Cyber Security News October 2020

This posting is here to collect cyber security news October 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

cybergedeon_flame_color

249 Comments

  1. Tomi Engdahl says:

    Hackers Steal Swiss University Salaries
    https://www.securityweek.com/hackers-steal-swiss-university-salaries

    As yet unidentifed hackers have managed to steal employee salary payments at several Swiss universities, officials said Sunday.

    “According to our information, several top schools in Switzerland have been affected,” Martina Weiss, director general of the rectors group of Switzerland’s public universities, told AFP.

    Reply
  2. Tomi Engdahl says:

    Hackers claim they can now jailbreak Apple’s T2 security chip
    https://www.zdnet.com/article/hackers-claim-they-can-now-jailbreak-apples-t2-security-chip/

    Jailbreak involves combining last year’s checkm8 exploit with the Blackbird vulnerability disclosed this August.

    Reply
  3. Tomi Engdahl says:

    Five bar and cafe owners arrested in France for running no-log WiFi networks
    https://www.zdnet.com/article/five-bar-and-cafe-owners-arrested-in-france-for-running-no-log-wifi-networks/

    A 2006 French law says any person who provides internet access must keep access logs for at least one year.

    Reply
  4. Tomi Engdahl says:

    Australian telco security coordinator concerned at network virtualisation plans
    https://www.zdnet.com/article/australian-telco-security-coordinator-concerned-at-network-virtualisation-plans/

    Communications Access Coordinator received 32 notifications from the nation’s telcos in the year to June 30.

    Australia’s Communications Access Coordinator (CAC) is concerned by the level of understanding within the nation’s telcos about the risk that network virtualisation can introduce.

    The CAC role was created under Australia’s Telecommunications Sector Security Reforms (TSSR) and is charged with assessing whether changes made by telcos to their networks expose them to unauthorised access or interference, and if that is the case, it issues recommendations for changes.

    The report also said the CAC received multiple notices of a carrier proposing to use a managed service provider, where the CAC thought the carrier would lose its ability to “maintain competent supervision of, and effective control over, telecommunications networks and facilities owned or operated by the carrier”.

    Reply
  5. Tomi Engdahl says:

    Suspected Chinese Hackers Unleash Malware That Can Survive OS Reinstalls
    It works to create a Trojan file called ‘IntelUpdate.exe’ in the Startup Folder, which will reinstall itself even if the user finds it and deletes it, according to Kaspersky Lab.
    https://uk.pcmag.com/security/129035/suspected-chinese-hackers-unleash-malware-that-can-survive-os-reinstalls

    Reply
  6. Tomi Engdahl says:

    Myöhästyykö odotettu koronarokote? Ongelmat liittyvät keskeiseen
    sovellukseen
    https://www.tivi.fi/uutiset/tv/a758c9c3-96cc-4861-86bd-00adc7544339
    New York Times kirjoittaa eResearch Technologyyn (ERT) kohdistuneesta
    kiristyshaittaohjelmasta. ERT:n ohjelmistoa käyttävät monet
    lääkevalmistajat muun muassa koronarokotteiden kliinisissä testeissä
    Euroopassa, Aasiassa ja Pohjois-Amerikassa. Lisäksi:
    https://www.nytimes.com/2020/10/03/technology/clinical-trials-ransomware-attack-drugmakers.html.
    Lisäksi:
    https://threatpost.com/covid-19-clinical-trials-ransomware/159877/

    Reply
  7. Tomi Engdahl says:

    Emotet Malware
    https://us-cert.cisa.gov/ncas/alerts/aa20-280a
    To secure against Emotet, CISA and MS-ISAC recommend implementing the
    mitigation measures described in this Alert, which include applying
    protocols that block suspicious attachments, using antivirus software,
    and blocking suspicious IPs.

