November 2, 2021

Fortify Security Team
Nov 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments
Date Published: November 1, 2021

cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426

Excerpt: “A cyberattack appears to be behind a provincewide disruption of health-care services in Newfoundland and Labrador that has affected thousands of appointments and procedures, including those involving COVID-19 testing. “We may have been victims of a possible cyberattack by a third party,” said Health Minister John Haggie at a news conference Monday morning. The possible attack first made itself felt Saturday morning, and hit “the brain of the data centre” that powers the province’s health-care system, said Haggie.”

Title: 56% of UK Businesses Plan to Hire a CISO
Date Published: November 2, 2021

https://www.infosecurity-magazine.com/news/uk-businesses-hire-ciso/

Excerpt: “Sean Leach, chief product architect at Fastly, commented: “Hiring a CISO is a crucial step in tackling the security threats facing organizations. However, they need to ensure this isn’t just a box-ticking exercise and that they fully embed their CISO into the organization. This will come from a joint investment in both dedicated personnel, with clear and defined roles, paired with robust and adequate security tools.” “These findings show that, while businesses are beginning to understand how growing their digital offering will increase potential threats they still need to increase the security offerings that protect those technologies, otherwise the results can be catastrophic”.”

Title: FBI: Ransomware Targets Companies During Mergers and Acquisitions
Date Published: November 2, 2021

https://www.bleepingcomputer.com/news/security/fbi-ransomware-targets-companies-during-mergers-and-acquisitions/

Excerpt: “The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in “time-sensitive financial events” such as corporate mergers and acquisitions to make it easier to extort their victims. In a private industry notification published on Monday, the FBI said ransomware operators would use the financial information collected before attacks as leverage to force victims to comply with ransom demands.

“The FBI assesses ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections,” the federal law enforcement agency said.”

Title: Ransomware Attack Impedes Toronto’s Public Transportation System
Date Published: November 2, 2021

https://medium.com/@Cyb3rsecurity/ransomware-attack-impede-the-torontos-public-transportation-system-414d87b73262

Excerpt: “A ransomware attack has disrupted the activities of the Toronto public transportation agency and has taken down several systems used by drivers and commuters alike. The Toronto Transit Commission said the attack was detected last week on Thursday night and was discovered by a TTC IT staffer who detected “unusual network activity”.” “Impact was minimal until midday today (Friday, Oct. 29) when hackers broadened their strike on network servers,” the agency said in a press release on Friday.”

Title: Alert! Hackers Exploiting Gitlab Unauthenticated Rce Flaw in the Wild
Date Published: November 2, 2021

https://thehackernews.com/2021/11/alert-hackers-exploiting-gitlab.html

Excerpt: “A now-patched critical remote code execution (RCE) vulnerability in GitLab’s web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205, the issue relates to an improper validation of user-provided images that results in arbitrary code execution. The vulnerability, which affects all versions starting from 11.9, has since been addressed by GitLab on April 14, 2021 in versions 13.8.8, 13.9.6, and 13.10.3.”

Title: Cybercriminals Sell Access to International Shipping, Logistics Giants
Date Published: November 2, 2021

https://www.zdnet.com/article/cybercriminals-flog-access-to-international-shipping-logistics-giants-in-the-underground/

Excerpt: “On Tuesday, Intel 471 published an analysis of current black market trends online, revealing instances of initial access brokers (IABs) offering access to international shipping and logistics companies across the ground, air, and sea.  Global supply chains have faced serious upheaval since the start of the COVID-19 pandemic. The problems go beyond chip shortages — lockdowns and closures have caused backlogs worldwide, and as we slowly emerge from the pandemic, demand for everything from food to electronics remains high.”

Title: Google to Pay Hackers $31,337 for Exploiting Patched Linux Kernel Flaws
Date Published: November 2, 2021

https://thehackernews.com/2021/11/google-to-pay-hackers-31337-for.html

Excerpt: “Google on Monday announced that it will pay security researchers to find exploits using vulnerabilities, previously remediated or otherwise, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel. To that end, the company is expected to issue rewards worth $31,337 for exploiting privilege escalation in a lab environment for each patched vulnerability, an amount that can climb up to $50,337 for working exploits that take advantage of zero-day flaws in the kernel and other undocumented attack techniques.”

Title: Fix Critical Vulnerabilities Found in Pentaho Business Analytics Software
Date Published: November 2, 2021

https://thesecmasterblog.medium.com/fix-critical-vulnerabilities-found-in-pentaho-business-analytics-software-7ad557d988cc

Excerpt: “Pentaho is now part of the Lumada DataOps Suite. The suite of products is open and modular to deliver AI-driven automation and collaboration and includes: Lumada Analytics, Lumada Data Integration, Lumada Data Catalog, Lumada Data Optimizer for Hadoop, and Lumada Edge Intelligence. Lumada is built with Pentaho technology that includes Pentaho Business Analytics and Pentaho Data Integration.

Pentaho is a suite, which is made up of multiple application components. Pentaho Data Integration and Business Analytics are the prominent ones among the other components. It enables organizations to access, prepare, and analyze all data from any source.”

Title: Office 365 Phishing Campaign Uses Kaspersky’s Amazon SES Token
Date Published: November 1, 2021

https://threatpost.com/office-365-phishing-campaign-kasperskys-amazon-ses-token/175915/

Excerpt: “Phishing is a common way for cybercriminals to dupe people through socially engineered emails into giving up their credentials to online accounts that can store sensitive data. Phishers use these emails – which sometimes fool people by impersonating a trusted company (like Kaspersky), application or institution – to direct people to specially crafted phishing sites so they can enter credentials, thinking they’re doing so for a legitimate reason. Office 365 credentials are a common target for phishing attacks. In March, for example, a phishing scam targeted executives in the insurance and financial services industries with the aim of harvesting their Microsoft 365 credentials and launching business email compromise (BEC) attacks.”

Title: Facebook Targets Nicaraguan Government for Alleged ‘Troll Farm’ Campaign
Date Published: November 1, 2021

https://www.zdnet.com/article/facebook-targets-nicaragua-government-for-alleged-troll-farm-campaign/

Excerpt: “They called it “one of the most cross-government troll operations we’ve disrupted to date,” and said multiple state entities were involved. “This operation targeted domestic audiences in that country and was linked to the government of Nicaragua and the Sandinista National Liberation Front (FSLN) party. We found one portion of this network through our internal investigation into suspected coordinated inauthentic behavior in the region, and another portion — as a result of reviewing public reporting about some of this activity,” Facebook said.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...