November 2, 2021

Fortify Security Team
Nov 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments
Date Published: November 1, 2021

cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426

Excerpt: “A cyberattack appears to be behind a provincewide disruption of health-care services in Newfoundland and Labrador that has affected thousands of appointments and procedures, including those involving COVID-19 testing. “We may have been victims of a possible cyberattack by a third party,” said Health Minister John Haggie at a news conference Monday morning. The possible attack first made itself felt Saturday morning, and hit “the brain of the data centre” that powers the province’s health-care system, said Haggie.”

Title: 56% of UK Businesses Plan to Hire a CISO
Date Published: November 2, 2021

https://www.infosecurity-magazine.com/news/uk-businesses-hire-ciso/

Excerpt: “Sean Leach, chief product architect at Fastly, commented: “Hiring a CISO is a crucial step in tackling the security threats facing organizations. However, they need to ensure this isn’t just a box-ticking exercise and that they fully embed their CISO into the organization. This will come from a joint investment in both dedicated personnel, with clear and defined roles, paired with robust and adequate security tools.” “These findings show that, while businesses are beginning to understand how growing their digital offering will increase potential threats they still need to increase the security offerings that protect those technologies, otherwise the results can be catastrophic”.”

Title: FBI: Ransomware Targets Companies During Mergers and Acquisitions
Date Published: November 2, 2021

https://www.bleepingcomputer.com/news/security/fbi-ransomware-targets-companies-during-mergers-and-acquisitions/

Excerpt: “The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in “time-sensitive financial events” such as corporate mergers and acquisitions to make it easier to extort their victims. In a private industry notification published on Monday, the FBI said ransomware operators would use the financial information collected before attacks as leverage to force victims to comply with ransom demands.

“The FBI assesses ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections,” the federal law enforcement agency said.”

Title: Ransomware Attack Impedes Toronto’s Public Transportation System
Date Published: November 2, 2021

https://medium.com/@Cyb3rsecurity/ransomware-attack-impede-the-torontos-public-transportation-system-414d87b73262

Excerpt: “A ransomware attack has disrupted the activities of the Toronto public transportation agency and has taken down several systems used by drivers and commuters alike. The Toronto Transit Commission said the attack was detected last week on Thursday night and was discovered by a TTC IT staffer who detected “unusual network activity”.” “Impact was minimal until midday today (Friday, Oct. 29) when hackers broadened their strike on network servers,” the agency said in a press release on Friday.”

Title: Alert! Hackers Exploiting Gitlab Unauthenticated Rce Flaw in the Wild
Date Published: November 2, 2021

https://thehackernews.com/2021/11/alert-hackers-exploiting-gitlab.html

Excerpt: “A now-patched critical remote code execution (RCE) vulnerability in GitLab’s web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205, the issue relates to an improper validation of user-provided images that results in arbitrary code execution. The vulnerability, which affects all versions starting from 11.9, has since been addressed by GitLab on April 14, 2021 in versions 13.8.8, 13.9.6, and 13.10.3.”

Title: Cybercriminals Sell Access to International Shipping, Logistics Giants
Date Published: November 2, 2021

https://www.zdnet.com/article/cybercriminals-flog-access-to-international-shipping-logistics-giants-in-the-underground/

Excerpt: “On Tuesday, Intel 471 published an analysis of current black market trends online, revealing instances of initial access brokers (IABs) offering access to international shipping and logistics companies across the ground, air, and sea.  Global supply chains have faced serious upheaval since the start of the COVID-19 pandemic. The problems go beyond chip shortages — lockdowns and closures have caused backlogs worldwide, and as we slowly emerge from the pandemic, demand for everything from food to electronics remains high.”

Title: Google to Pay Hackers $31,337 for Exploiting Patched Linux Kernel Flaws
Date Published: November 2, 2021

https://thehackernews.com/2021/11/google-to-pay-hackers-31337-for.html

Excerpt: “Google on Monday announced that it will pay security researchers to find exploits using vulnerabilities, previously remediated or otherwise, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel. To that end, the company is expected to issue rewards worth $31,337 for exploiting privilege escalation in a lab environment for each patched vulnerability, an amount that can climb up to $50,337 for working exploits that take advantage of zero-day flaws in the kernel and other undocumented attack techniques.”

Title: Fix Critical Vulnerabilities Found in Pentaho Business Analytics Software
Date Published: November 2, 2021

https://thesecmasterblog.medium.com/fix-critical-vulnerabilities-found-in-pentaho-business-analytics-software-7ad557d988cc

Excerpt: “Pentaho is now part of the Lumada DataOps Suite. The suite of products is open and modular to deliver AI-driven automation and collaboration and includes: Lumada Analytics, Lumada Data Integration, Lumada Data Catalog, Lumada Data Optimizer for Hadoop, and Lumada Edge Intelligence. Lumada is built with Pentaho technology that includes Pentaho Business Analytics and Pentaho Data Integration.

Pentaho is a suite, which is made up of multiple application components. Pentaho Data Integration and Business Analytics are the prominent ones among the other components. It enables organizations to access, prepare, and analyze all data from any source.”

Title: Office 365 Phishing Campaign Uses Kaspersky’s Amazon SES Token
Date Published: November 1, 2021

https://threatpost.com/office-365-phishing-campaign-kasperskys-amazon-ses-token/175915/

Excerpt: “Phishing is a common way for cybercriminals to dupe people through socially engineered emails into giving up their credentials to online accounts that can store sensitive data. Phishers use these emails – which sometimes fool people by impersonating a trusted company (like Kaspersky), application or institution – to direct people to specially crafted phishing sites so they can enter credentials, thinking they’re doing so for a legitimate reason. Office 365 credentials are a common target for phishing attacks. In March, for example, a phishing scam targeted executives in the insurance and financial services industries with the aim of harvesting their Microsoft 365 credentials and launching business email compromise (BEC) attacks.”

Title: Facebook Targets Nicaraguan Government for Alleged ‘Troll Farm’ Campaign
Date Published: November 1, 2021

https://www.zdnet.com/article/facebook-targets-nicaragua-government-for-alleged-troll-farm-campaign/

Excerpt: “They called it “one of the most cross-government troll operations we’ve disrupted to date,” and said multiple state entities were involved. “This operation targeted domestic audiences in that country and was linked to the government of Nicaragua and the Sandinista National Liberation Front (FSLN) party. We found one portion of this network through our internal investigation into suspected coordinated inauthentic behavior in the region, and another portion — as a result of reviewing public reporting about some of this activity,” Facebook said.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...