    Reply
  8. Tomi Engdahl says:

    Microsoft says Iranian hackers are exploiting the Zerologon
    vulnerability
    https://www.zdnet.com/article/microsoft-says-iranian-hackers-are-exploiting-the-zerologon-vulnerability
    Successful attacks would allow hackers to take over servers known as
    domain controllers (DC) that are the centerpieces of most enterprise
    networks and enable intruders to gain full control over their targets.
    Lisäksi:
    https://www.bleepingcomputer.com/news/security/microsoft-iranian-hackers-actively-exploiting-windows-zerologon-flaw/.
    Lisäksi:
    https://threatpost.com/microsoft-zerologon-attack-iranian-actors/159874/.
    Lisäksi:
    https://rootdaemon.com/2020/10/05/microsoft-says-iranian-hackers-are-exploiting-the-zerologon-vulnerability/

    Reply
  9. Tomi Engdahl says:

    REvil Ransomware Gang Offers $1 Million As Part Of Recruitment Drive
    https://www.forbes.com/sites/simonchandler/2020/10/06/revil-ransomware-gang-offers-1-million-as-part-of-recruitment-drive/
    The criminal group behind the REvil ransomware operation has deposited
    bitcoin worth $1 million on a Russian-speaking hacker website, as part
    of a drive to recruit more members.

    Reply
  10. Tomi Engdahl says:

    Release the Kraken: Fileless APT attack abuses Windows Error Reporting
    service
    https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/
    On September 17th, we discovered a new attack called Kraken that
    injected its payload into the Windows Error Reporting (WER) service as
    a defense evasion mechanism. Lisäksi:
    https://www.bleepingcomputer.com/news/security/hackers-abuse-windows-error-service-in-fileless-malware-attack/.
    Lisäksi:
    https://threatpost.com/apt-attack-malware-windows-error-reporting/159861/

    Reply
  11. Tomi Engdahl says:

    Critical Vulnerabilities Expose Pepperl+Fuchs Industrial Switches to Attacks
    https://www.securityweek.com/critical-vulnerabilities-expose-pepperlfuchs-industrial-switches-attacks

    Researchers discovered several potentially serious vulnerabilities in Pepperl+Fuchs Comtrol’s RocketLinx industrial switches, including ones that can be exploited to take complete control of devices.

    Reply
  12. Tomi Engdahl says:

    Cisco Ordered to Pay $1.9 Billion in Cybersecurity Patent Infringement Case
    https://www.securityweek.com/cisco-ordered-pay-19-billion-cybersecurity-patent-infringement-case

    A US district judge has ordered Cisco to pay $1.9 billion to Centripetal Networks, Inc., for infringing on four patents related to cybersecurity.

    Founded in 2009, Centripetal focuses on cyber threat intelligence, providing solutions that help organizations defeat cyber-attacks. The company has developed technology for operationalizing and automating threat intelligence and has been awarded various patents in the United States and abroad.

    In a lawsuit filed in the Eastern District of Virginia in March 2018, the company claimed that numerous Cisco product series have been infringing on five of its patents for years.

    Reply
  13. Tomi Engdahl says:

    Microsoft Paid Out Over $374,000 for Azure Sphere Vulnerabilities
    https://www.securityweek.com/microsoft-paid-out-over-374000-azure-sphere-vulnerabilities

    Microsoft on Tuesday shared the results of its three-month-long Azure Sphere Security Research Challenge and the company says it has paid out more than $374,000 to participants.

    The Azure Sphere Security Research Challenge, announced in May, invited security researchers to find vulnerabilities in Azure Sphere, Microsoft’s IoT security solution, which the tech giant designed to provide end-to-end security across hardware, operating system and the cloud.

