November 23, 2021

Fortify Security Team
Nov 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks

Date Published: November 23, 2021

Excerpt: “UK government security experts have been forced to notify over 4000 domestic online businesses that their websites were infected with digital skimming code. GCHQ agency, the National Cyber Security Centre (NCSC), informed 4151 compromised online shops up to the end of September. Most of these were exploited via a known bug in the popular Magento e-commerce software. The NCSC argued it was particularly important that digital retailers get their house in order ahead of the busy festive shopping period, which begins at the end of this week with the Black Friday weekend.”

Title: More Ransomware Attacks Up to September Than Whole of 2020

Date Published: November 23, 2021

Excerpt: “Part of the challenge for executives appears to be mitigating cyber risk stemming from the growing complexity of environments. Some 86% of UK respondents cited this as a concern, especially in the context of multi-vendor cloud and other platforms. Just two-fifths claimed to have formally assessed their cloud (41%) and supply chain (42%) risks. Of equal concern is that, despite increased spending, few respondents are confident that they can drive a good return on their investments.”

Title: Suspect Arrested in ‘Ransom Your Employer’ Criminal Scheme

Date Published: November 23, 2021

Excerpt: “The suspect is allegedly linked to a ‘ransom your employer’ scheme investigated by Abnormal Security in August. Customers of the cybersecurity firm were sent emails with the subject “Partnership affiliate offer,” requesting that the recipient considered becoming an accomplice in a cyberattack.  The emails offered a 40% cut of an anticipated $2.5 million ransomware payment in Bitcoin (BTC), made after the recipients installed the DemonWare ransomware on their employer’s systems.”

Title: Security Researchers Play Peek-a-Boo With Conti Ransomware Server

Date Published: November 22, 2021

Excerpt: “Conti ransomware is perhaps most well known for its use in the HSE healthcare attacks back in May. More than 80,000 endpoints were shut down and the health service had to revert to the pen and paper approach. Providers in the US and New Zealand were also affected. Conti is created and distributed by “Wizard Spider”, a group which also created the well-known Ryuk ransomware. Conti, offered to affiliates as Ransomware as a Service, ran wild in the first quarter of 2021. RDP brute forcing, phishing, and hardware / software vulnerabilities are the chosen methods for Conti compromise.”

Title: Code Execution Bug Patched in imunify360 Linux Server Security Suite

Date Published: November 22, 2021

Excerpt: “Tracked as CVE-2021-21956 and issued a CVSSv3 score of 8.2, the security flaw is present in CloudLinux’s Imunify360 versions 5.8 and 5.9. Imunify360 is a security suite for Linux web servers including patch management, domain blacklisting, and firewall features.  In a security advisory published on Monday, Cisco Talos said the flaw was found in the Ai-Bolit malware scanner functionality of the software.”

Title: US Govt Warns Critical Infrastructure of Ransomware Attacks During Holidays

Date Published: November 23 2021

Excerpt: “During this period offices are often closed and employees are at home, for this reason, their organizations are more exposed to ransomware attacks. Both agencies haven’t identified any specific threats, but recent trends let them into believing that threat actors could launch impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends. Below is the list of actions recommended by the agencies to increase the level of security of their infrastructure.”

Title: A Vulnerability in Fortinet FortiWeb Could Allow for Arbitrary Code Execution

Date Published: November 22, 2021

Excerpt: “A vulnerability has been discovered in Fortinet FortiWeb that could allow for arbitrary code execution. Fortinet FortiWeb is a firewall for web applications, which provides threat protection for medium and large enterprises. Successful exploitation of this vulnerability could allow for arbitrary code execution within the context of the affected application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of this vulnerability could have less impact than if it was configured with administrative rights.”

Title: Pentagon Partners With GreyNoise to Investigate Internet Scans

Date Published: November 22, 2021

Excerpt: “Analysts are faced with hundreds of alerts a day, and if they are spending their time investigating alerts that aren’t important, that is time the analyst is not noticing, or responding to, an actual targeted attack. GreyNoise claims customers reduce their alert loads by 25% — in many cases, the reduction can be as high as 38%, Morris says. Knowing the difference between a targeted and opportunistic attack save analysts a lot of time, especially on huge networks, Morris says. The actual amount of time saved would depend on the the organization’s alert volume and the ticket time-to-close (or time-to-triage). For a small shop with a fairly small number of alerts, the time savings resulting from reduced alert volume may not seem like much, but for a larger organization with a heftier alert volume, the amount of time saved is “massive,” Morris says.”

Title: GoDaddy Admits to Password Breach: Check Your Managed WordPress Site!

Date Published: November 23, 2021

Excerpt: “Additionally, GoDaddy stated that default WordPress admin passwords, created when each account was opened, were accessed, too, though we’re hoping that few, if any, active users of the system had left this password unchanged after setting up their WordPress presence. (Default starting passwords generally need to be sent to you somehow in cleartext, often via email, specifically so you can login for the first time to set up a proper password that you chose yourself.) GoDaddy’s wording states that “sFTP […] passwords were exposed”, which makes it sound as though those passwords had been stored in plaintext form.”

Title: Windows 11 KB5007262 Cumulative Update Preview Released

Date Published: November 22, 2021

Excerpt: “Microsoft has released the optional KB5007262 Preview cumulative update for Windows 11 with 70 fixes or improvements. This Windows 11 cumulative update is part of Microsoft’s November 2021 monthly “C” update, allowing users to test the upcoming updates and fixes in the December 2021 Patch Tuesday. Unlike cumulative updates released on Patch Tuesday, preview updates do not contain security updates and only include bug fixes and performance improvements.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 Excerpt: “The Keralty multinational healthcare...