Trojan Source’ Bug Threatens the Security of All Code
krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/ Virtually all compilers programs that transform human-readable source code into computer-executable machine code are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness. Report:
Canadian province health care system disrupted by cyberattack
www.bleepingcomputer.com/news/security/canadian-province-health-care-system-disrupted-by-cyberattack/ The Canadian provinces of Newfoundland and Labrador have suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals.
Ransomware attack disrupts Toronto’s public transportation system
therecord.media/ransomware-attack-disrupts-torontos-public-transportation-system/ A ransomware attack has disrupted the activities of the Toronto public transportation agency and has taken down several systems used by drivers and commuters alike. The Toronto Transit Commission said the attack was detected last week on Thursday night and was discovered by a TTC IT staffer who detected “unusual network activity.”
Ransomware decryptor roundup: BlackByte, Atom Silo, LockFile, Babuk decryptors released
www.zdnet.com/article/ransomware-decryptor-roundup-blackbyte-atom-silo-lockfile-babuk-decryptors-released/ This follows the release of multiple decryptors over the past few months, including REvil/Sodinokibi. Ransomware decryptors for the BlackByte, Atom Silo, LockFile and Babuk strains were released over the last two weeks, highlighting some amount of progress in the fight against a few of the smaller ransomware gangs.
Cring ransomware continues assault on industrial organizations with aging applications, VPNs
www.zdnet.com/article/cring-ransomware-continues-assault-on-coldfusion-servers-vpns/ A Sophos report attributed a recent Cring attack to hackers in Belarus and Ukraine. The Cring ransomware group continues to make a name for itself through attacks on aging ColdFusion servers and VPNs after emerging earlier this year.
Critical Flaws Uncovered in Pentaho Business Analytics Software
thehackernews.com/2021/11/critical-flaws-uncovered-in-pentaho.html Multiple vulnerabilities have been disclosed in Hitachi Vantara’s Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application.
FBI: HelloKitty ransomware adds DDoS attacks to extortion tactics
www.bleepingcomputer.com/news/security/fbi-hellokitty-ransomware-adds-ddos-attacks-to-extortion-tactics/ The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang (aka FiveHands) has added distributed denial-of-service (DDoS) attacks to their arsenal of extortion tactics.
BlackShadow hackers breach Israeli hosting firm and extort customers
www.bleepingcomputer.com/news/security/blackshadow-hackers-breach-israeli-hosting-firm-and-extort-customers/ The BlackShadow hacking group attacked the Israeli hosting provider Cyberserve to steal client databases and disrupt the company’s services.
Lessons from a real-life ransomware attack
blog.malwarebytes.com/ransomware/2021/11/lessons-from-a-real-life-ransomware-attack/ Ransomware attacks, despite dramatically increasing in frequency this summer, remain opaque for many potential victims. It isn’t anyone’s fault, necessarily, since news articles about ransomware attacks often focus on the attack, the suspected threat actors, the ransomware type, and, well, not much else. In immediate recovery, first prioritize and then look for “surprise” systems
Microsoft warns of rise in password sprays targeting cloud accounts
www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-rise-in-password-sprays-targeting-cloud-accounts/ The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives.
Kaspersky’s stolen Amazon SES token used in Office 365 phishing
www.bleepingcomputer.com/news/security/kasperskys-stolen-amazon-ses-token-used-in-office-365-phishing/ Kaspersky said today that a legitimate Amazon Simple Email Service (SES) token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users. Amazon SES is a scalable email service designed to allow developers to send emails from any app for various use cases, including marketing and mass email communications.
Microsoft Defender for Windows is getting a massive overhaul
www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-windows-is-getting-a-massive-overhaul/ Microsoft Defender for Windows is getting a massive overhaul allowing home network admins to deploy Android, iOS, and Mac clients to monitor antivirus, phishing, compromised passwords, and identity theft alerts from a single security dashboard.
Alleged Trickbot malware gang member extradited to United States, and appears in court
www.bitdefender.com/blog/hotforsecurity/trickbot-member-extradited-united-states-court/ A 38-year-old Russian national has appeared in a US federal court, after being extradited from South Korea, to face charges of his alleged involvement in the notorious Trickbot malware gang. The US Department of Justice believes that Vladimir Dunaev (also known as “FFX”) was a malware developer for the Trickbot group, which became infamous for its data-stealing Trojan horse that helped cybercriminals defraud innocent internet users since 2015.