A new ransomware operator is targeting Confluence servers by using a recently-disclosed vulnerability to obtain initial access to vulnerable systems. 

According to Sophos cybersecurity researchers Sean Gallagher and Vikas Singh, the new threat actors, dubbed Atom Silo, are taking advantage of the flaw in the hopes that Confluence server owners are yet to apply the required security updates to resolve the bug.  Atlassian Confluence is a web-based virtual workplace for the enterprise, allowing teams to communicate and collaborate on projects.  Sophos described a recent attack conducted by Atom Silo over a period of two days. The vulnerability used in the attack, tracked as CVE-2021-08-25, allowed the cybercriminals to obtain initial access to the victim’s corporate environment.   The Confluence vulnerability is being actively exploited in the wild. While fixed in August, the vendor warned that Confluence Server and Confluence Data Center are at risk and should be patched immediately.  If exploited, unauthenticated threat actors are able to perform an OGNL injection attack and execute arbitrary code. CVE-2021-08-25 was used to compromise the Jenkins project in September. US Cybercom said in the same month that attacks were “ongoing and expected to accelerate.”

In the case examined by Sophos, Atom Silo utilized the vulnerability on September 13 and was able to use the code injection bug to create a backdoor, leading to the download and execution of a second, stealthy backdoor.  To stay under the radar, this payload dropped a legitimate and signed piece of software vulnerable to an unsigned DLL sideload attack. A malicious .DLL was then used to decrypt and load the backdoor from a separate file containing code similar to a Cobalt Strike beacon, creating a tunnel for remotely executing Windows Shell commands through WMI.  “The intrusion that made the ransomware attack possible made use of several novel techniques that made it extremely difficult to investigate, including the side-loading of malicious dynamic-link libraries tailored to disrupt endpoint protection software,” the researchers say. Within a matter of hours, Atom Silo began moving laterally across its victims’ network, compromising multiple servers in the process and executing the same backdoor binaries on each while also conducting additional reconnaissance.  11 days after its initial intrusion, ransomware and a malicious Kernel Driver utility payload, designed to disrupt endpoint protection, were then deployed. Separately, another threat actor noticed the same system was vulnerable to CVE-2021-08-25 and quietly implanted cryptocurrency mining software.  The ransomware is “virtually identical” to LockFile. Files were encrypted using the .ATOMSILO extension and a ransomware note demanding $200,000 was then dropped on the victim’s system. “Ransomware operators and other malware developers are becoming very adept at taking advantage of these gaps, jumping on published proof of concept exploits for newly-revealed vulnerabilities and weaponizing them rapidly to profit off them,” Sophos says. “To reduce the threat, organizations need to both ensure that they have robust ransomware and malware protection in place, and are vigilant about emerging vulnerabilities on Internet-facing software products they operate on their networks.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

A US resident who masqueraded as a cryptocurrency consultant has been sentenced for embezzling cryptocurrency and cash fraudulently obtained from investors. 

The US Department of Justice (DoJ) said on Tuesday that Jerry Ji Guo, a resident of San Francisco, will spend six months behind bars and has been ordered to pay $4.4 million in restitution for his activities.
The 33-year-old former journalist admitted to reshaping himself as an expert and consultant on cryptocurrency and Initial Coin Offerings (ICOs). 
ICOs are investor events that originally formed to give emerging projects an alternative funding route to angel investment or loans. Participants in legitimate ICOs receive project-branded tokens for their contribution, and should the project succeed, this could allow investors to reap substantial profits. However, ICOs are risky and have paved the way for exit scams and fraud.  
In Guo’s case, he conned investors by promising he would perform “consultancy, marketing, and publicity services,” according to US prosecutors. However, instead of keeping his promise, investor cash and cryptocurrency — including Bitcoin (BTC) and Ethereum (ETH) ended up being drained from wallets used by companies to deposit funds up-front in order to secure his ‘services.’  
The cryptocurrencies taken from investors have surged in value over the past few years and the combined funds, with cash, are now worth an estimated $20 million. 
A federal grand jury indicted Guo in 2018 and he pleaded guilty to one count of wire fraud a year later. Seven other counts of wire fraud were dismissed. At the time of the indictment, Guo faced up to 20 years behind bars.

