BlackCat claims attack on Fidelity National Financial The Register

Fortune 500 insurance biz Fidelity National Financial has confirmed that it has fallen victim to a "Cybersecurity incident." The services we provide related to title insurance, escrow and other title-related services, mortgage transaction services, and technology to the real estate and mortgage industries, have been affected by these measures," it said. FNF recorded more than $11 billion in total revenue in 2022 and is one of the largest underwriters of title insurance and providers of transaction services to the real estate and mortgage industries in the US. Although investigations remain ongoing and the company has not yet disclosed the incident's material impact on trade, it did say an intruder "Accessed certain FNF systems and acquired certain credentials." "FNF will continue to assess the impact of the incident and whether the incident may have a material impact on the company. We are working diligently to address the incident and to restore normal operations as quickly and safely as possible." The Register has approached FNF for additional comment but did not receive a response. The filing itself is dated November 19 and was made public two days later, in line with the four-day reporting window allowed by the SEC, indicating that FNF became aware of the event over the weekend. Ransomware outfit ALPHV/BlackCat claimed responsibility for the attack on November 22, revealing few details about what they allegedly accessed. After publishing a post to the group's leak blog, taking aim at incident response specialist Mandiant's reputation and lack of action regarding the attack, BlackCat said it was giving the company more time to respond before revealing more information about the attack. "Before disclosing whether or whether we have [not] collected any data, we will allow FNF further time to get in touch," it said. FNF's difficulties have been felt by some companies and home buyers in the US who are currently unable to close purchases. One broker told Real Estate News that buyers expecting to complete on deals may have to wait until at least Sunday for the closing system to come back online. Security experts have speculated that the entry point into FNF systems was potentially caused by exploits of a critical vulnerability affecting Citrix Netscaler devices, dubbed "CitrixBleed." Researcher Kevin Beaumont ran a Shodan scan of Netscaler boxes tied to FNF's domain and claimed the company applied the patch two weeks after it was made available on October 10. The vulnerability, tracked as CVE-2023-4966, has been used extensively by ransomware groups since its disclosure and has led to a large number of serious attacks. According to a bulletin from the US Cybersecurity and Infrastructure Security Agency this week, the LockBit ransomware group has exploited the vulnerability extensively, including on aviation giant Boeing. Beaumont was the first to suggest the vulnerability led to ransomware attacks at various other organizations, including the US arm of Industrial and Commercial Bank of China Financial Services, magic circle law firm Allen & Overy, and shipping giant DP World. As of November 13, more than a month since it was patched, upwards of 5,000 organizations were still exposed to the vulnerability, he said. "CitrixBleed is extremely simple to exploit and the consequences of exploitation make this vulnerability severe," said Tenable in its analysis. "An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable endpoint on a NetScaler ADC or Gateway instance." "By exploiting CitrixBleed, an attacker could obtain valid session tokens from the vulnerable device's memory. With the possession of valid session tokens, an attacker can replay them back in order to bypass authentication." .

This Cyber News was published on www.theregister.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to BlackCat claims attack on Fidelity National Financial The Register

