November 30, 2021

Fortify Security Team
Nov 30, 2021

Title: DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People
Date Published: November 30, 2021

https://www.bleepingcomputer.com/news/security/dna-testing-firm-discloses-data-breach-affecting-21-million-people/

Excerpt: “DDC acquired certain assets from this national genetic testing organization in 2012 that included certain personal information, and therefore, impacts from this incident are not associated with DDC.” DDC is working with external cyber-security experts to regain possession of the stolen files and ensure that the threat actor won’t propagate them further. So far, there have been no reports of fraud or improper use of the stolen details.”

Title: 8-Year-Old HP Printer Vulnerability Affects 150 Printer Models
Date Published: November 30, 2021

https://www.bleepingcomputer.com/news/security/8-year-old-hp-printer-vulnerability-affects-150-printer-models/

Excerpt: “To exploit CVE-2021-39238, it would take a few seconds, whereas a skilled attacker could launch a catastrophic assault based on the CVE-2021-39237 in under five minutes. However, it would require some skills and knowledge, at least during this first period when not many technical details are public. Also, even if printers themselves aren’t ideal for proactive security examination, they can detect these attacks by monitoring network traffic and looking into the logs.”

Title: Spy Chief’s Warning: Our Foes Are Now ‘Pouring Money’ into Quantum Computing and AI
Date Published: November 30, 2021

https://www.zdnet.com/article/spy-chiefs-warning-our-foes-are-now-pouring-money-into-quantum-computing-and-ai/

Excerpt: “There is no longer such a thing as an analogue intelligence operation in this digital world,” said Moore. “All of this requires insights from data, the tools to manipulate data and, most importantly, the talent to turn complex data into human insight. The combination of technological prowess and insights from human intelligence gives the UK a powerful edge.” He warned: “Our adversaries are pouring money and ambition into mastering artificial intelligence, quantum computing and synthetic biology because they know that mastering these technologies will give them leverage”.”

Title: High Volume German Phishing Campaign Aims to Steal Banking Credentials
Date Published: November 30, 2021

https://www.proofpoint.com/us/blog/threat-insight/high-volume-german-phishing-campaign-aims-steal-banking-credentials

Excerpt: “Typically, the actor uses the domain registrar REG.RU, with domains hosted via AliCloud (Germany) GmbH. The first domains associated with this activity appeared in late August 2021. The actor/s is/are consistently registering new domains in the identified URL structure and the campaigns are ongoing. Proofpoint is not able to attribute this campaign to a known threat group. However, registrant information associated with multiple domains observed in some of this activity is linked to over 800 fraudulent websites, most of which spoof banks or financial services. Domain registration indicates this actor may have been focused on targeting users of Spanish banks earlier this year.”

Title: EwDoor Botnet Is Attacking AT&T Customers
Date Published: November 30, 2021

https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/

Excerpt: “We have captured a total of 3 versions of EwDoor, with version 0.16.0 as a blueprint, we can characterize EwDoor as, a botnet that sends C2 down through BT tracker, uses TLS to protect traffic, and mainly profits by means of DDoS attacks and sensitive data theft, which currently propagates through the Nday vulnerability CVE-2017-6079, mainly targeting EdgeMarc Enterprise Session Border Controller devices.”

Title: Yanluo Wang Ransomware Operation Matures with Experienced Affiliates
Date Published: November 30, 2021

https://www.bleepingcomputer.com/news/security/yanluowang-ransomware-operation-matures-with-experienced-affiliates/

Excerpt: “Looking at the tactics, techniques, and procedures (TTPs), the researchers noticed a possible connection to older attacks with the Thieflock, a ransomware operation developed by the Fivehands group. Five Hands ransomware itself is relatively new on the scene, becoming known in April – first in a report from Mandiant, who is tracking its developer as UNC2447, and then in an alert from CISA. At the time, Mandiant said that UNC2447 showed “advanced capabilities to evade detection and minimize post-intrusion forensics,” and that its affiliates had been deploying RagnarLocker ransomware.”

Title: Kentucky Energy and Environment Cabinet Announces Data Security Breach
Date Published: November 30, 2021

https://www.databreaches.net/kentucky-energy-and-environment-cabinet-announces-data-security-breach/

Excerpt: “The Kentucky Energy and Environment Cabinet (EEC) announced they discovered a data security breach on September 8, 2021. According to EEC, unredacted mining permit applications containing some mine owners’ and controllers’ personal information were available for public inspection at Department of Natural Resources’ field offices and on an EEC hosted website.”

Title: Ransomware Attack Shuts Down Lewis & Clark Community College
Date Published: November 29, 2021

https://www.kmov.com/news/ransomware-attack-shuts-down-lewis-clark-community-college/article_322258be-516e-11ec-ba26-df0bdc26f6fb.html

Excerpt: “According to Trzaska, the college notified police and the FBI about the ransomware attack. On Friday, he said, a team of cybersecurity experts arrived and have been working around the clock since to restore the school’s computer network stronger and safer than it was before. “So they are seeing a surge in the past two years, I mean, simply because there’s a lot of money there,” said associate professor Dr. Abte Mtibaa at the University of Missouri-St. Louis (UMSL). Mtibaa is director of cybersecurity programs at UMSL. He said most ransomware attackers operate out of Russia, China and eastern Europe. He explained they’re always trying to break into the computer systems for government agencies, businesses and colleges and universities.”

Title: More than 1,000 Individuals Arrested in Global Cybercrime-Fighting Operation
Date Published: November 30, 2021

https://medium.com/@Cyb3rsecurity/more-than-1-000-individuals-arrested-in-global-cybercrime-fighting-operation-354403f686f8

Excerpt: “The arrests took place over a four-month period between June and September 2021; they were part of an Interpol-coordinated operation code-named HAECHI-II that was designed to curb online financial crimes. During the operation, Interpol officials piloted a new global stop-payment mechanism called the Anti-Money Laundering Rapid Response Protocol (ARRP), which allowed them to intercept and recover nearly $27 million in illicit funds from cybercrime operations.”

Title: Biopharmaceutical Firm Supernus Pharmaceuticals Hit by Hive Ransomware During an Ongoing Acquisition
Date Published: November 29, 2021

https://www.zdnet.com/article/queensland-government-energy-generator-hit-by-ransomware/

Excerpt: “The usual vector for ransomware is via corporate systems/networks and most organisations in the power sector will segment their operational technology systems from their corporate networks to avoid an attack via this route,” Refiti said. “Hopefully this is the case for CS Energy, who are one of Queensland’s three main power generation companies along with Stanwell Corporation and Cleanco.” Refiti’s hope is likely dashed thanks to Bills pointing out that segregation occurred after the incident began.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...