Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Affected Systems. Show all posts

IT breach Forces Virginia Museum to Shut Down its Website

 

The Virginia Museum of Fine Arts announced this week that it identified an intrusion in the security of its information technology system late last month that forced the museum to take the website offline for a state investigation. 

The Richmond Times-Dispatch reports that there’s no evidence to suggest that the breach is linked to the ransomware attack on Virginia legislative agencies’ IT systems. The state police are investigating a ransomware attack on state legislative agencies, which was unearthed late Sunday night. 

In addition, there is no evidence that private or financial detail was accessed or compromised, spokeswoman Jan Hatchette stated in response to an inquiry by the Richmond Times-Dispatch. The museum said it hopes to restore the website by the end of next week.

 
According to the museum, an independent agency of the state, the Virginia Information Technologies Agency discovered a breach in the website in late November, along with “evidence indicating an existing security threat from an unauthorized third-party.”

As a precautionary measure, the museum website will remain offline until the breach is investigated, contained and the website’s functionality is restored. A temporary website was put up “until the restoration is complete,” Hatchette stated.

"We realize that this has been an inconvenience to our members, visitors, community and staff and we appreciate their patience and support as we work diligently to restore our website to its full capacity (hopefully by end of day Friday). We are committed to the ongoing enhancement of our website security infrastructure in an effort to prevent incidents like this from occurring again," she concluded.

Earlier this week, the Department of Behavioral Health and Developmental Services also acknowledged that its IT system for employee timesheets has been "crippled" by a ransomware attack on the global KRONOS network that serves the executive branch agency. However, the organization adopted a manual system to ensure that the staff was paid on time. "State facilities have switched back to manual systems that are very time-intensive, but they will get the job done and ensure staff are paid," spokeswoman Lauren Cunningham stated.

Last year, Fairfax County Public Schools, Virginia’s largest school system was targeted and the hackers demanded a ransom payment in exchange of stolen personal information. The school system blamed the problems on internet provider Verizon, but Verizon said it did not experience any service outages.

Zoho: Patch New ManageEngine Flaw Abused in Attacks ASAP

 

Customers should upgrade their Desktop Central and Desktop Central MSP installations to the latest available version, as per business software supplier Zoho. 

ManageEngine Desktop Central from Zoho is a management tool that allows administrators to automatically apply updates and software across the network and troubleshoot them remotely. Zoho announced that a freshly patched serious issue in its Desktop Central and Desktop Central MSP products is being actively exploited by malicious actors, indicating the third security vulnerability in its products to be exploited in the wild in the last four months. 

The vulnerability, designated CVE-2021-44515, is an authentication bypass flaw that could let an attacker bypass authentication and launch arbitrary code in the Desktop Central MSP server. 

If indicators of the breach being discovered, Zoho recommends doing, "password reset for all services, accounts, Active Directory, etc. that has been accessed from the service installed machine" together with Active Directory administrator passwords. 

"As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible." 

If impacted, the company suggests disconnecting and backing up all essential business information on affected systems from the network, resetting the compromised servers, restoring Desktop Central, and updating it to the most recent release after the installation is complete. The company has also made an Exploit Detection Tool available, which will assist customers in detecting indicators of compromise in their systems. 

A quick search with Shodan revealed over 3,200 ManageEngine Desktop Central machines open to attacks and running on various ports. 

CVE-2021-44515 now joins two previous vulnerabilities, CVE-2021-44077 and CVE-2021-40539, that have been abused to attack critical infrastructure organisations' networks around the world. 

CVE-2021-44077, an unauthenticated, remote code execution vulnerability impacting ServiceDesk Plus, is being abused to drop web shells and carry out a variety of post-exploitation operations as part of a campaign termed "TiltedTemple," according to the US Cybersecurity and Infrastructure Security Agency (CISA).

Boston Public Library Affected by Cyberattack

 

The Boston Public Library (BPL) announced on 27th August that its network was compromised on Wednesday, resulting in a system-wide technical outage. BPL stated that the current technical disruption was triggered by a cyberattack on its servers on Wednesday. 

BPL hosts nearly 4 million people each year through its central library and twenty-five nearby branches, as well as millions more online. In terms of an overall number of items, it is the third-largest public library in the United States, following the federal Library of Congress and the New York Public Library. 

"The library is currently experiencing a significant system outage and online library services that require login are unavailable," a notice on the library's site currently reads. 

The library stated, "On Wednesday morning, 8/25, the Boston Public Library experienced a systemwide technical outage due to a cybersecurity attack, pausing public computer and public printing services, as well as some online resources." 

"Affected systems were taken offline immediately, and proactive steps were taken to isolate the problem and shut down network communication." 

An ongoing investigation, conducted in a joint effort with law enforcement and the Mayor's IT specialists, has so far shown no evidence of employee or patron theft of data from the compromised systems. 

IT staff now restoring impacted systems and services: 

BPL's IT staff is actively restoring all affected devices and services, with some physical locations and online services still operational. 

Kurt Mansperger, Chief Technology Officer of the BPL, stated, "We apologize for any inconvenience this outage may have caused patrons. Thank you for your patience as our team and law enforcement officials work to restore our digital services and protect the library from future attacks." 

In an email to employees, Boston Public Library President David Leonard stated that it does not appear that the incident was caused by staff misconduct or error. He noted that some data may be permanently destroyed due to the intrusion and will have to be recreated. 

"The extent of this is still being assessed," he stated. "The attack was indeed that bad."