November 30, 2021

Fortify Security Team
Nov 30, 2021

Title: DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People
Date Published: November 30, 2021

Excerpt: “DDC acquired certain assets from this national genetic testing organization in 2012 that included certain personal information, and therefore, impacts from this incident are not associated with DDC.” DDC is working with external cyber-security experts to regain possession of the stolen files and ensure that the threat actor won’t propagate them further. So far, there have been no reports of fraud or improper use of the stolen details.”

Title: 8-Year-Old HP Printer Vulnerability Affects 150 Printer Models
Date Published: November 30, 2021

Excerpt: “To exploit CVE-2021-39238, it would take a few seconds, whereas a skilled attacker could launch a catastrophic assault based on the CVE-2021-39237 in under five minutes. However, it would require some skills and knowledge, at least during this first period when not many technical details are public. Also, even if printers themselves aren’t ideal for proactive security examination, they can detect these attacks by monitoring network traffic and looking into the logs.”

Title: Spy Chief’s Warning: Our Foes Are Now ‘Pouring Money’ into Quantum Computing and AI
Date Published: November 30, 2021

Excerpt: “There is no longer such a thing as an analogue intelligence operation in this digital world,” said Moore. “All of this requires insights from data, the tools to manipulate data and, most importantly, the talent to turn complex data into human insight. The combination of technological prowess and insights from human intelligence gives the UK a powerful edge.” He warned: “Our adversaries are pouring money and ambition into mastering artificial intelligence, quantum computing and synthetic biology because they know that mastering these technologies will give them leverage”.”

Title: High Volume German Phishing Campaign Aims to Steal Banking Credentials
Date Published: November 30, 2021

Excerpt: “Typically, the actor uses the domain registrar REG.RU, with domains hosted via AliCloud (Germany) GmbH. The first domains associated with this activity appeared in late August 2021. The actor/s is/are consistently registering new domains in the identified URL structure and the campaigns are ongoing. Proofpoint is not able to attribute this campaign to a known threat group. However, registrant information associated with multiple domains observed in some of this activity is linked to over 800 fraudulent websites, most of which spoof banks or financial services. Domain registration indicates this actor may have been focused on targeting users of Spanish banks earlier this year.”

Title: EwDoor Botnet Is Attacking AT&T Customers
Date Published: November 30, 2021

Excerpt: “We have captured a total of 3 versions of EwDoor, with version 0.16.0 as a blueprint, we can characterize EwDoor as, a botnet that sends C2 down through BT tracker, uses TLS to protect traffic, and mainly profits by means of DDoS attacks and sensitive data theft, which currently propagates through the Nday vulnerability CVE-2017-6079, mainly targeting EdgeMarc Enterprise Session Border Controller devices.”

Title: Yanluo Wang Ransomware Operation Matures with Experienced Affiliates
Date Published: November 30, 2021

Excerpt: “Looking at the tactics, techniques, and procedures (TTPs), the researchers noticed a possible connection to older attacks with the Thieflock, a ransomware operation developed by the Fivehands group. Five Hands ransomware itself is relatively new on the scene, becoming known in April – first in a report from Mandiant, who is tracking its developer as UNC2447, and then in an alert from CISA. At the time, Mandiant said that UNC2447 showed “advanced capabilities to evade detection and minimize post-intrusion forensics,” and that its affiliates had been deploying RagnarLocker ransomware.”

Title: Kentucky Energy and Environment Cabinet Announces Data Security Breach
Date Published: November 30, 2021

Excerpt: “The Kentucky Energy and Environment Cabinet (EEC) announced they discovered a data security breach on September 8, 2021. According to EEC, unredacted mining permit applications containing some mine owners’ and controllers’ personal information were available for public inspection at Department of Natural Resources’ field offices and on an EEC hosted website.”

Title: Ransomware Attack Shuts Down Lewis & Clark Community College
Date Published: November 29, 2021

Excerpt: “According to Trzaska, the college notified police and the FBI about the ransomware attack. On Friday, he said, a team of cybersecurity experts arrived and have been working around the clock since to restore the school’s computer network stronger and safer than it was before. “So they are seeing a surge in the past two years, I mean, simply because there’s a lot of money there,” said associate professor Dr. Abte Mtibaa at the University of Missouri-St. Louis (UMSL). Mtibaa is director of cybersecurity programs at UMSL. He said most ransomware attackers operate out of Russia, China and eastern Europe. He explained they’re always trying to break into the computer systems for government agencies, businesses and colleges and universities.”

Title: More than 1,000 Individuals Arrested in Global Cybercrime-Fighting Operation
Date Published: November 30, 2021

Excerpt: “The arrests took place over a four-month period between June and September 2021; they were part of an Interpol-coordinated operation code-named HAECHI-II that was designed to curb online financial crimes. During the operation, Interpol officials piloted a new global stop-payment mechanism called the Anti-Money Laundering Rapid Response Protocol (ARRP), which allowed them to intercept and recover nearly $27 million in illicit funds from cybercrime operations.”

Title: Biopharmaceutical Firm Supernus Pharmaceuticals Hit by Hive Ransomware During an Ongoing Acquisition
Date Published: November 29, 2021

Excerpt: “The usual vector for ransomware is via corporate systems/networks and most organisations in the power sector will segment their operational technology systems from their corporate networks to avoid an attack via this route,” Refiti said. “Hopefully this is the case for CS Energy, who are one of Queensland’s three main power generation companies along with Stanwell Corporation and Cleanco.” Refiti’s hope is likely dashed thanks to Bills pointing out that segregation occurred after the incident began.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 Excerpt: “The duration of ransomware attacks in 2021...