    Reply
  14. Tomi Engdahl says:

    Apple’s T2 Security Chip Has an Unfixable Flaw
    The Checkm8 vulnerability that exposed years of iPhones to jailbreaking has finally been exploited in Macs as well.
    https://www.wired.com/story/apple-t2-chip-unfixable-flaw-jailbreak-mac/

    Reply
  15. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    Microsoft says Iranian state-sponsored hackers are actively exploiting Zerologon, a Windows vulnerability in the

    Netlogon protocol
    https://www.zdnet.com/article/microsoft-says-iranian-hackers-are-exploiting-the-zerologon-vulnerability/

    Reply
  16. Tomi Engdahl says:

    HEH, a new IoT P2P Botnet going after weak telnet services
    https://blog.netlab.360.com/heh-an-iot-p2p-botnet/

    Recently, 360Netlab threat detection system captured a batch of unknown samples. The CPU architectures supported by this batch of samples are broad, including x86(32/64), ARM(32/64), MIPS(MIPS32/MIPS-III) and PPC, it is spreading through brute force of the Telnet service on ports 23/2323, which means the bot does not really care of what the end devices are, as long as it can enter the device, it will try its luck to infect the target. The botnet is written in Go language, and uses proprietary P2P protocol, we named it HEH Botnet .

    Reply
  17. Tomi Engdahl says:

    BAHAMUT Spies-for-Hire Linked to Extensive Nation-State Activity
    https://threatpost.com/bahamut-spies-nation-state/159925/
    Researchers uncovered a sophisticated, incredibly well-resourced APT
    that has its fingers in wide-ranging espionage and disinformation
    campaigns.

    Reply
  18. Tomi Engdahl says:

    QNAP fixes critical flaws that could lead to device takeover
    https://www.bleepingcomputer.com/news/security/qnap-fixes-critical-flaws-that-could-lead-to-device-takeover/
    QNAP has addressed two critical security vulnerabilities in the
    Helpdesk app that could enable potential attackers to take over
    unpatched QNAP network-attached storage (NAS) devices.

    Reply
  19. Tomi Engdahl says:

    ALERT! Hackers targeting IoT devices with a new P2P botnet malware
    https://thehackernews.com/2020/10/p2p-iot-botnet.html
    Cybersecurity researchers have taken the wraps off a new botnet
    hijacking Internet-connected smart devices in the wild to perform
    nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin
    mining. Lisäksi: https://blog.netlab.360.com/heh-an-iot-p2p-botnet/

    Reply
  20. Tomi Engdahl says:

    Risky business: survey shows majority of people use work devices for
    personal use
    https://blog.malwarebytes.com/malwarebytes-news/2020/10/work-devices-for-personal-use/
    There’s no denying the coronavirus pandemic is having a significant
    impact on the way we use technology. Some changes feel like a subtle
    acceleration of behavioral shifts that were already well underway
    (i.e. more online shopping and more streaming TV/movies).

    Reply
  21. Tomi Engdahl says:

    Android’s October 2020 Security Update Patches 48 Vulnerabilities
    https://www.securityweek.com/androids-october-2020-security-update-patches-48-vulnerabilities

    The October 2020 security updates for Android patch a total of 48 vulnerabilities, including critical-severity flaws that affect Qualcomm closed-source components.

    Twenty of the vulnerabilities described in the latest Android Security Bulletin were patched as part of the 2020-10-01 security patch level, the most important of which is a high-risk bug in System that could allow a remote attacker to gain additional permissions.

    https://source.android.com/security/bulletin/2020-10-01.html

    Reply
  22. Tomi Engdahl says:

    Researcher Finds Vulnerabilities in Products of 10 Cybersecurity Vendors
    https://www.securityweek.com/researcher-finds-vulnerabilities-products-10-cybersecurity-vendors

    A researcher at privileged access management solutions provider CyberArk has discovered vulnerabilities in the products of 10 cybersecurity vendors.

    CyberArk researcher Eran Shimony reported this week that he identified flaws in products from Kaspersky (advisory), McAfee, Symantec, Fortinet, Checkpoint, Trend Micro, Avira, Microsoft, Avast and F-Secure. He reported his findings to impacted vendors and they have all released patches.

    https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720

    Reply
  23. Tomi Engdahl says:

    Smoke and Mirrors – Hack-for-Hire Group Builds Fake Online Empire
    https://www.securityweek.com/smoke-and-mirrors-hack-hire-group-builds-fake-online-empire

    Hack-for-hire group BAHAMUT managed to build a fake online empire to leverage in cyber-espionage operations targeting the Middle East and other regions around the world, BlackBerry reports.

