📊 2023 OpenText Cybersecurity Threat Report
News, Announcements, Tech Discussions
August 31, 2023 By Bill Toulas Forever 21 clothing and accessories retailer is sending data breach notifications to more than half a million individuals who had their personal information exposed to network intruders.The company is operating 540 outlets worldwide and employs roughly 43,000 people.A sample of the data breach notice shared with the Office of the Maine Attorney General says that the company detected a cyberattack on several of its systems on March 20.The investigation revealed that hackers had intermittent access to Forever 21 systems between January and March this year and leveraged this access to steal data.“The investigation revealed that an unauthorized third party accessed certain Forever 21 systems at various times between January 5, 2023, and March 21, 2023,” reads the notice. >> Full Article <<
By Shunichi Imano and James Slaughter | August 31, 2023 On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.This edition of the Ransomware Roundup covers the Rhysida ransomware. Affected platforms: Microsoft WindowsImpacted parties: Microsoft Windows UsersImpact: Encrypts and exfiltrates victims’ files and demands ransom for file decryptionSeverity level: High Rhysida Ransomware OverviewRhysida ransomware is a new ransomware group that uses a Ransomware-as-a-Service (RaaS) model consisting of developers who create and provide ransomware, the infrastructure needed to operate it, and affiliates who execute attacks against victims. Its first ransomware sample was submitted to a public file scanning service
The splash screen that indicates Webroot Secure Anywhere is active keeps reappearing. I’ve restarted PC several times. Still keeps happening. Any suggestions?\I would ignore it, but the splash screen becomes an active window and interrupts whatever I’m doing.. Thanks
Aug 30, 2023, 3:41 PM EDTOMNY lets you tap a phone or bank card to ride the subway — and lets anyone with the card number see where you’ve been. Photo by Amelia Holowaty Krales / The VergeNew York’s OMNY subway pass system is supposed to make the lives of its riders easier, but as a 404 Media investigation highlights, it makes tracking your movement a little bit too easy — posing dangers for anyone at risk of stalking or harassment.If you tap a bank card to ride the subway, a “trip history” feature on the OMNY website will reveal your past seven days’ worth of trips — including the time and station of entry — to anyone with access to your card number and expiration date. Since it’s not unusual for card numbers to be compromised either online or through someone (like a housemate or partner) briefly getting access to a wallet, that creates an easy-to-miss security hole for people facing things like intimate partner violence. 404 was also able to track trip history for people who rode the
August 30, 2023 By THN New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework.The findings were presented by Deep Instinct security researcher Daniel Avinoam at the DEF CON security conference held earlier this month.Microsoft's container architecture (and by extension, Windows Sandbox) uses what's called a dynamically generated image to separate the file system from each container to the host and at the same time avoid duplication of system files.It's nothing but an "operating system image that has clean copies of files that can change, but links to files that cannot change that are in the Windows image that already exists on the host," thereby bringing down the overall size for a full OS. >> Full Article <<
GitHub Enterprise Server 3.10 released with additional security capabilities, including support for custom deployment rules. August 30, 2023 By Ionut Arghire GitHub on Tuesday announced the general availability of Enterprise Server 3.10 with new security capabilities, including support for custom deployment rules.With the new release, GitHub Projects is now generally available in Enterprise Server, providing administrators with increased visibility over issues and pull requests.Now, teams using GitHub Actions can also create their own custom deployment protection rules, to ensure that only “the deployments that pass all quality, security, and manual approval requirements make it to production,” the code hosting platform explains. >> Full Article <<
August 30, 2023 By Sergiu Gatlan Hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication (MFA).Last week, BleepingComputer reported that the Akira ransomware gang was breaching Cisco VPNs for initial network access.Rapid7 security researchers have provided additional insights regarding these incidents in a report published on Tuesday, revealing that attackers have been directing their efforts towards these devices since March of this year in brute force attacks designed to guess the targets' login credentials. >> Full Article <<
August 30, 2023 By Jonathan Greig The LockBit ransomware gang continues to dominate headlines and cause concern among cybersecurity experts with a spate of attacks on critical organizations, governments and businesses.On Wednesday, the gang took credit for an attack on the Commission des services electriques de Montréal (CSEM) — a 100-year-old municipal organization that manages electrical infrastructure in the city of Montreal.The organization confirmed the incident on Tuesday, writing in a statement that it was hit with ransomware on August 3 but refused to pay the ransom. It contacted national authorities and law enforcement in Quebec while making every effort to restore its systems. Its IT infrastructure has already been rebuilt, the company said. >> Full Article <<
