Portland brewery and hotel chain McMenamins suffered a Conti ransomware attack over the weekend that disrupted the company's operations. McMenamins is a popular chain of restaurants, pubs, breweries, and hotels located in Oregon and Washington. The ransomware attack occurred over the weekend, on December 12th, with sources telling BleepingComputer that the Conti gang conducted it. READ MORE...
An information technology system security breach detected late last month prompted the Virginia Museum of Fine Arts to shut down its website for a state investigation, the museum announced this week. There's no evidence that the breach is connected to the ransomware attack on Virginia legislative agencies' IT systems, The Richmond Times-Dispatch reported. Virginia State Police are investigating a ransomware attack on state legislative agencies, discovered late Sunday night. READ MORE...
A US federal agency has been hosting a backdoor that can provide total visibility into and complete control over the agency network, and the researchers who discovered it have been unable to engage with the administrators responsible, security firm Avast said on Thursday. The US Commission on International Religious Freedom, associated with international rights, regularly communicates with other US agencies and international governmental and nongovernmental organizations. READ MORE...
Security teams working to mitigate their organizations' exposure to the Log4j vulnerability have plenty of challenges to overcome. They include scoping the full extent of exposure, figuring out workarounds for systems that cannot be patched, and ensuring third-party products and services have been secured. For many, the task will be further complicated by the need to constantly monitor for signs of attackers attempting to exploit the flaw or indications they might already have been compromised. READ MORE...
VMware on Thursday announced the release of patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console. An attacker could exploit the flaw to access sensitive data in the management console, VMware says. Tracked as CVE-2021-22054, the security error carries a CVSS score of 9.1. To exploit the vulnerability, an attacker needs to have network access to UEM, so they can send unauthenticated requests and trigger the bug. READ MORE...
An Android app with more than 500,000 downloads from Google Play has been caught hosting malware that surreptitiously sends users' contacts to an attacker-controlled server and signs up users to pricey subscriptions, a security firm reported. The app, named Color Message, was still available on Google servers at the time this post was being prepared. Google removed it more than three hours after I asked the company for comment. READ MORE...
The Hive ransomware gang is more active and aggressive than its leak site shows, with affiliates attacking an average of three companies every day since the operation became known in late June. Security researchers gleaning information straight from Hive's administrator panel found that affiliates had breached more than 350 organizations over four months. The gang's data leak site currently lists only 55 companies that did not pay the ransom, suggesting that a large number of victims paid the ransom. READ MORE...
Researchers have tracked new spyware - dubbed "PseudoManuscrypt" because it's similar to "Manuscrypt" malware from the Lazarus advanced persistent threat (APT) group - that's attempted to scribble itself across more than 35,000 targeted computers in 195 countries. Kaspersky researchers said in a Thursday report that from Jan. 20 to Nov. 10, the actors behind the vast campaign were targeting government organizations and industrial control systems (ICS) across a range of industries. READ MORE...
The United States Department of Homeland Security (DHS) is inviting security researchers to uncover vulnerabilities and hack into its systems, in an attempt to better protect itself from malicious attacks. The DHS says that it is launching the "Hack DHS" bug bounty program to "identify potential cybersecurity vulnerabilities within certain DHS systems and increase the Department's cybersecurity resilience." READ MORE...
Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both in a single request for maximum chances of success. This shift is a notable development in the ongoing attack and one that defenders need to be aware of when trying to secure all potential vectors. For now, this trend was observed by threat actors looking to hijack resources for Monero mining, but others could adopt it at any time. READ MORE...