Fortinet warns admins to patch critical authentication bypass bugs immediately
Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions that address a Critical severity vulnerability. The vulnerability (tracked as CVE-2022-40684) is an authentication bypass on the management interface that could allow remote threat actors to log into unpatched devices. “This is a critical vulnerability and should be addressed with the utmost urgency,” the company adds. According to a Shodan search, more than 100,000 FortiGate firewalls are accessible from the Internet, although it is unknown if their management interfaces are also disclosed.
Windows 11 22H2 errors interrupt deployment
According to Microsoft, the Windows 11 2022 update will break deployment, leaving Windows 11 Enterprise endpoints partially configured and unable to complete the installation. According to Microsoft, this known issue most likely affects provisioning packages (.PPKG files used to configure new endpoints on corporate or school networks without imaging) during the initial setup phase. “Windows may be partially configured and the out-of-box experience may not exit or may restart unexpectedly.” Microsoft added that this issue will not impact IT admins deploying Windows devices on their network . The list of unaffected devices also includes Windows systems used in home or small office networks.
Security chiefs fear “CISO scapegoats” after Uber-Sullivan verdict
CISOs are divided over whether Wednesday’s sentencing of former Uber security chief Joe Sullivan will have wider ramifications for people in their positions. According to The Record, some fear the case will generate more CISO whistleblowers in the future, while others believe security chiefs should be prepared to be held accountable for incidents involving an attempted cover-up of a security incident at Uber im Year 2016 where hackers stole the personal information of 57 million customers and the personal information of 600,000 Uber drivers.
Lloyd’s of London is investigating suspected cyber attack
After noticing unusual network activity this week, Lloyd’s reset its IT infrastructure and shut down external connections. The incident came after the entire insurance industry was warned of possible cyberattacks due to the ongoing conflict between Russia and Ukraine. Companies in the insurance market have condemned Russia’s invasion of Ukraine and supported sanctions against Moscow, including imposing bans on insuring ships carrying Russian oil. In August, Lloyd’s of London told its insurance syndicates it would not cover losses caused by cyberattacks by nation-state actors and malicious activity related to the ongoing conflict.
Thanks to this week’s episode sponsor, Noname Security
Facebook detects 400 Android and iOS apps stealing user credentials
Meta Platforms announced on Friday that it had identified over 400 malicious apps on Android and iOS allegedly targeting online users with the aim of stealing their Facebook credentials. “These apps have been listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them.” Aside from showing their malicious Hiding nature as a seemingly harmless set of apps, the program’s operators also published fake reviews intended to offset the negative reviews from users who might have previously downloaded the apps.
(The Hacker News)
Papa John is being sued for spying on website mouse clicks and keystrokes
The pizza chain is being sued for allegedly violating US Wiretap law by spying on how a customer surfed Papa John’s website. The lawsuit alleges use of session playback software that records everything a user does on the site, aside from what fetching pages and placing an order would convey. Session replay tools have been a privacy concern due to their indiscriminate collection of data, sometimes poor security, and failure to obtain user consent to track and store user data, which is then open to analysis.
The world’s largest crypto exchange has been hacked with potential losses of $500 million
Binance, the world’s largest cryptocurrency exchange, may have lost half a billion dollars after its network was hacked. The company has temporarily suspended transactions and fund transfers after discovering an exploit between two blockchains, a method of digital theft used in at least one other major hack recently. According to Binance CEO Changpeng Zhao, speaking via a tweet, “The issue is now contained. Your funds are safe. We apologize for the inconvenience and will keep you informed accordingly.”
Last week in ransomware
Last week, Netwalker ransomware partner Sebastien Vachon-Desjardins was sentenced to 20 years in prison plus forfeiture of $21.5 million for an attack on a business in Tampa and other businesses around the world. We also had reports published last week linking the Cheerscrypt ransomware to a Chinese hacking group and showing how the BlackByte ransomware operation uses Bring Your Own Vulnerable Driver (BYOVD) attacks to shut down security software . Motherboard also released a report based on FOIA requests showing how US schools have responded to ransomware attacks on their networks. Eventually, the Vice Society began leaking data on students, parents, and employees of the Los Angeles Unified School District, and Ferrari denies that RansomEXX attacked them.