    Reply
  24. Tomi Engdahl says:

    Jay Peters / The Verge:
    Google announces security features, including cross-app alerts for account security issues, coming first to iOS, and Assistant guest mode for some Nest devices — They’re rolling out on a limited basis in the coming weeks — Google is announcing a few security-related updates today …

    Google is adding cross-app account security alerts on iOS
    They’re rolling out on a limited basis in the coming weeks
    https://www.theverge.com/2020/10/7/21505036/google-security-alert-cross-app-guest-mode-assistant-safety-center?scrolla=5eb6d68b7fedc32c19ef33b4

    Reply
  25. Tomi Engdahl says:

    Court records in an arson case show that Google gave away data on people who searched for a specific address.

    Google is giving data to police based on search keywords, court docs show
    https://www.cnet.com/news/google-is-giving-data-to-police-based-on-search-keywords-court-docs-show/

    Court records in an arson case show that Google gave away data on people who searched for a specific address.

    There are few things as revealing as a person’s search history, and police typically need a warrant on a known suspect to demand that sensitive information. But a recently unsealed court document found that investigators can request such data in reverse order by asking Google to disclose everyone who searched a keyword rather than for information on a known suspect.

    sending a search warrant to Google that requested information on “users who had searched the address of the residence close in time to the arson.”

    Court documents showed that Google provided the IP addresses of people who searched for the arson victim’s address, which investigators tied to a phone number belonging to Williams. Police then used the phone number records to pinpoint the location of Williams’ device near the arson, according to court documents.

    The original warrant sent to Google is still sealed, but the report provides another example of a growing trend of data requests to the search engine giant in which investigators demand data on a large group of users rather than a specific request on a single suspect.

    “This ‘keyword warrant’ evades the Fourth Amendment checks on police surveillance,” said Albert Fox Cahn, the executive director of the Surveillance Technology Oversight Project. “When a court authorizes a data dump of every person who searched for a specific term or address, it’s likely unconstitutional.”

    The keyword warrants are similar to geofence warrants, in which police make requests to Google for data on all devices logged in at a specific area and time.

    Reverse search warrants like geofence warrants are being challenged across the US for violating civil rights. Lawmakers in New York have proposed legislation to make these searches illegal, while in Illinois, a federal judge found that the practice violated the Fourth Amendment.

    Google is also facing criticism for complying with broad data requests such as geofence and keyword searches.

    “If Google stored data in a way that was truly de-identified, then they also couldn’t give it to the government,” the Electronic Frontier Foundation’s surveillance litigation director Jennifer Lynch said. “Google’s not setting up their system or changing their practices in a way that could prevent these kinds of searches.”

    Because of how keyword warrants work, there’s concern that innocent people’s online activities will be swept up in the requests.

    Reply
  26. Tomi Engdahl says:

    Juniper Launches Adaptive Threat Profiling, New VPN Features
    https://www.securityweek.com/juniper-launches-adaptive-threat-profiling-new-vpn-features

    Juniper Networks has introduced three new capabilities to improve network visibility, access control and VPN-based remote working.

    The three new features provide adaptive threat profiling for Juniper’s ATP Cloud, the integration of WootCloud HyperContext for device profiling, and Secure Connect VPN for remote working beyond the branch office. The purpose is to improve network visibility and provide consistent policy enforcement across all connected devices.

    Reply
  27. Tomi Engdahl says:

    Russia-Linked Hackers Targeting Russian Industrial Organizations
    https://www.securityweek.com/russia-linked-hackers-targeting-russian-industrial-organizations

    A previously unknown threat group whose members speak Russian has been launching attacks against Russian industrial organizations in a highly targeted espionage campaign, Kaspersky reported on Thursday.

    According to Kaspersky, the group calls its toolset MT3 and based on this the cybersecurity company has named the threat actor MontysThree.

    Reply
  28. Tomi Engdahl says:

    U.S. Seizes Domain Names Used by Iran for Disinformation
    https://www.securityweek.com/us-seizes-domain-names-used-iran-disinformation

    The United States this week announced that it seized a total of 92 domain names that an Iran-linked adversary was leveraging in a global disinformation campaign.

