November 2, 2021

Fortify Security Team
Nov 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments
Date Published: November 1, 2021

cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426

Excerpt: “A cyberattack appears to be behind a provincewide disruption of health-care services in Newfoundland and Labrador that has affected thousands of appointments and procedures, including those involving COVID-19 testing. “We may have been victims of a possible cyberattack by a third party,” said Health Minister John Haggie at a news conference Monday morning. The possible attack first made itself felt Saturday morning, and hit “the brain of the data centre” that powers the province’s health-care system, said Haggie.”

Title: 56% of UK Businesses Plan to Hire a CISO
Date Published: November 2, 2021

https://www.infosecurity-magazine.com/news/uk-businesses-hire-ciso/

Excerpt: “Sean Leach, chief product architect at Fastly, commented: “Hiring a CISO is a crucial step in tackling the security threats facing organizations. However, they need to ensure this isn’t just a box-ticking exercise and that they fully embed their CISO into the organization. This will come from a joint investment in both dedicated personnel, with clear and defined roles, paired with robust and adequate security tools.” “These findings show that, while businesses are beginning to understand how growing their digital offering will increase potential threats they still need to increase the security offerings that protect those technologies, otherwise the results can be catastrophic”.”

Title: FBI: Ransomware Targets Companies During Mergers and Acquisitions
Date Published: November 2, 2021

https://www.bleepingcomputer.com/news/security/fbi-ransomware-targets-companies-during-mergers-and-acquisitions/

Excerpt: “The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in “time-sensitive financial events” such as corporate mergers and acquisitions to make it easier to extort their victims. In a private industry notification published on Monday, the FBI said ransomware operators would use the financial information collected before attacks as leverage to force victims to comply with ransom demands.

“The FBI assesses ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections,” the federal law enforcement agency said.”

Title: Ransomware Attack Impedes Toronto’s Public Transportation System
Date Published: November 2, 2021

https://medium.com/@Cyb3rsecurity/ransomware-attack-impede-the-torontos-public-transportation-system-414d87b73262

Excerpt: “A ransomware attack has disrupted the activities of the Toronto public transportation agency and has taken down several systems used by drivers and commuters alike. The Toronto Transit Commission said the attack was detected last week on Thursday night and was discovered by a TTC IT staffer who detected “unusual network activity”.” “Impact was minimal until midday today (Friday, Oct. 29) when hackers broadened their strike on network servers,” the agency said in a press release on Friday.”

Title: Alert! Hackers Exploiting Gitlab Unauthenticated Rce Flaw in the Wild
Date Published: November 2, 2021

https://thehackernews.com/2021/11/alert-hackers-exploiting-gitlab.html

Excerpt: “A now-patched critical remote code execution (RCE) vulnerability in GitLab’s web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205, the issue relates to an improper validation of user-provided images that results in arbitrary code execution. The vulnerability, which affects all versions starting from 11.9, has since been addressed by GitLab on April 14, 2021 in versions 13.8.8, 13.9.6, and 13.10.3.”

Title: Cybercriminals Sell Access to International Shipping, Logistics Giants
Date Published: November 2, 2021

https://www.zdnet.com/article/cybercriminals-flog-access-to-international-shipping-logistics-giants-in-the-underground/

Excerpt: “On Tuesday, Intel 471 published an analysis of current black market trends online, revealing instances of initial access brokers (IABs) offering access to international shipping and logistics companies across the ground, air, and sea.  Global supply chains have faced serious upheaval since the start of the COVID-19 pandemic. The problems go beyond chip shortages — lockdowns and closures have caused backlogs worldwide, and as we slowly emerge from the pandemic, demand for everything from food to electronics remains high.”

Title: Google to Pay Hackers $31,337 for Exploiting Patched Linux Kernel Flaws
Date Published: November 2, 2021

https://thehackernews.com/2021/11/google-to-pay-hackers-31337-for.html

Excerpt: “Google on Monday announced that it will pay security researchers to find exploits using vulnerabilities, previously remediated or otherwise, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel. To that end, the company is expected to issue rewards worth $31,337 for exploiting privilege escalation in a lab environment for each patched vulnerability, an amount that can climb up to $50,337 for working exploits that take advantage of zero-day flaws in the kernel and other undocumented attack techniques.”

Title: Fix Critical Vulnerabilities Found in Pentaho Business Analytics Software
Date Published: November 2, 2021

https://thesecmasterblog.medium.com/fix-critical-vulnerabilities-found-in-pentaho-business-analytics-software-7ad557d988cc

Excerpt: “Pentaho is now part of the Lumada DataOps Suite. The suite of products is open and modular to deliver AI-driven automation and collaboration and includes: Lumada Analytics, Lumada Data Integration, Lumada Data Catalog, Lumada Data Optimizer for Hadoop, and Lumada Edge Intelligence. Lumada is built with Pentaho technology that includes Pentaho Business Analytics and Pentaho Data Integration.

Pentaho is a suite, which is made up of multiple application components. Pentaho Data Integration and Business Analytics are the prominent ones among the other components. It enables organizations to access, prepare, and analyze all data from any source.”

Title: Office 365 Phishing Campaign Uses Kaspersky’s Amazon SES Token
Date Published: November 1, 2021

https://threatpost.com/office-365-phishing-campaign-kasperskys-amazon-ses-token/175915/

Excerpt: “Phishing is a common way for cybercriminals to dupe people through socially engineered emails into giving up their credentials to online accounts that can store sensitive data. Phishers use these emails – which sometimes fool people by impersonating a trusted company (like Kaspersky), application or institution – to direct people to specially crafted phishing sites so they can enter credentials, thinking they’re doing so for a legitimate reason. Office 365 credentials are a common target for phishing attacks. In March, for example, a phishing scam targeted executives in the insurance and financial services industries with the aim of harvesting their Microsoft 365 credentials and launching business email compromise (BEC) attacks.”

Title: Facebook Targets Nicaraguan Government for Alleged ‘Troll Farm’ Campaign
Date Published: November 1, 2021

https://www.zdnet.com/article/facebook-targets-nicaragua-government-for-alleged-troll-farm-campaign/

Excerpt: “They called it “one of the most cross-government troll operations we’ve disrupted to date,” and said multiple state entities were involved. “This operation targeted domestic audiences in that country and was linked to the government of Nicaragua and the Sandinista National Liberation Front (FSLN) party. We found one portion of this network through our internal investigation into suspected coordinated inauthentic behavior in the region, and another portion — as a result of reviewing public reporting about some of this activity,” Facebook said.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...