Security News > 2021 > November

A threat actor previously tied to the Thieflock ransomware operation may now be using the emerging Yanluowang ransomware in a series of attacks against U.S. corporations, researchers have found. Researchers found a "Tentative link" between the new Yanluowang attacks and older attacks involving Thieflock, a ransomware-as-a-service developed by the Canthroid group, also known as Fivehands.

Over 150 HP multifunction printers are open to attack via two exposed physical access port vulnerabilities and two different font parsing vulnerabilities discovered by F-Secure security consultants Timo Hirvonen and Alexander Bolshev. Attackers can exploit the vulnerabilities to seize control of vulnerable devices, steal information, and further infiltrate networks to inflict other types of damage, but the good news is that, earlier this month, HP has issued firmware updates that patch the vulnerabilities.

An Ohio-based DNA testing company, has disclosed a hacking incident that affects 2,102,436 persons. The incident resulted in a confirmed data breach that occurred between May 24, 2021, and July 28, 2021, but the firm discovered it only on October 29, 2021.

Researchers have discovered several vulnerabilities affecting at least 150 multi-function printers made by Hewlett Packard. F-Secure's Bolshev and Hirvonen used an HP M725z multi-function printer unit as their testbed to discover the above flaws.

Cisco's new Shared Signals and Events framework is designed to make life easier for security analysts by improving interoperability and supporting zero trust security. Shared signals is pretty much exactly what it sounds like: a standard communication method for security changes that has the potential to reduce "Unnecessary, rote re-authentications or authorizations" and allow far more precise reactions to changes in security parameters.

An affiliate of the recently discovered Yanluowang ransomware operation is focusing its attacks on U.S. organizations in the financial sector using BazarLoader malware in the reconnaissance stage. While its interest is in financial institutions, the Yanluowang ransomware affiliate has also targeted companies in the manufacturing, IT services, consultancy, and engineering sectors.

An operation coordinated by INTERPOL codenamed HAECHI-II saw police arrest more than 1,000 individuals and intercept a total of nearly $27 million of illicit funds, underlining the global threat of cyber-enabled financial crime. HAECHI-II is the second operation in a three-year project to tackle cyber-enabled financial crime supported by the Republic of Korea and the first that is truly global in scope, with the participation of INTERPOL member countries on every continent.

Here's a little light at the end of the tunnel: a slew of new online and in-person events from SANS Institute that will help you sharpen up your cybersec skills or learn completely new ones. SANS Threat Hunting London 2022 runs from January 10 to 15, both in-person in London, and online, with seven courses from Advanced Incident Response, Threat Hunting, and Digital Forensics, to in-depth programs such as Purple Team Tactics - Adversary Emulation for Breach Prevention and Detection.

Intel's issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. This creates a long tail of old products that remain in widespread use, vulnerable to attacks.

In the first half of 2021, average ransomware demands surged by 518%, while payments climbed by 82%. There has been a growing number of attacks in healthcare, with 560 healthcare facilities hit by ransomware last year in the U.S. alone. With ransomware so rampant, organizations are starting to focus on what other layers can be put in place to combat the attacks.