News – December 2020


  • Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome

    December 15, 2020

    A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The update, released as Firefox version 84, is also billed by Mozilla as boosting the browser’s performance and adding native support for macOS hardware running on its own Apple processors. In total, six high-severity flaws ...

  • 45 Million Medical Images Left Exposed Online

    December 15, 2020

    More than 45 million medical images—and the personally identifiable information (PII) and personal healthcare information (PHI) associated with them–have been left exposed online due to unsecured technology that’s typically used to store, send and receive medical data, new research has found. A team from CybelAngel Analyst Team uncovered sensitive medical records and images–including X-rays CT scans ...

  • Gitpaste-12 Worm Widens Set of Exploits in New Attacks

    December 15, 2020

    The Gitpaste-12 worm has returned in new attacks targeting web applications, IP cameras and routers, this time with an expanded set of exploits for initially compromising devices. First discovered in a round of late-October attacks that targeted Linux-based servers and internet-of-things (IoT) devices, the botnet utilizes GitHub and Pastebin for housing malicious component code, has at ...

  • Agent Tesla Keylogger Gets Data Theft and Targeting Update

    December 15, 2020

    Six-year-old keylogger malware called Agent Tesla has been updated again, this time with expanded targeting and improved data exfiltration features. Agent Tesla first came into the scene in 2014, specializing in keylogging (designed to record keystrokes made by a user in order to exfiltrate data like credentials and more) and data-stealing. Since then keylogger has only ...

  • Using MITRE ATT&CK to Identify an APT Attack

    December 15, 2020

    Security teams and researchers depend on publicly documented analyses of tools, routines, and behaviors to update themselves on the latest findings in the cybersecurity landscape. Published information serves as a reference for the known tactics, techniques, and procedures (TTPs) to install defenses against advance persistent threats (APTs) and prevent attacks that are likely to occur ...

  • Threat Brief: SolarStorm and SUNBURST Customer Coverage

    December 14, 2020

    On Sunday, Dec. 13, FireEye released information related to a breach and data exfiltration originating from an unknown actor FireEye is calling UNC2452. Unit 42 tracks this and related activity as the group named SolarStorm, and has published an ATOM containing the observed techniques, IOCs and relevant courses of action in the Unit 42 ATOM ...

  • PyMICROPSIA: New Information-Stealing Trojan from AridViper

    December 14, 2020

    Unit 42 researchers have been tracking the threat group AridViper, which has been targeting the Middle Eastern region. As part of this research, a new information-stealing Trojan with relations to the MICROPSIA malware family has been identified, showing that the actor maintains a very active development profile, creating new implants that seek to bypass the ...

  • Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

    December 13, 2020

    Executive Summary We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452. FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST. The attacker’s post compromise activity leverages multiple techniques to evade detection and obscure their activity, but these efforts also ...

  • Suspected Russian hackers spied on U.S. Treasury emails – sources

    December 13, 2020

    Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments, according to people familiar with the matter, adding they feared the hacks uncovered so far may be the tip of the iceberg. The hack is so serious it led to a National Security Council meeting at ...

  • Intel’s Habana Labs hacked by Pay2Key ransomware, data stolen

    December 13, 2020

    Intel-owned AI processor developer Habana Labs has suffered a cyberattack where data was stolen and leaked by threat actors. Habana Labs is an Israeli developer of AI processors that accelerate artificial intelligence workloads in the datacenter. Intel purchased the company in December 2019 for approximately $2 billion. Today, the Pay2Key ransomware operation leaked data allegedly stolen from ...

  • Subway marketing system hacked to send TrickBot malware emails

    December 12, 2020

    Subway UK has disclosed that a hacked system used for marketing campaigns is responsible for the malware-laden phishing emails sent to customers yesterday. Starting yesterday, Subway UK customers received strange emails from ‘Subcard’ about a Subway order that was placed. Included in the email were links to documents allegedly containing confirmation of the order. After analyzing these ...

  • Former Cisco engineer sentenced to prison for deleting 16k Webex accounts

    December 12, 2020

    A former Cisco engineer was sentenced this week to 24 months in prison for accessing Cisco’s network without authorization after he left the company and then destroying servers that hosted infrastructure for the Cisco Webex Teams service. Sudhish Kasaba Ramesh, 31, of San Jose, was formally charged earlier this year in July and pleaded guilty a ...

  • Facebook doxes APT32, links Vietnam’s primary hacking group to local IT firm

    December 11, 2020

    In a surprising and unexpected announcement on Thursday, the Facebook security team has revealed the real identity of APT32, one of today’s most active state-sponsored hacking group, believed to be linked to the Vietnamese government. The company said it took this step after it detected APT32 using its platform to spread malware in attempts to infect ...

  • CISA and FBI warn of rise in ransomware attacks targeting K-12 schools

    December 11, 2020

    In a joint security alert published on Thursday, the US Cybersecurity Infrastructure and Security Agency, along with the Federal Bureau of Investigation, warned about increased cyber-attacks targeting the US K-12 educational sector, often leading to ransomware attacks, the theft of data, and the disruption of distance learning services. “As of December 2020, the FBI, CISA, and ...

  • Investigating the Gootkit Loader

    December 11, 2020

    Since October 2020, we saw an increase in the number of Gootkit cases targeting users in Germany. We investigated this development and found that the Gootkit loader was now capable of sophisticated behavior that enabled it to surreptitiously load itself onto an affected system and make analysis and detection more difficult. This capability was used to ...

  • Australia: Communications department flags idea of tying telco licences to cyber capability

    December 11, 2020

    The Department of Infrastructure, Transport, Regional Development, and Communications has run up the flagpole the idea of inserting security provisions into the Telecommunications Act to require telcos to safeguard their systems as a condition of their licence to operate. Writing in a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) review of the ...

  • MountLocker ransomware gets slimmer, now encrypts fewer files

    December 11, 2020

    MountLocker ransomware received an update recently that cut its size by half but preserves a weakness that could potentially allow learning the random key used to encrypt files. This ransomware operation started in July 2020, and it targets corporate networks. Its operators steal data before encrypting it and threaten victims to leak files unless their multi-million ...

  • Threat Brief: FireEye Red Team Tool Breach

    December 10, 2020

    On Dec. 8, 2020, one of the leading cybersecurity companies in the industry, FireEye, reported a breach and data exfiltration unlike any that we have seen previously. What makes this attack unique is not only the target, FireEye being a well-known cybersecurity company, but that the stolen data contains the internal, custom-crafted red-team and penetration ...

  • The story of the year: remote work

    December 10, 2020

    The coronavirus pandemic has caused sudden, sweeping change around the world. The necessary social distancing measures are having an impact on all of us. One large part of society that has been affected by these measures more than others is the employed. While direct customer facing businesses like restaurants and retailers have had to change ...

  • A Security Guide to IoT-Cloud Convergence

    December 10, 2020

    The internet of things (IoT) has risen as one solution to the demands that have emerged because of the worldwide pandemic. The IoT, with its key characteristic of minimizing human interaction in performing a myriad of functions, seems a perfect fit in a world of remote setups and social distancing. But it is thanks to ...