November 24, 2021

Fortify Security Team
Nov 24, 2021

Title: Hospital Ransomware Attacks Go Beyond Health Care Data

Date Published: November 24, 2021

https://securityintelligence.com/hospital-ransomware-health-care-data/

Excerpt: “The healthcare industry has been on the front lines a lot lately. Along with helping control the effects of COVID-19, it has been a prime target for ransomware. In a 2021 survey conducted of 597 health delivery organizations (HDOs), 42% had faced two ransomware attacks in the past couple of years. Over a third (36%) attributed those ransomware incidents to a third party, such as what happened earlier this year with Kaseya. The effects go beyond stolen health care data, although that is important, too. What does it mean when a healthcare organization faces an attack? And what can they do to protect themselves?”

Title: FBI Warns Of Phishing Targeting High-Profile Brands’ Customers

Date Published: November 23, 2021

https://www.bleepingcomputer.com/news/security/fbi-warns-of-phishing-targeting-high-profile-brands-customers/

Excerpt: “The targets are sent to phishing landing pages through various means, including spam emails, text messages, or web and mobile apps that may spoof the identity or the online address of a company’s official site. Attackers embed login forms or malware into their phishing pages with the end goal of stealing their victims’ user credentials, payment details, or various other types of personally identifiable information (PII). The targets are sent to phishing landing pages through various means, including spam emails, text messages, or web and mobile apps that may spoof the identity or the online address of a company’s official site. Attackers embed login forms or malware into their phishing pages with the end goal of stealing their victims’ user credentials, payment details, or various other types of personally identifiable information (PII).”

Title: CISA Issues Holiday Ransomware Message

Date Published: November 24, 2021

https://www.infosecurity-magazine.com/news/cisa-issues-holiday-ransomware/

Excerpt: “In a joint alert issued Monday, the agencies urged the public and private sector organizations to “remain vigilant and take appropriate precautions to reduce their risk to ransomware and other cyberattacks” ahead of Thanksgiving. The warning was not triggered by receiving any specific threat intelligence but was born instead from knowing what has come to pass. “This advisory is based on observations on the timing of high impact ransomware attacks that have occurred previously rather than a reaction to specific threat reporting,” said the agencies.”

Title: Malicious JavaScript Loader is a Multi-RAT Dispenser

Date Published: November 24, 2021

https://www.infosecurity-magazine.com/news/malicious-javascript-loader-is-a/

Excerpt: “Researchers are warning of a new JavaScript loader being used to distribute eight Remote Access Trojans (RATs) in information-stealing campaigns. A team at HP Wolf named the tool “RATDispenser,” and warned that it currently has a detection rate of only 11%. “As with most attacks involving JavaScript malware, RATDispenser is used to gain an initial foothold on a system before launching secondary malware that establishes control over the compromised device,” explained HP malware analyst, Patrick Schläpfer.”

Title: Data Breach Spreads To Six Web Hosts

Date Published: November 24, 2021

https://www.searchenginejournal.com/web-hosting-data-breach/428219/#close

Excerpt: “The GoDaddy data breach that affected up to 1.2 million web hosts has expanded to six more web hosts serving customers worldwide. The six additional compromised web hosts are resellers of GoDaddy’s hosting services. The extent of the intrusion appears to be the same as with GoDaddy, with matching dates of when the security intrusion began. The six compromised web hosting providers are: 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost.”

Title: Bureau Veritas Hit by Cyberattack on Cybersecurity System

Date Published: November 23, 2021

https://www.ship-technology.com/news/bureau-veritas-hit-cyberattack/

Excerpt: “In a statement, the company said: “A preventive decision has been made to temporarily take our servers and data offline to protect our clients and the company while further investigations and corrective measures are in progress. This decision generates a partial unavailability or slowdown of our services and client interfaces.” Following the cyberattack, the Bureau Veritas teams, backed by third-party IT experts, are currently focusing on establishing business continuity, with the initiation of its incident response procedure.”

Title: Password Usage Analysis of Brute Force Attacks on Honeypot Servers

Date Published: November 24, 2021

https://blog.malwarebytes.com/reports/2021/11/password-usage-analysis-of-brute-force-attacks-on-honeypot-servers/

Excerpt: “In an older study by Microsoft, it was determined that users should spend less effort on password management issues for don’t-care and lower consequence accounts, allowing more effort on higher consequence accounts. Unless you are using a password manager doing the work for you, of course. Your efforts to come up with a strong password are wasted at sites that store passwords in plaintext or reversibly encrypted. Sites that require minimum length and/or use other complexity standards have always been a major annoyance. Not only because every site uses a different standard, some of which have been made obsolete, they also encourage users to come up with simple passwords that just barely meet the standard. Am I right, MyDogsName1 and [email protected]$$w0rd?”

Title: Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally

Date Published: November 24, 2021

https://thehackernews.com/2021/11/eavesdropping-bugs-in-mediatek-chips.html

Excerpt: “in a hypothetical attack scenario, a rogue app installed via social engineering means could leverage its access to Android’s AudioManager API to target a specialized library — named Android Aurisys HAL — that’s provisioned to communicate with the audio drivers on the device and send specially crafted messages, which could result in the execution of attack code and theft of audio-related information.”

Title: Observing Attacks Against Hundreds of Exposed Services in Public Clouds

Date Published: November 22, 2021

https://unit42.paloaltonetworks.com/exposed-services-public-clouds/

Excerpt: Four types of applications, SSH, Samba, Postgres and RDP, were evenly deployed across the honeypot infrastructure. We intentionally configured a few accounts with weak credentials such as admin:admin, guest:guest, administrator:password. These accounts grant limited access to the application in a sandboxed environment. A honeypot will be reset and redeployed when a compromising event is detected, i.e., when a threat actor successfully authenticates via one of the credentials and gains access to the application.”

Title: Higher Education in Europe: Understanding the Cybersecurity Skills Gap in the EU

Date Published: November 24, 2021

https://www.enisa.europa.eu/news/enisa-news/higher-education-in-europe-understanding-the-cybersecurity-skills-gap-in-the-eu

Excerpt: “The report – ENISA Report – Addressing the EU Cybersecurity Skills Shortage and Gap Through Higher Education – takes a look into data gathered by the Cybersecurity Higher Education Database – CyberHEAD in order to make a prediction on the future trends. This database is the largest resource of its nature and is able to provide a reliable and up-to-date snapshot of cybersecurity academic programmes available across Europe. Key findings reveal that the number of programmes and students engaged in cybersecurity higher education are growing. As a consequence, the number of graduates in the next 2-3 years is expected to double. However, gender balance is still an issue with only 20% of female students enrolled.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...