#StopRansomware: ALPHV Blackcat - The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service identified through FBI ...
1 year ago Cisa.gov
Fidelity National Financial subsidiary says 1.3 million affected by November cyberattack - A subsidiary of title insurance giant Fidelity National Financial reported a data breach to state regulators this week after a cyberattack in November. LoanCare, one of the largest providers of loan subservicing services, told officials in Maine and ...
11 months ago Therecord.media
BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
1 year ago Krebsonsecurity.com
Fidelity National Financial: Hackers stole data of 1.3 million people - Fidelity National Financial has confirmed that a November cyberattack has exposed the data of 1.3 million customers. FNF is an American title insurance and transaction services provider for the real estate and mortgage industries. It is one of the ...
11 months ago Bleepingcomputer.com
X Value Down By 79 Percent Since Elon Musk | Silicon UK - CNN, citing estimates from investment giant Fidelity, reported that X is now worth almost 80 percent less than two years ago when Elon Musk finally concluded his controversial acquisition in late October 2022. That is down from the $19.66 million the ...
2 months ago Silicon.co.uk
DOJ Seizes Ransomware Site as BlackCat Threatens More Attacks - U.S. law enforcement agencies said they shut down the online operations of the notorious Russia-linked BlackCat ransomware-as-a-service group and developed a decryption tool that will help more than 500 victims regain access to their encrypted data ...
1 year ago Securityboulevard.com
Fidelity Faces Second Data Breach Linked to Third-Party Provider: Infosys McCamish - Fidelity Investments Life Insurance Company faces another data breach challenge as it discloses a breach affecting a significant number of individuals. The breach, linked to third-party service provider Infosys McCamish, heightens worries over data ...
9 months ago Cysecurity.news
BlackCat ransomware uses new 'Munchkin' Linux VM in stealthy attacks - The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilizes virtual machines to deploy encryptors on network devices stealthily. Manchkin enables BlackCat to run on remote systems or encrypt remote Server ...
1 year ago Bleepingcomputer.com
BlackCat claims attack on Fidelity National Financial The Register - Fortune 500 insurance biz Fidelity National Financial has confirmed that it has fallen victim to a "Cybersecurity incident." The services we provide related to title insurance, escrow and other title-related services, mortgage transaction services, ...
1 year ago Theregister.com
Feds seize AlphV/BlackCat domain but gang powers on The Register - The US Justice Department is passing a decryptor to more than 500 victims of AlphV/BlackCat's ransomware following a disruption campaign. It believes the decryptor, which will allow victims to recover from ransomware for free, will prevent $68 ...
1 year ago Go.theregister.com
Hackers Stole Data of 1.3 Million Financial National Fidelity Users - Hackers stole data from more than 1.3 million Fidelity National Financial customers when the giant real estate services firm was hit with a ransomware attack in November 2023 that shut down the company's operations for a week. The company wrote that ...
11 months ago Securityboulevard.com
Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims - The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use. Over the past 18 months, ALPHV/Blackcat has emerged as the second most prolific ...
1 year ago Helpnetsecurity.com
LockBit ransomware now poaching BlackCat, NoEscape affiliates - The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly ...
1 year ago Bleepingcomputer.com
Feds Snarl ALPHV/BlackCat Ransomware Operation - After nearly two weeks of speculation, the US Department of Justice has claimed credit for the takedown of ALPHV/BlackCat leak sites and infiltrating the ransomware group's network. Experts speculate this could be a wrap for the ransomware group just ...
1 year ago Darkreading.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
9 months ago Bleepingcomputer.com
US govt probes if ransomware gang stole Change Healthcare data - The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group subsidiary Optum, which operates the Change Healthcare platform, in late ...
9 months ago Bleepingcomputer.com
A Comprehensive Look at the Financial Firms in European Union and Their Rules on Cloud-Based Services - Today's technology has opened up a world of possibilities for financial firms, especially with cloud-based services. Financial institutions are now able to access a great deal of information over the internet in an efficient and timely manner. ...
1 year ago Tripwire.com
Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website - The official leak website of the notorious ransomware group known as BlackCat and Alphv has been offline for days and law enforcement is believed to be behind the takedown. The Tor-based BlackCat/Alphv leak site has been inaccessible since December ...
1 year ago Securityweek.com
BlackCat Strikes Back: Ransomware Gang "Unseizes" Website, Vows No Limits on Targets - The BlackCat ransomware group, also known as Alphv, has started taking action in response to the recently announced law enforcement operation that involved website seizures and the release of a decryption tool. BlackCat's Tor-based leak website ...
1 year ago Securityweek.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
6 months ago Cisa.gov
Mortgage firm LoanCare warns 1.3 million people of data breach - Mortgage servicing company LoanCare is warning 1,316,938 borrowers across the U.S. that their sensitive information was exposed in a data breach at its parent company, Fidelity National Financial. LoanCare is a sub-servicing and interim sub-servicing ...
11 months ago Bleepingcomputer.com
BlackCat ransomware claims breach of healthcare giant Henry Schein - The BlackCat ransomware gang claims it breached the network of healthcare giant Henry Schein and stole dozens of terabytes of data, including payroll data and shareholder information. Henry Schein is a healthcare solutions provider and a Fortune 500 ...
1 year ago Bleepingcomputer.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)