Earth Estries, a cyberspy group possibly linked to China, has targeted governments and tech firms in the US, Germany, South Africa and Asia. August 30, 2023 By Eduard Kovacs A cyberespionage group possibly linked to China has targeted government-related organizations and technology companies in various parts of the world.Trend Micro, which tracks it as Earth Estries, says the group has been around since at least 2020. While the cybersecurity firm has not directly attributed Earth Estries to any particular country, it did point out that there are some overlaps in tactics, techniques and procedures (TTPs) with an APT named FamousSparrow. FamousSparrow, which in 2021 was seen targeting governments and hotels, may be connected to the China-linked threat actors SparklingGoblin and DRBControl. >> Full Article <<
August 30, 2023 By Bill Toulas All-in-One WP Migration, a popular data migration plugin for WordPress sites with 5 million active installations, suffers from unauthenticated access token manipulation that could allow attackers to access sensitive site information.All-in-One WP Migration is a user-friendly WordPress site migration tool for non-technical and inexperienced users, allowing seamless exports of databases, media, plugins, and themes into a single archive that is easy to restore on a new destination.Patchstack reports that various premium extensions the plugin’s vendor ServMask offers all contain the same snippet of vulnerable code that lacks permission and nonce validation in the init function. >> Full Article <<
By Cara Lin | August 30, 2023 Affected platforms: Windows and macOSImpacted parties: Users of vulnerable versions of Adobe ColdFusionImpact: Remote attackers gain control of vulnerable systemsSeverity level: Critical This past July, Adobe responded to reports of exploits targeting pre-authentication remote code execution (RCE) vulnerabilities in their ColdFusion solution by releasing a series of security updates: APSB23-40, APSB23-41, and APSB23-47. An in-depth analysis of those exploits has been documented by Project Discovery, including a significant vulnerability in the WDDX deserialization process within Adobe ColdFusion 2021.Since those updates, however, FortiGuard Labs IPS telemetry data has continued to detect numerous efforts to exploit the Adobe ColdFusion deserialization of untrusted data vulnerability, which poses a significant risk of arbitrary code execution (Figure 1). These attacks include probing, establishing reverse shells, and deploying malware for subsequent actions
August 29, 2023 By Sergiu Gatlan Microsoft announced today that Exchange Server 2016 and 2019 now come with support for HTTP Strict Transport Security (also known as HSTS).HSTS is a web server directive that instructs websites (such as OWA or ECP for Exchange Server) to only allow connections via HTTPS, shielding them from man-in-the-middle (MitM) attacks triggered via protocol downgrades and cookie hijacking.It also ensures that users cannot circumvent expired, invalid, or untrusted certificate warnings, which might indicate that they connect through compromised channels.Once toggled on, the web browsers will identify HSTS policy violations and promptly terminate the connections in response to man-in-the-middle attacks. >> Full Article <<
VWware patches critical flaws that allow hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. August 29, 2023 By Ryan Naraine Virtualization technology giant VMware on Tuesday shipped a major security update to correct at least two critical vulnerabilities in its Aria Operations for Networks product line.In a critical-severity advisory, VMware said the flaws could be exploited by malicious hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface.VMware tagged the network authentication bypass issue as CVE-2023-34039 and applied a CVSS severity score of 9.8 out of 10. >> Full Article <<
2023 was the LARGEST Black Hat yet! The crowds were very large at every keynote and in the expo hall. Compared to last year - we are definitely back and beating pre-Covid numbers. I’m just going to say that Artificial Intelligence was the buzzword of the conference and you couldn’t attend a single briefing or visit a booth without hearing it. It’s definitely not going anywhere 🤖 Another long post coming so get that scroll wheel ready 🤠 Weather was typical Vegas HOT at the Mandalay Bay (102f), but not as hot as it had been the week before we all arrived - which was a scorching 113f🔥 Thankfully there was no flash flooding like last year. REGISTRATION I’m happy to report that Black Hat finally have registration down and can handle the massive amount of crowds. Even if you don’t have the handy QR code, you can still get a speedy process with just your email. This is a welcome change from previous years and I no longer dread registration - THANK YOU! This looks almost identical to las
August 29, 2023 By Pierluigi Paganini Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has been infiltrated for months.Threat actors have infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for as much as nine months. The intrudersChina-linked hackers may have gained access to sensitive data, according to three government and private sector sources familiar with the situation, reported the Financial Times.The intrusion began in the autumn of 2022 and was discovered in June. NISC disclosed a potential security breach involving personal data associated with email communications. Threat actors likely compromised the email account of one of the agency members. NISC sent email notifications to both domestic and international private and governmental partners, cautioning them about the possibility of data compromise. >> Full Article <<
Infrastructure provider advertises contract of more than a million pounds for advanced technology ByGareth Corfield and Jonathan Leake29 August 2023 National Grid is to set “honeypots” and plant false documents online as part of efforts to counter a surge in cyber attackers.The Grid has advertised a contract worth more than a million pounds to secure advanced cyber “deception” technology to help improve its digital defences.The London-listed infrastructure provider, which runs Britain’s electricity network and supplies millions of customers in New York and Massachusetts, is seeking security experts who can deploy so-called “honeypots” or “honeytokens” to lure would-be attackers. >> Full Article <<