    Although four of the domains pretended to be genuine news outlets, they were controlled by Iran’s Islamic Revolutionary Guard Corps (IRGC) to spread Iranian propaganda targeting the United States, while the remaining websites were spreading propaganda to other countries.

    The manner in which these domains were being used was in violation of sanctions the U.S. imposed on both the government of Iran and the IRGC.

    As of April 2019, the United States has designated the IRGC as a foreign terrorist organization. The organization was found to have provided material support to terrorist groups such as Hizballah, Hamas, and the Taliban.

    On October 7, pursuant to a seizure warrant, the United States seized 92 domain names that were being operated in violation of federal law. Four of these were seized pursuant to the Foreign Agents Registration Act (FARA), which requires the submission of periodic registration statements about activities and income.

    “The four domains purported to be independent news outlets, but were actually operated by or on behalf of the IRGC to target the United States with pro-Iranian propaganda in an attempt to influence the American people to change United States foreign and domestic policy toward Iran and the Middle East,” the U.S. Department of Justice says.

    These domains, the DoJ explains, targeted an audience in the U.S. without proper registration pursuant to FARA and also failed to inform the audience that the IRGC and the government of Iran were in control of the published content.

    Reply
  29. Tomi Engdahl says:

    Hacker Who Helped Islamic State to Remain in US Prison
    https://www.securityweek.com/hacker-who-helped-islamic-state-remain-us-prison

    A computer hacker who gave the Islamic State group personal data of more than 1,300 U.S. government and military personnel will remain in a federal prison after a judge rejected his request for compassionate release.

    Ardit Ferizi, 24, is serving a 20-year sentence. The native of Kosovo is the first person convicted in the U.S. of both computer hacking and terrorism charges. He is currently held at a federal prison in Lewisburg, Pennsylvania, and is scheduled for release in 2032 if he gets credit for good behavior.

    Reply
  30. Tomi Engdahl says:

    3-Month Apple Hack Turns Up 55 Vulnerabilities – 11 Critical >

    Wormable Apple iCloud Bug Allows Automatic Photo Theft
    https://threatpost.com/3-month-apple-hack-vulnerabilities-critical/159988/

    Reply
  31. Tomi Engdahl says:

    E-money giant Paysafe processed mafia-linked transactions
    https://irpimedia.irpi.eu/paysafe-e-wallets-mafia-transactions/

    Online casinos accused of mafia money laundering needed a way to move millions of euros under the radar. Fast and “hard to trace”, e-wallets proved to be the perfect solution, Italian investigators say

    Reply
  32. Tomi Engdahl says:

    Microsoft cloud outages continue as Office and Outlook customers report problems
    Microsoft’s cloud services problems are continuing this week with more Azure and Microsoft 365 services issues for some customers. Here’s what’s happened and why.
    https://www.zdnet.com/article/microsoft-cloud-services-outages-continue-into-week-two/

    Reply
  33. Tomi Engdahl says:

    Microsoft takes down massive hacking operation that could have affected the election
    https://edition.cnn.com/2020/10/12/tech/microsoft-election-ransomware/index.html?utm_source=fbCNN&utm_term=link&utm_medium=social&utm_content=2020-10-12T12%3A33%3A09

    Microsoft has disrupted a massive hacking operation that it said could have indirectly affected election infrastructure if allowed to continue.

    The company said Monday it took down the servers behind Trickbot, an enormous malware network that criminals were using to launch other cyberattacks, including a strain of highly potent ransomware.
    Microsoft said it obtained a federal court order to disable the IP addresses associated with Trickbot’s servers, and worked with telecom providers around the world to stamp out the network. The action coincides with an offensive by US Cyber Command to disrupt the cybercriminals, at least temporarily, according to The Washington Post.

