November 23, 2021

Fortify Security Team
Nov 23, 2021

Title: Over 4000 UK Retailers Compromised by Magecart Attacks

Date Published: November 23, 2021

Excerpt: “UK government security experts have been forced to notify over 4000 domestic online businesses that their websites were infected with digital skimming code. GCHQ agency, the National Cyber Security Centre (NCSC), informed 4151 compromised online shops up to the end of September. Most of these were exploited via a known bug in the popular Magento e-commerce software. The NCSC argued it was particularly important that digital retailers get their house in order ahead of the busy festive shopping period, which begins at the end of this week with the Black Friday weekend.”

Title: More Ransomware Attacks Up to September Than Whole of 2020

Date Published: November 23, 2021

Excerpt: “Part of the challenge for executives appears to be mitigating cyber risk stemming from the growing complexity of environments. Some 86% of UK respondents cited this as a concern, especially in the context of multi-vendor cloud and other platforms. Just two-fifths claimed to have formally assessed their cloud (41%) and supply chain (42%) risks. Of equal concern is that, despite increased spending, few respondents are confident that they can drive a good return on their investments.”

Title: Suspect Arrested in ‘Ransom Your Employer’ Criminal Scheme

Date Published: November 23, 2021

Excerpt: “The suspect is allegedly linked to a ‘ransom your employer’ scheme investigated by Abnormal Security in August. Customers of the cybersecurity firm were sent emails with the subject “Partnership affiliate offer,” requesting that the recipient considered becoming an accomplice in a cyberattack.  The emails offered a 40% cut of an anticipated $2.5 million ransomware payment in Bitcoin (BTC), made after the recipients installed the DemonWare ransomware on their employer’s systems.”

Title: Security Researchers Play Peek-a-Boo With Conti Ransomware Server

Date Published: November 22, 2021

Excerpt: “Conti ransomware is perhaps most well known for its use in the HSE healthcare attacks back in May. More than 80,000 endpoints were shut down and the health service had to revert to the pen and paper approach. Providers in the US and New Zealand were also affected. Conti is created and distributed by “Wizard Spider”, a group which also created the well-known Ryuk ransomware. Conti, offered to affiliates as Ransomware as a Service, ran wild in the first quarter of 2021. RDP brute forcing, phishing, and hardware / software vulnerabilities are the chosen methods for Conti compromise.”

Title: Code Execution Bug Patched in imunify360 Linux Server Security Suite

Date Published: November 22, 2021

Excerpt: “Tracked as CVE-2021-21956 and issued a CVSSv3 score of 8.2, the security flaw is present in CloudLinux’s Imunify360 versions 5.8 and 5.9. Imunify360 is a security suite for Linux web servers including patch management, domain blacklisting, and firewall features.  In a security advisory published on Monday, Cisco Talos said the flaw was found in the Ai-Bolit malware scanner functionality of the software.”

Title: US Govt Warns Critical Infrastructure of Ransomware Attacks During Holidays

Date Published: November 23 2021

Excerpt: “During this period offices are often closed and employees are at home, for this reason, their organizations are more exposed to ransomware attacks. Both agencies haven’t identified any specific threats, but recent trends let them into believing that threat actors could launch impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends. Below is the list of actions recommended by the agencies to increase the level of security of their infrastructure.”

Title: A Vulnerability in Fortinet FortiWeb Could Allow for Arbitrary Code Execution

Date Published: November 22, 2021

Excerpt: “A vulnerability has been discovered in Fortinet FortiWeb that could allow for arbitrary code execution. Fortinet FortiWeb is a firewall for web applications, which provides threat protection for medium and large enterprises. Successful exploitation of this vulnerability could allow for arbitrary code execution within the context of the affected application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of this vulnerability could have less impact than if it was configured with administrative rights.”

Title: Pentagon Partners With GreyNoise to Investigate Internet Scans

Date Published: November 22, 2021

Excerpt: “Analysts are faced with hundreds of alerts a day, and if they are spending their time investigating alerts that aren’t important, that is time the analyst is not noticing, or responding to, an actual targeted attack. GreyNoise claims customers reduce their alert loads by 25% — in many cases, the reduction can be as high as 38%, Morris says. Knowing the difference between a targeted and opportunistic attack save analysts a lot of time, especially on huge networks, Morris says. The actual amount of time saved would depend on the the organization’s alert volume and the ticket time-to-close (or time-to-triage). For a small shop with a fairly small number of alerts, the time savings resulting from reduced alert volume may not seem like much, but for a larger organization with a heftier alert volume, the amount of time saved is “massive,” Morris says.”

Title: GoDaddy Admits to Password Breach: Check Your Managed WordPress Site!

Date Published: November 23, 2021

Excerpt: “Additionally, GoDaddy stated that default WordPress admin passwords, created when each account was opened, were accessed, too, though we’re hoping that few, if any, active users of the system had left this password unchanged after setting up their WordPress presence. (Default starting passwords generally need to be sent to you somehow in cleartext, often via email, specifically so you can login for the first time to set up a proper password that you chose yourself.) GoDaddy’s wording states that “sFTP […] passwords were exposed”, which makes it sound as though those passwords had been stored in plaintext form.”

Title: Windows 11 KB5007262 Cumulative Update Preview Released

Date Published: November 22, 2021

Excerpt: “Microsoft has released the optional KB5007262 Preview cumulative update for Windows 11 with 70 fixes or improvements. This Windows 11 cumulative update is part of Microsoft’s November 2021 monthly “C” update, allowing users to test the upcoming updates and fixes in the December 2021 Patch Tuesday. Unlike cumulative updates released on Patch Tuesday, preview updates do not contain security updates and only include bug fixes and performance improvements.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 Excerpt: “The duration of ransomware attacks in 2021...