November 12, 2021

Fortify Security Team
Nov 12, 2021

Title: Threat Actors Add Johnson Memorial Health to Dark Web Leak Site
Date Published: November 12, 2021

https://www.databreaches.net/threat-actors-add-johnson-memorial-health-to-dark-web-leak-site/

Excerpt: “Johnson Memorial Health continues to work with our cybersecurity partners and the FBI to investigate a cyberattack that occurred on October 2. As a result of this attack, the computer network at JMH has been disabled. We are working as quickly as possible to restore normal computer operations. However, these types of attacks take time to fully resolve and it may be several days before the JMH computer system is fully operational.”

Title: Manitoba Sued Over Privacy Breach Involving 9,000 Children
Date Published: November 11, 2021

https://www.winnipegfreepress.com/local/province-sued-over-privacy-breach-involving-9000-children-575720672.html

Excerpt: “An email notice was delivered to potential claimants this week notifying them about the class action. Court records show a judge certified the lawsuit as a class action early last summer. In August 2020, Children’s Disability Services staff accidentally sent an email intended for the Manitoba children’s advocate to about 100 agencies and advocacy groups. Data included in the misdirected email was requested by the children’s advocate for a review into the delivery of children’s disability services in the province. The review came on the heels of stories about children struggling to access services or dying while awaiting appropriate services.”

Title: Israeli Cyber Unit Action Removes Black Shadow Iran-affiliated Hacking Website
Date Published: November 11, 2021

https://www.jns.org/israeli-cyber-unit-action-removes-black-shadow-iran-affiliated-hacking-website/

Excerpt: “The removal of the site means a significant reduction to expose personal materials published by Black Shadow, a hacking group affiliated with Iran that has operated against Israeli sites in the past two years,” said the report. One of the recent targets of Black Shadow was the LGBTQ dating site Atraf, which has been subject to a ransom demand, with attackers leaking names of users from the application. In the past, the group also attacked Israeli insurance company Shirbit. The site that was removed from the Internet offered leaked databases stolen from Atraf, according to the report, as well as other databases that were taken from the CyberServe company, which built Atraf’s website.”

Title: The BotenaGo Botnet Targets IoT Devices
Date Published: November 11, 2021

https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits

Excerpt: “Golang (also known as Go) is an open-source programming language designed by Google and first published in 2007 that makes it easier for developers to build software. According to a recent Intezer post, the Go programming language has dramatically increased in its popularity among malware authors in the last few years. The site suggests there has been a 2,000% increase in malware code written in Go being found in the wild. Some of the reasons for its rising popularity relate to the ease of compiling the same code for different systems, making it easier for attackers to spread malware on multiple operating systems.”

Title: Threat Spotlight: Bait attacks
Date Published: November 10, 2021

https://blog.barracuda.com/2021/11/10/threat-spotlight-bait-attacks/

Excerpt: “As attackers work to make their phishing attacks more targeted and effective, they’ve started researching potential victims, working to collect information that will help them improve the odds that their attacks will succeed. Bait attacks are one technique attackers are using to test out email addresses and see who’s willing to respond. Based on analysis by Barracuda researchers, just over 35% of the 10,500 organizations analyzed were targeted by at least one bait attack in September 2021, with an average of three distinct mailboxes per company receiving one of these messages. Here’s a closer look at the ways that attackers are using bait attacks and the techniques they’re using to avoid getting caught, as well as solutions to help you detect, block, and recover from these types of attacks.”

Title: Queensland Water Supplier Sunwater Targeted by Hackers in Months-long Undetected Cyber Security Breach
Date Published: November 10, 2021

https://www.abc.net.au/news/2021-11-11/qld-hackers-target-water-supplier-sunwater-cyber-security-attack/100610400

Excerpt: “A Sunwater spokesperson said no financial or customer data had been compromised and immediate steps had been taken to improve security once the unauthorised access to an online content management system was detected. “Sunwater takes cyber security very seriously and acknowledges the findings in the Queensland Audit Office report,” it said. The Water 2021 report stated the cyber breach had occurred between August 2020 and May 2021 and involved unauthorised access to the entity’s web server that stored customer information.”

Title: Zero-day Bug in All Windows Versions Gets Free Unofficial Patch
Date Published: November 12, 2021

https://www.bleepingcomputer.com/news/microsoft/zero-day-bug-in-all-windows-versions-gets-free-unofficial-patch/

Excerpt: “A free and unofficial patch is now available for a zero-day local privilege escalation vulnerability in the Windows User Profile Service that lets attackers gain SYSTEM privileges under certain conditions. The bug, tracked as CVE-2021-34484, was incompletely patched by Microsoft during the August Patch Tuesday. The company only addressed the impact of the proof-of-concept (PoC) provided by security researcher Abdelhamid Naceri who reported the issue. Naceri later discovered that threat actors could still bypass the Microsoft patch to elevate privileges to gain SYSTEM privileges if certain conditions are met, getting an elevated command prompt while the User Account Control (UAC) prompt is displayed.”

Title: How We Broke the Cloud With Two Lines of Code: The Full Story of Chaosdb
Date Published: November 12, 2021

https://securityaffairs.co/wordpress/124510/hacking/chaosdb-flaw-technical-details.html

Excerpt: “In August, 2021 the Wiz Research Team disclosed ChaosDB – a severe vulnerability in the popular Azure Cosmos DB database solution that allowed for complete, unrestricted access to the accounts and databases of several thousand Microsoft Azure customers, including many Fortune 500 companies. This vulnerability was so severe that we didn’t want to share the full extent of it until enough time had passed to properly mitigate it. Today, at BlackHat Europe 2021, the team shared all of the technical details behind ChaosDB for the first time. We want to provide a summary of what was discussed, and share the full extent of ChaosDB, the impact it had, and the questions it raises about security in managed cloud services.”

Title: Pentagon Set to Open Zero Trust Office in December
Date Published: November 12, 2021

https://www.infosecurity-magazine.com/news/pentagon-open-zero-trust-office/

Excerpt: “The US Department of Defense is stepping up its cybersecurity efforts with a dedicated Zero Trust office set to open next month, according to a senior official. Pentagon CISO, David McKeown, said at the CyberCon event this week that the office would report into the CIO, although the senior executive in charge has not yet been named. Leadership buy-in to Zero Trust has helped to accelerate the opening, which can be seen in part as a response to the SolarWinds campaign in which nine federal government departments were compromised by Russian spies. “We’ve redoubled our efforts, we’ve fought for dollars internally to get after this problem faster,” McKeown reportedly said.”

Title: Murder-for-Hire, Money Laundering, and More: How Organised Criminals Work Online
Date Published: November 11, 2021

https://blog.malwarebytes.com/reports/2021/11/murder-for-hire-money-laundering-and-more-how-organised-criminals-work-online/

Excerpt: “Europol has released an extensive report into serious and organized crime, including how these groups use the internet to aid in their criminal behaviour. Europol is the European Union’s (EU) law enforcement agency and it assists the EU Member States in their fight against serious international crime and terrorism. We’ll often mention them when we tell you that cybercriminals have been arrested in international cooperation between law enforcement agencies, such as the FBI, DEA, and other US agencies. The purpose of the report, besides informing the public, is to create a better understanding of international crimes. Understanding how criminals and criminal networks operate may help law enforcement to more effectively identify and disrupt criminal operations.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...