN vManage Software's remote management component.

The RCE vulnerability, CVE-2021-1479, which received a severity score of 9.8/10, allows unauthenticated, remote attackers to trigger a buffer overflow on vulnerable devices in low complexity attacks that don't require user interaction. (Sergiu Gatlan / Bleeping Computer)

Related: Cisco

During the first day of the hacking contest Pwn2Own 2021, contestants won $440,000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft's Windows 10 OS, the Exchange mail server, and the Teams communication platform.

Two teams tackled Microsoft products, snagging $200,000 and 20 Master of Pwn points each. (Sergiu Gatlan / Bleeping Computer)

Related: Reddit - cybersecurityTechDator, Dark Reading

Researchers at Cisco Talos say that during the past year, threat actors have increasingly used apps like Discord and Slack to trick users into opening malicious attachments and deploy various RATs and stealers, including Agent Tesla, AsyncRAT, Formbook, and others.

Slack, Discord, and other collaboration app platforms use content delivery networks (CDNs), making them more likely to be used as vectors for delivering malicious payloads. (Becky Bracken / Threatpost)

Related: SC Magazine, Cisco Talos

Underscoring the importance of encrypted communications to law enforcement, U.S. Customs and Border Protection (CBP), part of the Department of Homeland Security, recently paid encrypted messaging platform Wickr over $700,000.

One concern is over the public access to any encrypted messages sent by CBP over Wickr. Government agencies have to produce records as part of an internal or external investigation or a Freedom of Information Act (FOIA) request. This obligation could be complicated by the potentially inaccessible nature of the encrypted messages. (Joseph Cox / Motherboard)

India’s Chief of Defense Staff (CDS), General Bipin Rawat, said China could disrupt systems by launching cyberattacks on India. Still, a mechanism is being readied to combat these attacks.

“We may not be able to fully catch up with China. So we are trying to develop some kind of relationship with western nations and see how better we can get some support from them, during peacetime at least, which will help us to overcome this deficiency," Rawat said in a speech. (Abhishek Bhalla / India Today)

Related: Chinanews.netThe Register

During an interview with Sway’s Kara Swisher, Apple CEO Tim Cook said that one solution to combatting bad voting laws, such as those passed in Georgia, is to enable Americans to vote on iPhones. This contention received significant pushback from some voting officials and digital security experts.

Ohio Secretary of State Frank LaRose called the idea “preposterous” due to the technical innovations needed to conduct elections securely. (Ben Gilbert / Insider)

Related: AppleInsider

Dublin-based security orchestration and robotic process automation start-up Tines has raised a $26 million Series B funding round led by Addition.

Existing investors Accel and Blossom Capital participated in this round, which also includes strategic investments from CrowdStrike and Silicon Valley CISO Investments. (Frederic Lardinois / TechCrunch)

Related: Silicon RepublicEU-Startups

Photo by Privecstasy on Unsplash