News – October 2020


  • Data watchdog issues biggest ever fine over airline cyberattack

    October 16, 2020

    British Airways has been fined £20 million for “unacceptable” failures that led to personal details of hundreds of thousands of customers’ data being being stolen by hackers in 2018. The fine represents the largest financial penalty issued by the UK’s Information Commissioner’s Office (ICO) to date and is based on GDPR data protection regulation. The incident started ...

  • IAmTheKing and the SlothfulMedia malware family

    October 15, 2020

    On October 1, 2020, the DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with additional context. In June 2018, we published the first report ...

  • Iranian state hacker group linked to ransomware deployments

    October 15, 2020

    Security researchers said they found clues linking recent attacks with the Thanos ransomware to a group of Iranian state-sponsored hackers. While investigating security incidents at several Israeli prominent organizations, security researchers from ClearSky and Profero said they linked the intrusions to MuddyWater, a known Iranian state-sponsored hacking group. The intrusions followed similar patterns, with two tactics being ...

  • Card details for 3 million Dickey’s customers posted on carding forum

    October 15, 2020

    The card details of more than three million customers of Dickey’s Barbecue Pit, the largest barbecue restaurant chain in the US, have been posted this week on a carding and fraud marketplace known as Joker’s Stash. The discovery was made by Gemini Advisory, a cyber-security firm that tracks financial fraud. “We worked with several partner financial institutions ...

  • 20 Arrests In QQAAZZ Multi-Million Money Laundering Case

    October 15, 2020

    An unprecedented international law enforcement operation involving 16 countries has resulted in the arrest of 20 individuals suspected of belonging to the QQAAZZ criminal network which attempted to launder tens of millions of euros on behalf of the world’s foremost cybercriminals. Some 40 house searches were carried out in Latvia, Bulgaria, the United Kingdom, Spain and ...

  • German authorities raid FinFisher offices

    October 14, 2020

    German authorities have raided the offices of FinFisher, a German software company that makes surveillance tools, accused in the past of providing software to oppressive regimes. The raids took place earlier this month, on October 6 and October 8, and were ordered by the Munich Public Prosecutor’s Office. Raids took place at locations across Germany and Romania. ...

  • Microsoft Addresses Windows TCP/IP RCE/DoS Vulnerability

    October 14, 2020

    Microsoft has released a security update to address a protocol vulnerability—CVE-2020-16898—in Windows Transmission Control Protocol (TCP)/IP stack handling of Internet Control Message Protocol version 6 (ICMPv6) Router Advertisement packets. A remote attacker could exploit this vulnerability to take control of an affected system or cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages ...

  • FIN11 Cybercrime Gang Shifts Tactics to Double-Extortion Ransomware

    October 14, 2020

    The FIN11 financial crime gang is shifting its tactics from phishing and credential-theft to ransomware, researchers said. According to FireEye Mandiant researchers, FIN11 is notable for its “sheer volume of activity,” known to run up to five disparate wide-scale email phishing campaigns per week. “At this point, it would be difficult to name a client that ...

  • Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices

    October 14, 2020

    Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things (IoT) devices. According to Google, the vulnerability affects users of Linux kernel versions before 5.9 that support BlueZ. BlueZ, which is an open-source project distributed under ...

  • Two New IoT Vulnerabilities Identified with Mirai Payloads

    October 14, 2020

    Palo Alto Networks is proactively trying to safeguard its customers from attacks however possible. By leveraging its Next-Generation Firewall as sensors on the perimeter to detect malicious payloads and attack patterns, Unit 42 researchers are able to hunt down the menaces out there on the network, be they known or not. Unit 42 researchers have taken ...

  • Threat Brief: Microsoft Vulnerability CVE-2020-16898

    October 14, 2020

    In October 2020, during Microsoft’s Patch Tuesday, a security update (CVE-2020-16898) addressed a critical vulnerability discovered in IPv6 Router Advertisement Options (called “DNS RA options”). This vulnerability resides within the Windows TCP/IP stack that is responsible for handling RA packets. Current exploitation leads to a Denial of Service (DoS) with the possibility of remote code ...

  • Norway says Russian hackers were behind August Parliament attack

    October 13, 2020

    Norway’s Minister of Foreign Affairs Ine Eriksen Søreide today said that Russia is behind the August 2020 cyber-attack on the Norwegian Parliament (Stortinget). “On 24 August, the Storting announced a data breach in their e-mail systems,” Søreide said in a press release published earlier today after a briefing that also included Minister of Defense Frank Bakke-Jensen. The ...

  • European Union: Regulation UE 2019/452 On Foreign Direct Investment Comes Into Application

    October 13, 2020

    As of yesterday, 11 October 2020, the EU Regulation 2019/452 of 19 March 2019 (“Regulation”) on the control of foreign direct investment is directly applicable in Italy. The aim of the Regulation is to establish a common system among Member States of the European Union in order to monitor foreign investment. With this Regulation, the ...

  • Critical Flash Player Flaw Opens Adobe Users to RCE

    October 13, 2020

    Adobe is warning of a critical vulnerability in its Flash Player application for users on Windows, macOS, Linux and ChromeOS operating systems. The vulnerability is the only flaw released this month as part of Adobe’s regularly scheduled patches (markedly less than the 18 flaws addressed during its September regularly scheduled fixes). However, it’s a critical bug ...

  • London Hackney Council hit by ‘serious cyber attack’

    October 13, 2020

    Due to enormous amount of interest and following numerous requests from Cyber Security Review readers, Hackney Council says it has been hit by a “serious cyber attack”, which is affecting many of its services and IT systems. The council says it is working with the UK’s National Cyber Security Centre (NCSC) and the Ministry of Housing ...

  • Software AG Data Released After Clop Ransomware Strike – Report

    October 13, 2020

    Clop and the group’s signature malware has struck again — this time hitting a giant target in the form of German software conglomerate Software AG. The company isn’t paying a mammoth $23 million ransom (so far), and over the weekend it confirmed that the crooks were releasing company data, according to reports. The Clop ransomware cybercriminals ...

  • Cybercriminals Gamble With Victims’ Livelihoods To Pass the Covid-19 Blues

    October 12, 2020

    In the Trend Micro 2020 midyear security report, we discussed how the Covid-19 global pandemic affected the cybersecurity industry. However, the pandemic didn’t just change the way businesses (and subsequently, their employees) operate; the nature of certain criminal activities have also changed in this time of isolation. Interestingly, some of this involves what we might call ...

  • Court orders seizure of ransomware botnet controls as U.S. election nears

    October 12, 2020

    Microsoft said Monday it had used a court order to take control of computers that were installing ransomware and other malicious software on local government networks and threatening to disrupt the November election. The maker of the Windows operating system said it seized a series of internet protocol addresses hosted by U.S. companies that had been ...

  • Hacker groups chain VPN and Windows bugs to attack US government networks

    October 12, 2020

    Hackers have gained access to government networks by combining VPN and Windows bugs, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint security alert published on Friday. Attacks have targeted federal and state, local, tribal, and territorial (SLTT) government networks. Attacks against non-government networks have also been ...

  • Metasploit Shellcodes Attack Exposed Docker APIs

    October 12, 2020

    We have discussed the importance of keeping Docker APIs secure in previous articles, as leaving them exposed can give cybercriminals unfettered access to the host with root privileges. This access can lead to distributed denial of service (DDoS) attacks, remote code execution (RCE), and unauthorized cryptocurrency mining activity. We recently observed an interesting payload deployment using ...