November
OpenSSL releases fixes for two ‘high’ severity vulnerabilities
PUBLISHED: November 1, 2022
OpenSSL released patches for two vulnerabilities that have caused widespread concern among cybersecurity experts and researchers over the last week and a half. OpenSSL is a commonly used code library designed to allow secured communication over the internet.
The bugs announced on Tuesday – CVE-2022-3786 and CVE-2022-3602 – were listed as “high” by OpenSSL. The organization had initially caused alarm on October 25 by warning that its forthcoming release of OpenSSL version 3.0.7. would address a vulnerability rated “critical.”
OpenSSL said it had lowered the severity rating for the latter bug after they were given technical feedback about its details and spent the last week working with several organizations to test the issue.
OpenSSL said it is unaware of any working exploit that could be used to take advantage of the issue and has no evidence that it is currently being exploited.
Jonathan Knudsen, head of global research at Synopsys Cybersecurity Research Center, said the two vulnerabilities patched on Tuesday are serious but not of the same magnitude as Heartbleed.
“Nobody’s hair should be on fire about these two vulnerabilities, but they are serious and should be handled with appropriate speed and diligence,” he said.
Source:
OpenSSL releases fixes for two ‘high’ severity vulnerabilities | The Record by Recorded Futures
July
American Dental Association says April cyberattack involved ransomware
PUBLISHED: July 29, 2022
The American Dental Association (ADA) is sending out breach notification letters confirming that it suffered a ransomware attack in April.
The professional association for dentists – which has more than 160,000 members – would only say it was facing a cyberattack in comments to The Record on April 27. At the time, the organization said it discovered the attack on April 21 when certain systems — including its Aptify email application, telephone network and web chat — were disrupted.
The IT team took the affected systems offline and began the investigation. The Record was contacted by one student who was unable to register for his dental school exam because of the attack. The organization said at the time that “no member information or other data has been compromised.”
But in breach notification letters now being sent out, ADA executive director Raymond Cohlmia admitted that the incident was a ransomware attack, confirming reports from both Emsisoft analyst Brett Callow and the independent MalwareHunterTeam, which tracks ransomware incidents, that the Black Basta ransomware group claimed credit for the attack.
In April, Black Basta said it leaked 30% of the 2.8 GB of data it claims to have stolen from the ADA. The attackers said the data includes financial information, spreadsheets, W-2 forms and troves of information on ADA members.
Black Basta later removed the ADA from its list of victims, according to Callow, which sometimes happens when a ransom is paid. The ADA did not respond to requests for comment about whether it paid a ransom. The ransomware gang is relatively new and the ADA was the first organization it added to its leak site.
Sources:
June
New Jersey school district forced to cancel final exams amid ransomware recovery effort
Tenafly Public Schools in Bergen County, New Jersey is in the process of recovering from a ransomware attack that began on June 2. The school was forced to cancel final exams as they restore systems and address the incident, according to district communications manager Christine Corliss. Corliss told The Record that they initially noticed that their files were not able to be accessed normally last Thursday before cybersecurity experts were brought in to help.
“It looked like our servers were not operating correctly, so they immediately shut everything down to isolate the incident and to begin investigating what was going on. Our servers were down and they needed to figure out why,” Corliss said.
Cybersecurity experts discovered ransomware on their systems and pulled in the FBI as well as state officials and the school’s cyber insurance provider. The parent of a student at Tenafly Public Schools, who asked not to be named, told The Record that all of the school’s Google Classroom, grading and other systems were offline because of the attack. “Final exams have been canceled. We don’t know what’s going to happen with graduation. It’s seriously nasty. There is total radio silence from the administration and board. Presumably state and federal officials involved,” the parent said.
Maria Prato, director of communications for the New Jersey Office of Homeland Security and Preparedness, declined to comment on the state’s response to the attack and directed all questions to the school district.
Cyberattacks on K-12 schools across the U.S. have continued unabated, with both the Fort Sumner Municipal Schools in New Mexico and Washington Local Schools in Ohio suffering from incidents last month. Just two weeks ago, nearby Somerset County was hit with ransomware, taking down the county’s email systems.
Source:
April
Coca-Cola investigating claims of hack after ransomware group hawks stolen data
Coca-Cola said it is investigating reports of a data breach after a ransomware group claimed to have stolen documents from the beverage giant. A Coca-Cola spokesperson said they have already contacted law enforcement about the incident. “We are aware of this matter and are investigating to determine the validity of the claim,” Coca-Cola communications vice president Scott Leith said.
The Stormous ransomware claimed this week that it stole 161 GB of data from Coca-Cola and has been trying to sell the data. The group is offering the stolen data for about $64,000. The operators behind the ransomware group made waves earlier this year after being one of the few to announce full support for the Russian government during the invasion of Ukraine.
“The STORMOUS team has officially announced its support for the Russian governments. And if any party in different parts of the world decides to organize a cyberattack or cyberattacks against Russia, we will be in the right direction and will make all our efforts to abandon the supplication of the West, especially the infrastructure,” the group said in a message in March. “Perhaps the hacking operation that our team carried out for the government of Ukraine and a Ukrainian airline was just a simple operation but what is coming will be bigger!!”
Experts said the group has existed since the beginning of of the year and appears to be financially motivated. Despite pledging its support for Russia, their messages are generally posted in Arabic. The group issued a warning against “western unions” and more specifically companies in the US after being “attacked” by unspecified US companies that were able to shut down their site.
Source:
January
Conti ransomware hits Apple, Tesla supplier
PUBLISHED: Jan. 27, 2022
The Conti ransomware gang has been linked to an attack on Delta Electronics, a Taiwanese electronics manufacturing company and a major supplier of power components to companies like Apple and Tesla. The attack took place last Friday, on January 21, according to a statement shared by the company with stock market authorities.
The company said the attack was detected right away, and its security team intervened to contain infected systems and begin recovery operations. Delta, which is primarily known for its powerful UPS solutions, said the attack did not impact its production systems.
However, in a report today from local tech news site CTWANT, a reporter claims to have obtained a copy of an internal incident report detailing the attack in far-grimmer conditions. More than 1,500 servers and more 12,000 of Delta’s 65,000 computer fleet were encrypted by the attackers. Delta, who is supposedly working with Trend Micro and Microsoft to contain the damage, is said to have found a copy of the ransomware deployed inside its network, which was identified as a version of Conti.
The attackers allegedly requested a ransom demand of $15 million from the Taiwanese electronics maker. At the time of writing, Delta’s name has yet to be mentioned on Conti’s leak site, which typically means that the two entities are still negotiating a payment.
According to a source familiar with the attack who tipped The Record about the incident, the company has yet to restore most of its systems, and its official websites remain offline. The company is using an alternative web server to keep in contact with its customers.
Source:
Remote Code Execution vulnerability discovered in best-selling video game franchise’s code
PUBLISHED: Jan. 23, 2022
A dangerous remote code execution (RCE) exploit has been discovered in the net code of multiple titles created by the popular video game developer FromSoftware. The company’s best-selling titles include the Dark Souls franchise as well as Demon’s Souls and the much-anticipated upcoming release Elden Ring.
The exploit was reportedly discovered by a user and reported to FromSoftware’s publisher, Bandai, but the company was allegedly slow to act.
RCEs are one of the most dangerous exploitable vulnerabilities in modern computing, allowing a malicious actor to run any commands or code of their choice on a target machine or in a target process.
Online servers for several of FromSoftware’s titles have been temporarily deactivated to allow the company’s team to investigate.
Sources: