Cyber Weekly Digest - Week #37

This week’s Cyber Weekly Digest discusses the possible return of REvil ransomware, a new zero-day flaw targeting Windows users with Microsoft Office documents and how a human error led to McDonald’s Monopoly server passwords being sent to prize winners. Keep reading to stay up to date on all the latest cyber security stories from across the globe.

1. 500,000 Fortinet VPN account credentials leaked.

Threat actor Orange, made of former Babuk ransomware gang members, posted a list of Fortinet credentials leaked for free on a newly launched forum. The file was also posted on Groove ransomware-as-a-service data leak site. The file posted contains VPN credentials for 498,908 users over 12,856 devices, with all the IP addresses being confirmed as Fortinet VPN servers. The leak is related to a path traversal vulnerability in Fortinet’s FortiOS discovered in 2018, tracked as CVE-2018-13379.

2. REvil ransomware’s servers mysteriously came back online.

The dark web servers for the REvil ransomware operation have suddenly turned back following a two-month absence after the widespread Kaseya attack. It is unclear if this means the ransomware gang is back in operation or if the servers are being turned on by law enforcement. Both the Tor payment site and REvil’s Tor ‘Happy Blog’ data leak site suddenly came back online. Although the data leak site is operational, the Tor payment site is not entirely active yet.

3. Howard University suffers a ransomware attack.

On Monday, Howard University confirmed it had suffered a ransomware attack, forcing classes to be temporarily suspended. It hads not been confirmed who the threat actors were behind the attack. As well as classes being suspended, the university’s campus Wi-Fi was down, with only some cloud applications being accessible to students. The school has said they are working on remediating the attack. However, it notes that an incident of this kind is a long process, “not an overnight solution”. Education has become a top target for ransomware attacks; there was a 388% increase in successful ransomware attacks on the education sector in the second and third quarters of 2020.