News – November 2020


  • PLATINUM SECURITY EXHIBITION confirms its 2nd edition

    November 5, 2020

    Expo Monaco France maintains the 1st Security and Safety event to be held in 2021, Platinum Security Exhibition, with a smaller number of participants and in strict compliance with the government health measures. Save the date 2-3 February 2021 Forum in Monaco. Having followed the evolution of the pandemic very closely and anticipated the new ...

  • New APT hacking group leverages ‘KilllSomeOne’ DLL side-loading

    November 5, 2020

    A new, Chinese advanced persistent threat (APT) group making the rounds performs DLL side-loading attacks including the phrase “KilllSomeOne.” According to Sophos researcher Gabor Szappanos, the group — suspected to be of Chinese origin — is targeting corporate organizations in Myanmar using poorly-written English messages relating to political subjects. Side-loading utilizes DLL spoofing to abuse legitimate Windows ...

  • QBot phishing lures victims using US election interference emails

    November 4, 2020

    The Qbot botnet is now spewing U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns. Qbot (aka Qakbot, Pinkslipbot, and Quakbot) is a banking trojan with worm features actively used since at least 2009 to steal financial data and ...

  • As Maze retires, clients turn to Sekhmet ransomware spin-off Egregor

    November 4, 2020

    As the developers of the Maze ransomware announce their exit from the malware scene, clients are now thought to be turning to Egregor as a substitute. The Maze group has been a devastating force for companies that have fallen victim to the cybercriminals over the past year. What has separated Maze in the past from many other ...

  • VMware Issues Updated Fix For Critical ESXi Flaw

    November 4, 2020

    VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products. Wednesday’s VMware advisory said updated patch versions were available after it was discovered the previous patch, released Oct. 20, did not completely address the vulnerability. That’s because certain versions that were affected were not previously covered in the earlier ...

  • Ransomware-as-a-Service Becomes Increasingly Accessible via Social Media and Open Sources

    November 4, 2020

    Hackers need not search the dark web for access to their very own ransomware platforms these days. Cybercriminals are continually finding new ways to promote their underground businesses and gain the attention of new customers and novice hackers. Several threat actors have recently taken to popular social media and open sources like YouTube, Vimeo, and Sellix ...

  • GrowDiaries Exposes Emails, Passwords of 1.4M Cannabis Growers

    November 4, 2020

    A database linked to GrowDiaries, an online community of cannabis growers, has exposed more than a million users’ email addresses, passwords, IP address records and posts. GrowDiaries is a robust online community of cannabis growing enthusiasts from around the world, where they can share tips, tricks and pictures of their progress. On Oct. 10, researcher Volodymyr ...

  • REvil ransomware gang ‘acquires’ KPOT malware

    November 4, 2020

    The operators of the REvil ransomware strain have “acquired” the source code of the KPOT trojan in an auction held on a hacker forum last month. The sale took place after the KPOT malware author decided to auction off the code, desiring to move off to other projects. The sale was organized as a public auction on ...

  • Healthcare system facing ‘increased and imminent’ cyber threat

    November 3, 2020

    Federal agencies warn that cybercriminals are escalating their extortion attempts against the healthcare sector even as hospitals are facing a nationwide surge in Covid-19 cases. In a joint alert, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers”. The alert ...

  • Cybersecurity: One in three attacks are coronavirus-related

    November 3, 2020

    The UK’s National Cyber Security Centre (NCSC) is ‘stepping up support’ for the National Health Service to help protect UK hospitals and other healthcare organisations against cyberattacks. The NCSC’s Annual Review 2020 reveals that the cyber arm of GCHQ has handled more 200 cyber incidents related to coronavirus during the course of this year – almost ...

  • New RegretLocker ransomware targets Windows virtual machines

    November 3, 2020

    A new ransomware called RegretLocker uses a variety of advanced features that allows it to encrypt virtual hard drives and close open files for encryption. RegretLocker was discovered in October and is a simple ransomware in terms of appearance as it does not contain a long-winded ransom note and uses email for communication rather than a ...

  • APT trends report Q3 2020

    November 3, 2020

    For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They ...

  • Hacker group uses Solaris zero-day to breach corporate networks

    November 2, 2020

    Mandiant, the investigations unit of security firm FireEye, has published details today about a new threat actor it calls UNC1945 that the security firm says it used a zero-day vulnerability in the Oracle Solaris operating system as part of its intrusions into corporate networks. Regular targets of UNC1945 attacks included the likes of telecommunications, financial, and ...

  • Google patches second Chrome zero-day in two weeks

    November 2, 2020

    Google has released a security update today for its Chrome web browser that patches ten security bugs, including one zero-day vulnerability that is currently actively exploited in the wild. Identified as CVE-2020-16009, the zero-day was discovered by Google’s Threat Analysis Group (TAG), a security team at Google tasked with tracking threat actors and their ongoing operations. Read ...

  • Cybersecurity threats to corporate America are present now ‘more than ever,’ SEC chair says

    November 2, 2020

    Securities and Exchange Commission Chairman Jay Clayton is telling corporate America it needs to get much more vigilant on security. In an interview Monday on CNBC’s “Power Lunch,” stressed that significant cybersecurity threats remain, despite the ongoing coronavirus pandemic and election season. “Cyber risks have not gone away with the unfortunate, unforeseen risks we’ve faced with ...

  • Marriott fined £18.4 million by UK watchdog over customer data breach

    November 2, 2020

    The Information Commissioner’s Office (ICO) has fined Marriott £18.4 million over a 2014 data breach, heavily reducing the penalty originally planned due to COVID-19 disruption. The Marriot hotel group was subject to a 2014 data breach impacting the Starwood resort chain, acquired by Marriott in 2015. At the time, threat actors were able to infiltrate Starwood systems ...

  • Abandoned Hunter Biden’s laptop contained phone numbers for the Clintons, Secret Service officers and most of the Obama cabinet

    November 1, 2020

    The son of the man expected by many to be America’s next President abandoned a laptop containing a treasure trove of top-secret material, including his father’s private emails and mobile phone numbers, The Mail on Sunday can reveal. In an astonishing lapse, Hunter Biden chose to protect his MacBook Pro computer – crammed with what an ...