November 12, 2021

Fortify Security Team
Nov 12, 2021

Title: Threat Actors Add Johnson Memorial Health to Dark Web Leak Site
Date Published: November 12, 2021

Excerpt: “Johnson Memorial Health continues to work with our cybersecurity partners and the FBI to investigate a cyberattack that occurred on October 2. As a result of this attack, the computer network at JMH has been disabled. We are working as quickly as possible to restore normal computer operations. However, these types of attacks take time to fully resolve and it may be several days before the JMH computer system is fully operational.”

Title: Manitoba Sued Over Privacy Breach Involving 9,000 Children
Date Published: November 11, 2021

Excerpt: “An email notice was delivered to potential claimants this week notifying them about the class action. Court records show a judge certified the lawsuit as a class action early last summer. In August 2020, Children’s Disability Services staff accidentally sent an email intended for the Manitoba children’s advocate to about 100 agencies and advocacy groups. Data included in the misdirected email was requested by the children’s advocate for a review into the delivery of children’s disability services in the province. The review came on the heels of stories about children struggling to access services or dying while awaiting appropriate services.”

Title: Israeli Cyber Unit Action Removes Black Shadow Iran-affiliated Hacking Website
Date Published: November 11, 2021

Excerpt: “The removal of the site means a significant reduction to expose personal materials published by Black Shadow, a hacking group affiliated with Iran that has operated against Israeli sites in the past two years,” said the report. One of the recent targets of Black Shadow was the LGBTQ dating site Atraf, which has been subject to a ransom demand, with attackers leaking names of users from the application. In the past, the group also attacked Israeli insurance company Shirbit. The site that was removed from the Internet offered leaked databases stolen from Atraf, according to the report, as well as other databases that were taken from the CyberServe company, which built Atraf’s website.”

Title: The BotenaGo Botnet Targets IoT Devices
Date Published: November 11, 2021

Excerpt: “Golang (also known as Go) is an open-source programming language designed by Google and first published in 2007 that makes it easier for developers to build software. According to a recent Intezer post, the Go programming language has dramatically increased in its popularity among malware authors in the last few years. The site suggests there has been a 2,000% increase in malware code written in Go being found in the wild. Some of the reasons for its rising popularity relate to the ease of compiling the same code for different systems, making it easier for attackers to spread malware on multiple operating systems.”

Title: Threat Spotlight: Bait attacks
Date Published: November 10, 2021

Excerpt: “As attackers work to make their phishing attacks more targeted and effective, they’ve started researching potential victims, working to collect information that will help them improve the odds that their attacks will succeed. Bait attacks are one technique attackers are using to test out email addresses and see who’s willing to respond. Based on analysis by Barracuda researchers, just over 35% of the 10,500 organizations analyzed were targeted by at least one bait attack in September 2021, with an average of three distinct mailboxes per company receiving one of these messages. Here’s a closer look at the ways that attackers are using bait attacks and the techniques they’re using to avoid getting caught, as well as solutions to help you detect, block, and recover from these types of attacks.”

Title: Queensland Water Supplier Sunwater Targeted by Hackers in Months-long Undetected Cyber Security Breach
Date Published: November 10, 2021

Excerpt: “A Sunwater spokesperson said no financial or customer data had been compromised and immediate steps had been taken to improve security once the unauthorised access to an online content management system was detected. “Sunwater takes cyber security very seriously and acknowledges the findings in the Queensland Audit Office report,” it said. The Water 2021 report stated the cyber breach had occurred between August 2020 and May 2021 and involved unauthorised access to the entity’s web server that stored customer information.”

Title: Zero-day Bug in All Windows Versions Gets Free Unofficial Patch
Date Published: November 12, 2021

Excerpt: “A free and unofficial patch is now available for a zero-day local privilege escalation vulnerability in the Windows User Profile Service that lets attackers gain SYSTEM privileges under certain conditions. The bug, tracked as CVE-2021-34484, was incompletely patched by Microsoft during the August Patch Tuesday. The company only addressed the impact of the proof-of-concept (PoC) provided by security researcher Abdelhamid Naceri who reported the issue. Naceri later discovered that threat actors could still bypass the Microsoft patch to elevate privileges to gain SYSTEM privileges if certain conditions are met, getting an elevated command prompt while the User Account Control (UAC) prompt is displayed.”

Title: How We Broke the Cloud With Two Lines of Code: The Full Story of Chaosdb
Date Published: November 12, 2021

Excerpt: “In August, 2021 the Wiz Research Team disclosed ChaosDB – a severe vulnerability in the popular Azure Cosmos DB database solution that allowed for complete, unrestricted access to the accounts and databases of several thousand Microsoft Azure customers, including many Fortune 500 companies. This vulnerability was so severe that we didn’t want to share the full extent of it until enough time had passed to properly mitigate it. Today, at BlackHat Europe 2021, the team shared all of the technical details behind ChaosDB for the first time. We want to provide a summary of what was discussed, and share the full extent of ChaosDB, the impact it had, and the questions it raises about security in managed cloud services.”

Title: Pentagon Set to Open Zero Trust Office in December
Date Published: November 12, 2021

Excerpt: “The US Department of Defense is stepping up its cybersecurity efforts with a dedicated Zero Trust office set to open next month, according to a senior official. Pentagon CISO, David McKeown, said at the CyberCon event this week that the office would report into the CIO, although the senior executive in charge has not yet been named. Leadership buy-in to Zero Trust has helped to accelerate the opening, which can be seen in part as a response to the SolarWinds campaign in which nine federal government departments were compromised by Russian spies. “We’ve redoubled our efforts, we’ve fought for dollars internally to get after this problem faster,” McKeown reportedly said.”

Title: Murder-for-Hire, Money Laundering, and More: How Organised Criminals Work Online
Date Published: November 11, 2021

Excerpt: “Europol has released an extensive report into serious and organized crime, including how these groups use the internet to aid in their criminal behaviour. Europol is the European Union’s (EU) law enforcement agency and it assists the EU Member States in their fight against serious international crime and terrorism. We’ll often mention them when we tell you that cybercriminals have been arrested in international cooperation between law enforcement agencies, such as the FBI, DEA, and other US agencies. The purpose of the report, besides informing the public, is to create a better understanding of international crimes. Understanding how criminals and criminal networks operate may help law enforcement to more effectively identify and disrupt criminal operations.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 Excerpt: “The duration of ransomware attacks in 2021...