News – July 2020


  • CWT Travel Agency Faces $4.5M Ransom in Cyberattack, Report

    July 31, 2020

    CWT, a giant in the corporate travel agency world with a global clientele, may have faced payment of $4.5 million to unknown hackers in the wake of a ransomware attack. Independent malware hunter @JAMESWT tweeted on Thursday that a malware sample used against CWT (formerly known as Carlson Wagonlit Travel) had been uploaded to VirusTotal on ...

  • Milipol Qatar 2020 – Seminar Topics revealed

    July 31, 2020

    Security by Design: Cybersecurity & New tech; Mega Events Security; Crisis Management & Health Security – Post Covid-19 feedbacks; Firefighting: Emergency & Security System 31 July, 2020 – Milipol Qatar 2020, the Middle East’s leading international event for Homeland Security and Civil Defence which returns to Doha this October, will feature a powerful three-day seminar program in which decision ...

  • US defense and aerospace sectors targeted in new wave of North Korean attacks

    July 30, 2020

    Tracked under the codename of “Operation North Star,” McAfee said these attacks have been linked to infrastructure and TTPs (Techniques, Tactics, and Procedures) previously associated with Hidden Cobra — an umbrella term the US government uses to describe all North Korean state-sponsored hacking groups. As for the attacks themselves, McAfee said they were run-of-the-mill spear-phishing emails ...

  • FBI warns of Netwalker ransomware targeting US government and organisations

    July 29, 2020

    The FBI has issued a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations, advising their victims not to pay the ransom and reporting incidents to their local FBI field offices. FBI’s flash alert also provides indicators of compromise associated with the Netwalker ransomware (also known as Mailto) and includes a list of ...

  • Billions of Devices Impacted by Secure Boot Bypass

    July 29, 2020

    Billions of Windows and Linux devices are vulnerable to cyberattacks stemming from a bug in the GRUB2 bootloader, researchers are warning. GRUB2 (which stands for the GRand Unified Bootloader version 2) is the default bootloader for the majority of computing systems. Its job is to manage part of the start-up process – it either presents a ...

  • Critical Bugs in Utilities VPNs Could Cause Physical Damage

    July 29, 2020

    Remote code-execution vulnerabilities in virtual private network (VPN) products could impact the physical functioning of critical infrastructure in the oil and gas, water and electric utilities space, according to researchers. Researchers at Claroty found that VPNs used to provide remote access to operational technology (OT) networks in industrial systems are vulnerable to an array of security ...

  • Foreseeing cyber vulnerabilities of nuclear facilities in South Asia

    July 29, 2020

    In this era of rapidly evolving technology, nuclear facilities are exposed to dynamic and evolving spectrum of cyber vulnerabilities. Cyber-attacks on nuclear facilities are a matter of concern and it’s not for the first time that a cyber-attack has been carried out. Such as attack on nuclear program of Iran to serve the purpose of ...

  • Maritime cyber attacks increase by 900% in three years

    July 29, 2020

    Cyber attacks on the maritime industry’s operational technology (OT) systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year end. Addressing port and terminal operators during an online forum last week, Robert Rizika, Naval Dome’s Boston-based Head of North American Operations, explained that ...

  • Emotet malware now steals your email attachments to attack contacts

    July 29, 2020

    The Emotet malware botnet is now also using stolen attachments to increase the authenticity of spam emails used for infecting targets’ systems. This is the first time the botnet is using stolen attachments to add credibility to emails as Binary Defense threat researcher James Quinn told BleepingComputer. The attachment stealer module code — that also steals email ...

  • Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902

    July 28, 2020

    Following the initial disclosure of two F5 BIG-IP vulnerabilities on the first week of July, we continued monitoring and analyzing the vulnerabilities and other related activities to further understand their severities. Based on the workaround published for CVE-2020-5902, we found an internet of things (IoT) Mirai botnet downloader (detected by Trend Micro as Trojan.SH.MIRAI.BOI) that ...

  • Lazarus on the hunt for big game

    July 28, 2020

    We may only be six months in, but there’s little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents and through discussions with some of our ...

  • Cerberus Android malware source code offered for sale for $100,000

    July 27, 2020

    The maintainer of Cerberus banking trojan for Android is auctioning the entire project for a price starting at $50,000 or close the deal for double the money. The price includes everything from source code to customer list along with installation guide and the scripts to make components work together. For at least one year, the group behind ...

  • Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns

    July 27, 2020

    Cisco is warning that a high-severity flaw in its network security software is being actively exploited – allowing remote, unauthenticated attackers to access sensitive data. Patches for the vulnerability (CVE-2020-3452) in question, which ranks 7.5 out of 10 on the CVSS scale, were released last Wednesday. However, attackers have since been targeting vulnerable versions of the software, ...

  • CISA says 62,000 QNAP NAS devices have been infected with the QSnatch malware

    July 27, 2020

    Cyber-security agencies from the UK and the US have published today a joint security alert about QSnatch, a strain of malware that has been infecting network-attached storage (NAS) devices from Taiwanese device maker QNAP. In alerts by the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC), ...

  • Garmin obtains decryption key after ransomware attack

    July 27, 2020

    Smartwatch maker Garmin has obtained the decryption key to recover its computer files from a ransomware attack last Thursday, Sky News has learned. Last week, Garmin’s services were taken offline after hackers infected the company’s networks with a ransomware virus known as WastedLocker. A number of the company’s services are operational again and the business has now ...

  • Kubernetes Vulnerability Puts Clusters at Risk of Takeover (CVE-2020-8558)

    July 27, 2020

    A security issue assigned CVE-2020-8558 was recently discovered in the kube-proxy, a networking component running on Kubernetes nodes. The issue exposed internal services of Kubernetes nodes, often run without authentication. On certain Kubernetes deployments, this could have exposed the api-server, allowing an unauthenticated attacker to gain complete control over the cluster. An attacker with this ...

  • Ensiko: A Webshell With Ransomware Capabilities

    July 27, 2020

    Ensiko is a PHP web shell with ransomware capabilities that targets various platforms such as Linux, Windows, macOS, or any other platform that has PHP installed. The malware has the capability to remotely control the system and accept commands to perform malicious activities on the infected machine. It can also execute shell commands on an infected ...

  • NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug

    July 24, 2020

    The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S. Separately, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric Triconex TriStation and Tricon Communication Module. These safety instrumented system (SIS) controllers are ...

  • OilRig Targets Middle Eastern Telecom Organization and Adds Novel C2 Channel with Steganography to Its Inventory

    July 22, 2020

    While analyzing an attack against a Middle Eastern telecommunications organization, Unit 42 has discovered a variant of an OilRig-associated tool we call RDAT using a novel email-based command and control (C2) channel that relied on a technique known as steganography to hide commands and data within bitmap images attached to emails. In May 2020, Symantec published ...

  • MATA: Multi-platform targeted malware framework

    July 22, 2020

    As the IT and OT environment becomes more complex, adversaries are quick to adapt their attack strategy. For example, as users’ work environments diversify, adversaries are busy acquiring the TTPs to infiltrate systems. Recently, we reported to our Threat Intelligence Portal customers a similar malware framework that internally we called MATA. The MATA malware framework ...