    Reply
  34. Tomi Engdahl says:

    OCT 20
    Microsoft Uses Trademark Law to Disrupt Trickbot Botnet
    https://krebsonsecurity.com/2020/10/microsoft-uses-copyright-law-to-disrupt-trickbot-botnet/

    Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot, a global menace that has infected millions of computers and is used to spread ransomware. A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks. However, it appears the operation has not completely disabled the botnet.

    Reply
  35. Tomi Engdahl says:

    Undocumented backdoor that covertly takes snapshots found in kids’ smartwatch
    The X4, made and jointly developed in China, raises concerns.
    https://arstechnica.com/information-technology/2020/10/a-watch-designed-exclusively-for-kids-has-an-undocumented-spying-backdoor/

    popular smartwatch designed exclusively for children contains an undocumented backdoor that makes it possible for someone to remotely capture camera snapshots, wiretap voice calls, and track locations in real time, a researcher said.

    The X4 smartwatch is marketed by Xplora, a Norway-based seller of children’s watches. The device, which sells for about $200, runs on Android and offers a range of capabilities, including the ability to make and receive voice calls to parent-approved numbers and to send an SOS broadcast that alerts emergency contacts to the location of the watch. A separate app that runs on the smartphones of parents allows them to control how the watches are used and receive warnings when a child has strayed beyond a present geographic boundary.

    The backdoor is activated by sending an encrypted text message.

    “I wouldn’t want that kind of functionality in a device produced by a company like that,” Sand said, referring to the backdoor and Qihoo 360.

    The existence of an undocumented backdoor in a watch from a country with known record for espionage hacks is concerning. At the same time, this particular backdoor has limited applicability. To make use of the functions, someone would need to know both the phone number assigned to the watch (it has a slot for a SIM card from a mobile phone carrier) and the unique encryption key hardwired into each device.

    “Sending the SMS triggered a picture to be taken on the watch, and it was immediately uploaded to Xplora’s server,” Sand wrote. “There was zero indication on the watch that a photo was taken. The screen remained off the entire time.”

    Reply
  36. Tomi Engdahl says:

    Exposing covert surveillance backdoors in children’s smartwatches
    https://www.mnemonic.no/blog/exposing-backdoor-consumer-products/
    This blog post provides a technical description of how we discovered a
    backdoor in a smartwatch made for children. The device is a wearable
    smartphone, and the backdoor enables remote and covert surveillance
    through wiretapping, taking pictures, and location tracking. Also:
    https://arstechnica.com/information-technology/2020/10/a-watch-designed-exclusively-for-kids-has-an-undocumented-spying-backdoor/

    Reply
  37. Tomi Engdahl says:

    Microsoft Uses Trademark Law to Disrupt Trickbot Botnet
    https://krebsonsecurity.com/2020/10/microsoft-uses-copyright-law-to-disrupt-trickbot-botnet/
    A court in Virginia granted Microsoft control over many Internet
    servers Trickbot uses to plunder infected systems, based on novel
    claims that the crime machine abused the software giant’s trademarks.
    However, it appears the operation has not completely disabled the
    botnet. Cyber intelligence firm Intel 471 says fully taking down
    Trickbot would require an unprecedented level of collaboration among
    parties and countries that most likely would not cooperate anyway. “As
    a result, it is highly likely a takedown of the Trickbot
    infrastructure would have little medium- to long-term impact on the
    operation of Trickbot, ” Intel 471 wrote in an analysis of Microsoft’s
    action. Also:
    https://www.bleepingcomputer.com/news/security/trickbot-botnet-targeted-in-takedown-operations-little-impact-seen/

    Reply
  38. Tomi Engdahl says:

    BazarLoader used to deploy Ryuk ransomware on high-value targets
    https://www.bleepingcomputer.com/news/security/bazarloader-used-to-deploy-ryuk-ransomware-on-high-value-targets/
    The TrickBot gang operators are increasingly targeting high-value
    targets with the new stealthy BazarLoader trojan before deploying the
    Ryuk ransomware. In a new report, Advanced Intel security researchers
    explain that instead of burning victims with the highly-detected
    TrickBot trojan, threat actors now favor BazarBackdoor as their tool
    of choice for high-value enterprise targets.