Alongside the prison sentence and reparation, Guo will also have to submit to three years of supervised release.
The DoJ’s Money Laundering and Asset Recovery Section obtained warrants in February 2020 to seize the stolen funds and says that the government “is [now] in a position to return the stolen property to the victims.”
Earlier this month, US prosecutors sentenced the former owner of RG Coins, Rossen Iossifov, to 10 years in prison after he was found guilty of laundering funds from online auction scams through his cryptocurrency exchange. 
The DoJ and FBI are constantly hunting down the perpetrators of cryptocurrency-related fraud and schemes, and now, the US Securities and Exchange Commission (SEC) maintains a list of both fiat investment and crypto businesses that consumers should be wary of. 
In January, SEC added a further eight cryptocurrency organizations to its watch list which tout everything from unrealistic returns to ICO legal protection, and risk-free cryptocurrency trading.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The director of the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Friday that the agency would be “immediately” sharing incident reports from critical infrastructure organizations with the FBI.The FBI and Department of Justice caused a minor furor on Thursday when both came out harshly against The Strengthening American Cybersecurity Act, landmark cybersecurity legislation that sailed through the Senate unanimously on Tuesday. The act forces critical infrastructure organizations to report cyberattacks to CISA within 72 hours and ransomware payments within 24 hours. In statements to Politico, FBI Director Christopher Wray and Deputy Attorney General Lisa Monaco trashed the bipartisan bill because the FBI and DOJ are not included alongside CISA. Wray said it “would make the public less safe from cyber threats” and Monaco claimed the bill leaves the FBI “on the sidelines and makes us less safe at a time when we face unprecedented threats.”The statements shocked officials on both sides of the aisle in the Senate and House, according to statements provided to Politico. The White House came out in support of the bill on Thursday evening but told CBS that it was “exploring all options, to ensure that the legislation enables all relevant Federal agencies to receive and process these incident reports as quickly as possible to carry out their cybersecurity missions.”On Friday afternoon, CISA director Jen Easterly addressed the issue publicly, writing on Twitter that the agency would “immediately” share the incident reports with the FBI.

We have a terrific operational partnership w/our #FBI teammates & will continue to do so, to include always ensuring that cyber incident reporting received by @CISAgov is immediately shared with them. END— Jen Easterly (@CISAJen) March 4, 2022

“The Cyber Incident Reporting for Critical Infrastructure Act of 2022 is a critical step forward in ensuring our nation’s security. As the nation’s cyber defense agency, it gives CISA another key tool to respond to & mitigate the impact of cyber attacks,” Easterly said. “We have a terrific operational partnership w/our #FBI teammates & will continue to do so, to include always ensuring that cyber incident reporting received by CISA is immediately shared with them.”Spokespeople for the lead senators behind the bill, Senate Homeland Security Committee Chair Gary Peters and ranking member Rob Portman, criticized the FBI and DOJ for attacking the bill, telling Politico that both were consulted on it for months. The FBI had previously expressed their desire to be included in any incident reporting legislation during hearings that took place in September. Both Easterly and National Cyber Director Chris Inglis backed the inclusion of the FBI at the time and the Senate changed the bill to mandate that CISA share incident reports with the FBI and other agencies within 24 hours. Despite the changes, Monaco told Politico on Thursday that “changes” still needed to be made to it. The FBI and DOJ did not respond to requests for comment on Friday about whether they will now support the legislation in light of Easterly’s comments. The 200-page act, which combines pieces of the Cyber Incident Reporting Act, the Federal Information Security Modernization Act of 2021, and the Federal Secure Cloud Improvement and Jobs Act — includes several measures designed to modernize the federal government’s cybersecurity posture, and both Peters and Portman said the legislation was “urgently needed” in light of US support for Ukraine, which was invaded by Russia last week. Rep. Jim Langevin, the co-chair of the Cybersecurity Caucus, said getting incident reporting, FISMA and FedRamp across the finish line and onto the President’s desk “should be top priorities for this Congress.””My colleagues in the House and I have worked hard to develop strong language to accomplish these goals, not all of which is included in this bill, such as the need to codify the dual-hat role of the federal CISO,” Langevin told ZDNet. “I look forward to building upon this week’s progress to pass strong cyber legislation out of both chambers, so that we can meet our nation’s urgent cybersecurity needs.” More

For more than ten years, I’ve updated and published my guide to surviving Thanksgiving on ZDNet. Each year, I’ve given advice to help techies deal with immersion into a family dynamic they might not otherwise have encountered all year. Over the years, I’ve added new tips and discoveries that have helped make Thanksgiving successful for thousands of geeks the world over.
This year is different. This is 2020. Surviving Thanksgiving is no longer a hyperbolic term, used to exaggerate the challenges of getting along with your cranky uncle and scoring all the turkey you want. This year, surviving Thanksgiving literally means surviving Thanksgiving. 

