OSN November 2, 2021

Fortify Security Team
Nov 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments
Date Published: November 1, 2021

cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426

Excerpt: “A cyberattack appears to be behind a provincewide disruption of health-care services in Newfoundland and Labrador that has affected thousands of appointments and procedures, including those involving COVID-19 testing. “We may have been victims of a possible cyberattack by a third party,” said Health Minister John Haggie at a news conference Monday morning. The possible attack first made itself felt Saturday morning, and hit “the brain of the data centre” that powers the province’s health-care system, said Haggie.”

Title: 56% of UK Businesses Plan to Hire a CISO
Date Published: November 2, 2021

https://www.infosecurity-magazine.com/news/uk-businesses-hire-ciso/

Excerpt: “Sean Leach, chief product architect at Fastly, commented: “Hiring a CISO is a crucial step in tackling the security threats facing organizations. However, they need to ensure this isn’t just a box-ticking exercise and that they fully embed their CISO into the organization. This will come from a joint investment in both dedicated personnel, with clear and defined roles, paired with robust and adequate security tools.” “These findings show that, while businesses are beginning to understand how growing their digital offering will increase potential threats they still need to increase the security offerings that protect those technologies, otherwise the results can be catastrophic”.”

Title: FBI: Ransomware Targets Companies During Mergers and Acquisitions
Date Published: November 2, 2021

https://www.bleepingcomputer.com/news/security/fbi-ransomware-targets-companies-during-mergers-and-acquisitions/

Excerpt: “The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in “time-sensitive financial events” such as corporate mergers and acquisitions to make it easier to extort their victims. In a private industry notification published on Monday, the FBI said ransomware operators would use the financial information collected before attacks as leverage to force victims to comply with ransom demands.

“The FBI assesses ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections,” the federal law enforcement agency said.”

Title: Ransomware Attack Impedes Toronto’s Public Transportation System
Date Published: November 2, 2021

https://medium.com/@Cyb3rsecurity/ransomware-attack-impede-the-torontos-public-transportation-system-414d87b73262

Excerpt: “A ransomware attack has disrupted the activities of the Toronto public transportation agency and has taken down several systems used by drivers and commuters alike. The Toronto Transit Commission said the attack was detected last week on Thursday night and was discovered by a TTC IT staffer who detected “unusual network activity”.” “Impact was minimal until midday today (Friday, Oct. 29) when hackers broadened their strike on network servers,” the agency said in a press release on Friday.”

Title: Alert! Hackers Exploiting Gitlab Unauthenticated Rce Flaw in the Wild
Date Published: November 2, 2021

https://thehackernews.com/2021/11/alert-hackers-exploiting-gitlab.html

Excerpt: “A now-patched critical remote code execution (RCE) vulnerability in GitLab’s web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205, the issue relates to an improper validation of user-provided images that results in arbitrary code execution. The vulnerability, which affects all versions starting from 11.9, has since been addressed by GitLab on April 14, 2021 in versions 13.8.8, 13.9.6, and 13.10.3.”

Title: Cybercriminals Sell Access to International Shipping, Logistics Giants
Date Published: November 2, 2021

https://www.zdnet.com/article/cybercriminals-flog-access-to-international-shipping-logistics-giants-in-the-underground/

Excerpt: “On Tuesday, Intel 471 published an analysis of current black market trends online, revealing instances of initial access brokers (IABs) offering access to international shipping and logistics companies across the ground, air, and sea.  Global supply chains have faced serious upheaval since the start of the COVID-19 pandemic. The problems go beyond chip shortages — lockdowns and closures have caused backlogs worldwide, and as we slowly emerge from the pandemic, demand for everything from food to electronics remains high.”

Title: Google to Pay Hackers $31,337 for Exploiting Patched Linux Kernel Flaws
Date Published: November 2, 2021

https://thehackernews.com/2021/11/google-to-pay-hackers-31337-for.html

Excerpt: “Google on Monday announced that it will pay security researchers to find exploits using vulnerabilities, previously remediated or otherwise, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel. To that end, the company is expected to issue rewards worth $31,337 for exploiting privilege escalation in a lab environment for each patched vulnerability, an amount that can climb up to $50,337 for working exploits that take advantage of zero-day flaws in the kernel and other undocumented attack techniques.”

Title: Fix Critical Vulnerabilities Found in Pentaho Business Analytics Software
Date Published: November 2, 2021

https://thesecmasterblog.medium.com/fix-critical-vulnerabilities-found-in-pentaho-business-analytics-software-7ad557d988cc

Excerpt: “Pentaho is now part of the Lumada DataOps Suite. The suite of products is open and modular to deliver AI-driven automation and collaboration and includes: Lumada Analytics, Lumada Data Integration, Lumada Data Catalog, Lumada Data Optimizer for Hadoop, and Lumada Edge Intelligence. Lumada is built with Pentaho technology that includes Pentaho Business Analytics and Pentaho Data Integration.

Pentaho is a suite, which is made up of multiple application components. Pentaho Data Integration and Business Analytics are the prominent ones among the other components. It enables organizations to access, prepare, and analyze all data from any source.”

Title: Office 365 Phishing Campaign Uses Kaspersky’s Amazon SES Token
Date Published: November 1, 2021

https://threatpost.com/office-365-phishing-campaign-kasperskys-amazon-ses-token/175915/

Excerpt: “Phishing is a common way for cybercriminals to dupe people through socially engineered emails into giving up their credentials to online accounts that can store sensitive data. Phishers use these emails – which sometimes fool people by impersonating a trusted company (like Kaspersky), application or institution – to direct people to specially crafted phishing sites so they can enter credentials, thinking they’re doing so for a legitimate reason. Office 365 credentials are a common target for phishing attacks. In March, for example, a phishing scam targeted executives in the insurance and financial services industries with the aim of harvesting their Microsoft 365 credentials and launching business email compromise (BEC) attacks.”

Title: Facebook Targets Nicaraguan Government for Alleged ‘Troll Farm’ Campaign
Date Published: November 1, 2021

https://www.zdnet.com/article/facebook-targets-nicaragua-government-for-alleged-troll-farm-campaign/

Excerpt: “They called it “one of the most cross-government troll operations we’ve disrupted to date,” and said multiple state entities were involved. “This operation targeted domestic audiences in that country and was linked to the government of Nicaragua and the Sandinista National Liberation Front (FSLN) party. We found one portion of this network through our internal investigation into suspected coordinated inauthentic behavior in the region, and another portion — as a result of reviewing public reporting about some of this activity,” Facebook said.”

Recent Posts

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...

OSN August 26, 2021

Title: Microsoft Breaks Silence on Barrage of ProxyShell Attacks Date Published: August 26, 2021 https://threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Excerpt: “The company released an advisory late Wednesday letting customers know that threat actors may...