Kevin BeaumontAnother #CitrixBleed ransomware. Fidelity National Financial
Source = me or whatever. They patched Netscaler late, visible on Shodan.
Transparency: Deleted a toot in this thread. I flagged another company called Fidelity who also patched late.
Restoring toot - it turns out Fidelity National Financial, Inc. and Fidelity National Information Service merged years ago. Both patched #CitrixBleed late and now have security incidents involving a ransomware group.
BlackCat ransomware group have claimed Fidelity National Financial, a Fortune500 company. HT @AlvieriD #threatintel
Fidelity National Financial’s website is offline. https://fnf.com/ (or intermittently available depending on location)
Fidelity National Financial ransomware incident is causing problems across the US housing market. They own a ton of downstream companies, eg Chicago Title, and they’re also offline. https://dataconomy.com/2023/11/23/fidelity-national-financial-data-breach/
Btw it isn’t out in the media yet it’s ransomware, but it definitely is.
Fidelity National Financial have been removed from BlackCat’s ransomware portal. Translation: they paid.
The Fidelity National Financial breach by AlphV with CitrixBleed continues to have ripple effect https://www.bleepingcomputer.com/news/security/mortgage-firm-loancare-warns-13-million-people-of-data-breach/
Lesley Carhart 
@GossiTheDog phewwww they have their hands in a lot of people’s shit, often involuntarily
Avoid the Hack! 
@GossiTheDog guess we'll see the leak in a few months.
Also... double-extortion incoming in near future.
Andrzej Stamburski@GossiTheDog Just to summarise the results of paying hackers:
- Stolen data will still be misused in any possible way (but quiet, without attributing to the victim)
- Hackers will do whatever possible to maintain the access to the victim IT systems (but they will temporarily not use it)
- Restoring hacked systems will still cost fortune (even getting some help from hacker initially, there's still a lot to do)
So the only reason to pay hackers is because otherwise shareholders will panic, right?
- Stolen data will still be misused in any possible way (but quiet, without attributing to the victim)
- Hackers will do whatever possible to maintain the access to the victim IT systems (but they will temporarily not use it)
- Restoring hacked systems will still cost fortune (even getting some help from hacker initially, there's still a lot to do)
So the only reason to pay hackers is because otherwise shareholders will panic, right?
Matt Blaze@GossiTheDog Just to confirm, since there seem to be dozens of financial industry firms named "Fidelity", this is a different Fidelity from the place that holds my 401(k), correct?
Tim Farley@mattblaze @gossithedog It is a different company.
Coach Pāṇini ®
Fugue State Machine Moto@GossiTheDog Oops. That’s gonna be expensive.
Oh, the breach was a facility in Jacksonville, FL? Well, that doesn’t help dispel any of my preconceptions about Jax …
(I was stationed near Jacksonville in the 1990s. The town was … really something. )
Rairii@GossiTheDog "not to be confused with any companies with similar names"
Sajid Nawaz Khan @GossiTheDog It’s confusing, admittedly:
“The company was founded in 1968 as Systematics™, which was later acquired by ALLTEL Information Services, and then bought by title insurance giant Fidelity National Financial® in 2003, who renamed it Fidelity Information Services (FIS).”
Company History - About Us | FIS
We empower the financial world because talented people empower our organization. Encouraged to push boundaries, our employees drive change across the industry. Curious, motivated and forward-thinking, they develop solutions for problems that don’t even exist yet.
Carl Davis@GossiTheDog how late did they patch? Hours, days, weeks, etc.?
Chris@carld @GossiTheDog realisation+10 mins? 😅
@cw @GossiTheDog haha, well you're likely not wrong.