Welcome to this week’s Security News.
If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.
Vulnerabilities and Patches
MySQL servers targeted by ‘Ddostf’ DDoS-as-a-Service botnet
The ‘Ddostf’ malware botnet is currently targeting MySQL servers, intending to enlist them for a DDoS-as-a-Service platform available for rent by other cybercriminals. Researchers from the AhnLab Security Emergency Response Center (ASEC) identified this campaign during routine monitoring of threats against database servers. The operators of Ddostf employ two primary methods for server infiltration: exploiting vulnerabilities in unpatched MySQL environments or employing brute-force attacks on weak administrator account credentials.
Fortinet warns of critical command injection bug in FortiSIEM
Fortinet has issued an alert to its customers regarding a critical OS command injection vulnerability discovered in the FortiSIEM report server. This vulnerability has the potential to be exploited by remote, unauthenticated attackers who could execute commands through specially crafted API requests. Now tracked as CVE-2023-36553, Fortinet’s product security team earlier this week discovered the flaw and assigned it a critical severity score of 9.3.
News from the Sector
Developers can’t seem to stop exposing credentials in publicly accessible code
Despite over a decade of reminders, prodding, and efforts to raise awareness, a notable number of developers continue to neglect the importance of keeping their code free from credentials. These credentials act as keys to their digital kingdoms, and when left unprotected, they can be easily accessed by anyone who takes the time to search for them. This persistent issue highlights the ongoing challenges in promoting secure coding practices and the critical need for continuous education and awareness within the developer community.
Google search ads abused to spread ransomware by ALPHV/BlackCat gang
A ransomware gang has been identified as the perpetrator of a series of Google search ads that exploit major brands to distribute ransomware over the past three weeks. The targets of this campaign include businesses and public entities. This incident adds to a recent series of breaches attributed to the ALPHV/BlackCat cyber gang, according to researchers from eSentire. The use of well-known brands as lures in Google search ads underscores the evolving tactics employed by cybercriminals to compromise organizations and highlights the ongoing challenges in cybersecurity.
Cyber Attacks
Long Beach, California turns off IT systems after cyberattack
The city of Long Beach, California, with a population of approximately 460,000 people, experienced a cyberattack on November 14th. In response, the city shut down parts of its IT network to contain the attack’s spread. Long Beach officials have engaged a cybersecurity firm to investigate the incident and have notified the FBI. The city took swift action to take systems offline as soon as the attack was detected, aiming to prevent further damage to other devices.
Toyota confirms breach after Medusa ransomware threatens to leak data
Toyota Financial Services (TFS) has confirmed unauthorized access to some of its systems in Europe and Africa, following a reported attack by the Medusa ransomware. TFS, a subsidiary of Toyota Motor Corporation and a global presence in 90% of Toyota’s markets, provides auto financing. The Medusa ransomware gang has listed TFS on its dark web data leak site, demanding $8,000,000 to delete allegedly stolen data. The threat actors have given Toyota a 10-day deadline to respond, with an option to extend the timeframe for an additional $10,000 per day.