This week’s Cyber Weekly Digest discusses the possible return of REvil ransomware, a new zero-day flaw targeting Windows users with Microsoft Office documents and how a human error led to McDonald’s Monopoly server passwords being sent to prize winners. Keep reading to stay up to date on all the latest cyber security stories from across the globe.
Threat actor Orange, made of former Babuk ransomware gang members, posted a list of Fortinet credentials leaked for free on a newly launched forum. The file was also posted on Groove ransomware-as-a-service data leak site. The file posted contains VPN credentials for 498,908 users over 12,856 devices, with all the IP addresses being confirmed as Fortinet VPN servers. The leak is related to a path traversal vulnerability in Fortinet’s FortiOS discovered in 2018, tracked as CVE-2018-13379.
The dark web servers for the REvil ransomware operation have suddenly turned back following a two-month absence after the widespread Kaseya attack. It is unclear if this means the ransomware gang is back in operation or if the servers are being turned on by law enforcement. Both the Tor payment site and REvil’s Tor ‘Happy Blog’ data leak site suddenly came back online. Although the data leak site is operational, the Tor payment site is not entirely active yet.
On Monday, Howard University confirmed it had suffered a ransomware attack, forcing classes to be temporarily suspended. It hads not been confirmed who the threat actors were behind the attack. As well as classes being suspended, the university’s campus Wi-Fi was down, with only some cloud applications being accessible to students. The school has said they are working on remediating the attack. However, it notes that an incident of this kind is a long process, “not an overnight solution”. Education has become a top target for ransomware attacks; there was a 388% increase in successful ransomware attacks on the education sector in the second and third quarters of 2020.
Microsoft on Tuesday warned of an actively exploited zero-day vulnerability impacting Internet Explorer, being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. Microsoft stated that the vulnerability uses malicious ActiveX controls to exploit Office 365 and Office 2019 on Windows 10 to download and install malware on an affected computer. Since the release of the vulnerability, researchers have further warned how dangerous the flaw is and how it can bypass security features. Users are being warned to only open attachments if they come from a trusted source due to the severity of this vulnerability.
In a recent round of emails being sent to winners of the McDonald’s UK Monopoly game, the franchise accidentally inserted passwords for the server which hosted information relating to the game. The information could be used to rip off players or cheat the game. After the error was brought to McDonald’s attention, it quickly changed the server passwords. McDonald’s responded by confirming the incident resulted from a human error and that anyone affected has been contacted.