    Reply
  39. Tomi Engdahl says:

    Ryuk’s Return
    https://thedfirreport.com/2020/10/08/ryuks-return/
    The Ryuk group went from an email to domain wide ransomware in 29
    hours and asked for over $6 million to unlock our systems. They used
    tools such as Cobalt Strike, AdFind, WMI, vsftpd, PowerShell,
    PowerView, and Rubeus to accomplish their objective.

    Reply
  40. Tomi Engdahl says:

    Sophisticated Android Ransomware Executes with the Home Button
    https://threatpost.com/android-ransomware-home-button/160001/
    A fresh variant of a sophisticated Android ransomware known as
    MalLocker locks up mobile devices — surfacing its ransom note when a
    user hits the Home button. Lisäksi:
    https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/

    Reply
  41. Tomi Engdahl says:

    US Cyber Command has sought to disrupt the world’s largest botnet,
    hoping to reduce its potential impact on the election
    https://www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html
    In recent weeks, the U.S. military has mounted an operation to
    temporarily disrupt what is described as the world’s largest botnet
    one used also to drop ransomware, which officials say is one of the
    top threats to the 2020 election. Myös:
    https://krebsonsecurity.com/2020/10/report-u-s-cyber-command-behind-trickbot-tricks/

    Reply
  42. Tomi Engdahl says:

    Apple’s T2 security chip has an unfixable flaw – Checkm8 vulnerability
    used to jailbreak iPhones hits Macs as well
    https://arstechnica.com/information-technology/2020/10/apples-t2-security-chip-has-an-unfixable-flaw/
    A recently released tool is letting anyone exploit an unusual Mac
    vulnerability to bypass Apple’s trusted T2 security chip and gain deep
    system access. The flaw is one researchers have also been using for
    more than a year to jailbreak older models of iPhones. Worst of all,
    while Apple may be able to slow down potential hackers, the flaw is
    ultimately unfixable in every Mac that has a T2 inside.

    Reply
  43. Tomi Engdahl says:

    Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure
    https://www.intezer.com/blog/cloud-security/kud-i-enter-your-server-new-vulnerabilities-in-microsoft-azure/
    We discovered two vulnerabilities in Microsoft Azure. They existed in
    a popular cloud service called Azure App Services – specifically
    impacting Linux servers – and should be on the radar of enterprise
    organizations that use cloud resources. The first vulnerability
    enabled an attacker with access to the server to take over the App
    Service’s git repository and implant phishing pages accessible through
    the Azure Portal. The second vulnerability allowed an attacker with an
    existing low-severity vulnerability on the application (SSRF) to
    upgrade to full code execution on the App Service and trigger the
    first vulnerability.

    Reply
  44. Tomi Engdahl says:

    Windows Update can be abused to execute malicious programs
    https://www.bleepingcomputer.com/news/security/windows-update-can-be-abused-to-execute-malicious-programs/
    MDSec researcher David Middlehurst discovered that Windows Update
    client (wuauclt) can also be used by attackers to execute malicious
    code on Windows 10 systems. Middlehurst also found a sample using it
    in the wild.

    Reply
  45. Tomi Engdahl says:

    Microsoft October Patch Tuesday fixes 87 bugs, six publicly disclosed
    https://www.bleepingcomputer.com/news/security/microsoft-october-patch-tuesday-fixes-87-bugs-six-publicly-disclosed/
    Of the 87 vulnerabilities fixed today, 12 are classified as Critical,
    and 74 are classified as Important, and one as moderate.

    Reply
  46. Tomi Engdahl says:

    Adobe fixes critical security vulnerability in Flash Player
    https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-security-vulnerability-in-flash-player/
    When successfully exploited, the vulnerability could lead to a crash
    that allows the attacker to execute commands on a visitor’s computer
    remotely. These commands would be executed under the security context
    of the user and would not have administrator privileges. Starting on
    December 31st, 2020, Adobe will no longer distribute or update Adobe
    Flash Player, and web browsers will no longer support the Adobe Flash
    Plugin.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*