AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/18/2022

Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide

The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. “Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information technology, and — especially — Healthcare and Public Health (HPH),” U.S. cybersecurity and intelligence authorities said in an alert. Active since June 2021, Hive’s RaaS operation involves a mix of developers, who create and manage the malware, and affiliates, who are responsible for conducting the attacks on target networks by often purchasing initial access from initial access brokers (IABs).

 

Meta Employees, Security Guards Fired for Hijacking User Accounts

Meta Platforms Inc. has fired or disciplined more than two dozen employees and contractors over the last year whom it accused of improperly taking over user accounts, in some cases allegedly for bribes, according to people familiar with the matter and documents viewed by The Wall Street Journal.

Some of those fired were contractors who worked as security guards stationed at Meta facilities and were given access to the Facebook parent’s internal mechanism for employees to help users having trouble with their accounts, according to the documents and people familiar with the matter. The mechanism, known internally as “Oops,” has existed since Facebook’s early years as a means for employees to help users they know who have forgotten their passwords or emails, or had their accounts taken over by hackers.

 

Microsoft releases emergency patches to fix Kerberos authentication issues on multiple versions of Windows

It is just a few days since Microsoft acknowledged problems with Kerberos authentication. Affecting Windows Servers with the Domain Controller role, the issues mean that domain user sign in could fail, Remote Desktop connection could fail to connect, and more. Now the company has released a series of emergency updates to resolve the issues. A total of six out-of-band updates are available (KB5021652, KB5021653, KB5021654, KB5021655, KB5021656 and KB5021657), and they must be manually installed. In an update to the acknowledgement post in the known issues section of Windows release health, Microsoft says: “This issue was resolved in out-of-band updates released November 17, 2022 for installation on all the Domain Controllers (DCs) in your environment. You do not need to install any update or make any changes to other servers or client devices in your environment to resolve this issue. If you used any workaround or mitigations for this issue, they are no longer needed, and we recommend you remove them”.

 

Transportation sector targeted by both ransomware and APTs

Trellix released The Threat Report: Fall 2022 from its Advanced Research Center, which analyzes cybersecurity trends from the third quarter (Q3) of 2022. The report includes evidence of malicious activity linked to ransomware and nation-state backed advanced persistent threat (APT) actors. It examines malicious cyberactivity including threats to email, the malicious use of legitimate third-party security tools, and more.

 

Atlassian fixes critical command injection bug in Bitbucket Server

Atlassian has released updates to address critical-severity updates in its centralized identity management platform, Crowd Server and Data Center, and in Bitbucket Server and Data Center, the company’s solution for Git repository management. Both security vulnerabilities received a severity rating of 9 out of 10 (calculated by Atlassian) and affect multiple versions of the products. Rated critical, the issue in Crowd Server and Data Center is tracked as CVE-2022-43782 and is a misconfiguration that allows an attacker to bypass password checks when authenticating as the Crowd app and to call privileged API endpoints.

Related Posts