News – November 2020


  • What Is SCM (Security Configuration Management)?

    November 16, 2020

    The coronavirus 2019 (COVID-19) pandemic shifted the cybersecurity landscape. According to a PR Newswire release, the FBI tracked as many as 4,000 digital attack attempts a day during the pandemic. That’s 400% more than what it was prior to the pandemic. In response to these attacks, 70% of CISOs told McKinsey that they believed their ...

  • Lazarus malware strikes South Korean supply chains

    November 16, 2020

    Lazarus malware has been tracked in new campaigns against South Korean supply chains, made possible through stolen security certificates. On Monday, cybersecurity researchers from ESET revealed the abuse of the certificates, stolen from two separate, legitimate South Korean companies. Lazarus, also known as Hidden Cobra, is an umbrella term for select threat groups — including offshoot entities ...

  • Malicious Actors Target Comm Apps such as Zoom, Slack, Discord

    November 16, 2020

    In our 2020 midyear report, we discussed how the Covid-19 pandemic had forced many organizations to shift from physical offices to virtual ones — a change that also led to the rise of messaging and video conferencing apps as indispensable tools for communication. While these apps have provided businesses a way of maintaining communication between ...

  • DarkSide ransomware’s Iranian hosting raises U.S. sanction concerns

    November 15, 2020

    Ransomware negotiation firm Coveware has placed the DarkSide operation on an internal restricted list after the threat actors announced plans to host infrastructure in Iran. When the DarkSide ransomware operation encrypts a network, their affiliates steal unencrypted files, which they threaten to release if a ransom is not paid. This double-extortion strategy is always under attack by ...

  • New TroubleGrabber Discord malware steals passwords, system info

    November 13, 2020

    TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. Several threat actors use the new info stealer to target gamers on Discord servers and to steal their passwords and other sensitive information. Its capabilities are similar to another malware strain dubbed ...

  • Manufacturing is becoming a major target for ransomware attacks

    November 13, 2020

    Ransomware has become a major threat to the manufacturing industry as cyber-criminal groups increasingly take an interest in targeting the industrial control systems (ICS) that manage operations. According to analysis by cybersecurity researchers at security company Dragos, the number of publicly recorded ransomware attacks against manufacturing has tripled in the last year alone. While a lot of ...

  • Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

    November 13, 2020

    Three nation-state cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research, researchers said. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea and another North Korea-linked group dubbed Cerium are believed to be behind the ongoing assaults. According to Tom Burt, corporate vice president of Customer Security and Trust ...

  • New ModPipe malware targets hospitality, hotel point of sale systems

    November 12, 2020

    A new Point-of-Sale (PoS) malware is targeting devices used by “hundreds of thousands” of organizations in the hospitality sector, researchers have warned. Dubbed ModPipe, the malware is a backdoor able to harvest sensitive information in PoS devices running Oracle Micros Restaurant Enterprise Series (RES) 3700, management software that is particularly popular in the United States. RES 3700 ...

  • Alleged source code of Cobalt Strike toolkit shared online

    November 12, 2020

    The source code for the widely-used Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. Cobalt Strike is a legitimate penetration testing toolkit that allows attackers to deploy “beacons” on compromised devices to remotely “create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on ...

  • Targeted ransomware: it’s not just about encrypting your data!

    November 11, 2020

    When we talk about ransomware, we need to draw a line between what it used to be and what it currently is. Why? Because nowadays ransomware is not just about encrypting data – it’s primarily about data exfiltration. After that, it’s about data encryption and leaving convincing proof that the attacker was in the network, ...

  • Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic

    November 11, 2020

    The Ragnar Locker ransomware group has decided to ratchet up the pressure on its latest high-profile victim, Italian liquor conglomerate Campari, by taking out Facebook ads threatening to release the 2TB of sensitive data it stole in a Nov. 3 attack – unless a $15 million ransom is paid in Bitcoin. Campari Group, which is behind ...

  • High-Severity Cisco DoS Flaw Can Immobilize ASR Routers

    November 11, 2020

    A high-severity flaw in Cisco’s IOS XR software could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers (ASR). The flaw stems from Cisco IOS XR, a train of Cisco Systems’ widely deployed Internetworking Operating System (IOS). The OS powers the Cisco ASR 9000 series, which are fully distributed routers engineered to address massive surges ...

  • COVID-19 Data-Sharing App Leaked Healthcare Worker Info

    November 11, 2020

    A platform used by healthcare workers in the Philippines designed to share data about COVID-19 cases contained multiple flaws that exposed healthcare worker data and could potentially could have leaked patient data. Vulnerabilities found in both the COVID-KAYA platform’s web and Android apps allowed for unauthorized users to access private data about the platform’s users and ...

  • (ISC)² Study Reveals the Cybersecurity Workforce Has Grown to 3.5 Million Professionals Globally

    November 11, 2020

    (ISC)² – the world’s largest nonprofit association of certified cybersecurity professionals – today released the findings of its 2020 Cybersecurity Workforce Study. 3,790 respondents, all of whom dedicate at least 25% of their time to cybersecurity tasks, were surveyed across 14 geographies in order to accurately assess the size of the current cybersecurity workforce and ...

  • Recent ransomware wave targeting Israel linked to Iranian threat actors

    November 11, 2020

    Two recent ransomware waves that targeted Israeli companies have been traced back to Iranian threat actors, multiple sources have told ZDNet today. The ransomware attacks have been taking place since mid-October, have ramped up this month, and have repeatedly focused on Israeli targets. Israeli companies of all sizes have been targeted by threat actors using the Pay2Key ...

  • CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server

    November 10, 2020

    Microsoft released a patch today for a critical vulnerability (CVE-2020-17051) in the Windows NFSv3 (Network File System) server. NFS is typically used in heterogenous environments of Windows and Unix/Linux for file sharing. The vulnerability can be reproduced to cause an immediate BSOD (Blue Screen of Death) within the nfssvr.sys driver. Interestingly, the November patches from ...

  • Microsoft Patch Tuesday Update Fixes 17 Critical Bugs

    November 10, 2020

    Microsoft’s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution (RCE) bugs. Twelve of Microsoft’s 17 critical patches were tied to RCE bugs. In all, 112 vulnerabilities were patched by Microsoft, with 93 rated important, and two rated low in severity. Tracked as CVE-2020-17087, one Windows kernel local elevation ...

  • Singapore moots mandatory offsite verification for financial institutions

    November 10, 2020

    Singapore is considering the need for various personal information, such as password and biometrics, to facilitate “non-face-to-face” verification for financial services. This comes amidst a rise in impersonation scam cases and risks of personal data theft. In a consultation paper released Tuesday, the Monetary Authority of Singapore (MAS) mooted the mandatory use of at least one ...

  • New Platypus attack can steal data from Intel CPUs

    November 10, 2020

    A team of academics has disclosed today a new attack method that can extract data from Intel CPUs. Named Platypus, an acronym for “Power Leakage Attacks: Targeting Your Protected User Secrets,” the attack targets the RAPL interface of Intel processors. RAPL, which stands for Running Average Power Limit, is a component that allows firmware or software applications ...

  • Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

    November 9, 2020

    A widely used hotel reservation platform has exposed 10 million files related to guests at various hotels around the world, thanks to a misconfigured Amazon Web Services S3 bucket. The records include sensitive data, including credit-card details. Prestige Software’s “Cloud Hospitality” is used by hotels to integrate their reservation systems with online booking websites like Expedia ...