This year, Thanksgiving could kill.
Look, I know many of you think that government-mandated lockdowns are impinging on our freedoms. You’re right. Any time a government mandates anything, even if it’s for our own good, it’s impinging on our freedom.
But exercising your freedom doesn’t mean making bad choices just because you can. As an adult, you can choose to live off of pizza for breakfast, lunch, and dinner. You have that freedom. But you’ll eventually also wind up living with chronic stomach pain. As an adult, you can choose to play with matches all you want despite your mother’s best advice, but you could also burn down your house.
Freedom means you can make the choice to take responsibility and to act responsibly.
Now, here’s what we’re facing. We are living in a global pandemic where the infection rate is growing rapidly. The virus spreads effectively indoors, where people are in close contact. Roughly 1,100 people are dying each day in the United States. Each day. By comparison, roughly 3,000 people died on 9-11. We’re experiencing the 9-11 death toll every three days with COVID.

When I was a kid, my parents and I often went over the river (the Hudson) and through the woods (we passed trees) to grandmother’s house. Meeting us were my uncle, aunt, and two cousins. Thanksgivings brought us together — three separate households breathing each other’s air and fighting over the dark meat turkey for a very special day.
Even if your holiday celebration consists of just a small family, the odds are your family, like mine, lives in multiple households. If someone is infected with COVID (even if they’re not showing any symptoms), that person could then infect the other households in your family.
A few years back, I lost my parents. I think about them all the time, especially around the holidays.
So let’s say you decide to go through with your family Thanksgiving because that’s what you’ve always done. It’s what Mom really wants, and besides, you don’t want to miss out on the turkey. Now, imagine next year at Thanksgiving. 
How will you feel if Mom isn’t there? 
How will you feel looking at that empty place setting? How will you feel if you know that all you had to do to make sure Mom was still alive was skip one ceremonial meal — and you didn’t?
The CDC says that family gatherings like Thanksgiving will become spreader events. So how will you feel if you bring home the infection and it spreads, maybe to other members of your church, synagogue, or school? How will you feel about all those families who will have unfilled seats at their tables resulting from your spreader event, all because you couldn’t bring yourself to say “no” and skip the family visit for one year?
The city of Chicago agrees. It’s asked residents to stay home and skip Thanksgiving to avoid spreading COVID. Many will bristle at the suggestion that the government is telling people how to live. But this year, that’s literally true. The government is telling people how to keep living.
Epidemiologists the world over are echoing the recommendations of the CDC and Chicago. Staying home is a message Dr. Fauci is trying to spread as well. The fact is, the chances of the disease spreading drop considerably if you’re not laughing and yelling and talking above everyone else around a crowded feast table. And while some folks find the COVID’s seriousness hard to believe, there are many threads like this one, with a whole lot of folks reporting hardships due to the pandemic.

I want you to compare worst case scenarios for a minute. Let’s say you skip that in-person Thanksgiving event this year. What’s the worst case scenario? You might disappoint Aunt Sally and miss out on Uncle Steve’s awesome turkey.
Now, what’s the worst case scenario if you go through with that in-person Thanksgiving? You might have to bury Aunt Sally and hope Uncle Steve wakes up from the ventilator without brain damage.
It doesn’t compare.
Suck up a little disappointment and keep your family and friends safe. Exercise your freedom to protect your family. Show you’re strong enough to suffer a little disappointment for the good of the people you love, and for the good of strangers you might never meet.
So, what’s David’s Guide to Surviving Thanksgiving this year? It’s simple: please survive it. COVID kills. That’s not a political statement, just a horrible fact evidenced by the unyielding pace of daily deaths. Make smart decisions. Stay home. Protect your family. Do it, not because your government says it’s the right thing to do, but because it’s actually the right thing to do — especially if you love your family.
P.S. Still want to hang out with your family even if you’re not in the same house? Here’s the tech angle to this story: connect via Zoom or watch Netflix or Prime Video together using party mode. You’ll have to bring your own snacks, but you’ll still be able to spend the day virtually with your loved ones. And you won’t even have to share the turkey.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

Legislation surrounding the federal government’s coronavirus trace tracking mobile app, COVIDSafe, has been introduced to Parliament. The purpose of the Privacy Amendment (Public Health Contact Information) Bill 2020 is to assist in “preventing and controlling the entry, emergence, establishment, or spread of COVID-19 into Australia”, by amending the Privacy Act 1988 to provide stronger privacy protections for users […] More