APT Breach Bug CVE Cyber Security Data leak DDoS Espionage Hacking Malvertise Malware Ransomware RCE Scam Virus Vulnerability

13 yr. old hacked school computers, arrested, Watchmaker Swatch shuts down IT systems, and more

Major cybersecurity events on 30th September 2020 (Morning Post): NatWest joins forces with Malwarebytes to provide free virus protection to customers. Exorcist 2.0 ransomware delivered through fake software crack sites. More than 247K Exchange servers unpatched for actively exploited flaw.

Round Up of Major Breaches and Scams

13-year-old student arrested for hacking school computers

The student faces a felony charge for allegedly hacking an Indiana school district’s computer system. According to a report from the Times of Northwest Indiana, a 13-year old student from Benjamin Franklin Middle School has been arrested for hacking into the school’s computer system. It is a reputable public school with 820 students and an 18 to 1 student-teacher ratio. Valparaiso police Capt. Joe Hal said that the student faces a felony charge after investigators found him responsible for the disruption in the Valparaiso Community Schools’ online learning system.

New Campaign by China-Linked Group Targets US Orgs for First Time

In a least one instance, the Palmerworm APT group was able to remain undetected on a compromised system for nearly six months, according to Symantec. Researchers from Symantec have uncovered a new cyber espionage campaign by a likely China-based advanced persistent threat (APT) group called Palmerworm. The group is targeting organizations in multiple countries including, for the first time, the US.

Yevgeniy Nikulin sentenced to 88 months for hacks of LinkedIn, Dropbox, and Formspring

More than two years after he was extradited from Czechoslovakia where he was arrested in 2016 for hacking LinkedIn, Dropbox, and Formspring, Russian national Yevgeniy Nikulin was sentenced today to 88 months by Judge William Alsup in federal court in northern California. Nikulin, also known as “Chinabig01,” “dex.007, ” “valeriy.krutov3, and “itBlackHat,” had been charged with three counts of computer intrusion, two counts of damaging a protected computer, two counts of aggravated identity theft, one count of conspiracy, and one count of trafficking in unauthorized access devices for the hacks that occurred in 2012.

Round Up of Major Malware and Ransomware Incidents

Natwest and Malwarebytes team up to provide free virus protection

Customers of National Westminster (NatWest) Bank are now eligible to receive a free copy of Malwarebytes Premium subscription for up to 10 devices. NatWest is a prominent British banking giant with upwards of 7.5 million personal banking customers and 850,000 small business accounts. In a press release, Alasdair MacFarlenee, the Head of Fraud Prevention at NatWest, stated that the bank has partnered with Malwarebytes to provide free virus protection to its customers.

Swiss watchmaker Swatch shuts down IT systems to stop cyberattack

Swiss watchmaker Swatch Group shut down its IT systems over the weekend after identifying a cyberattack targeting its organization. Swatch Group is a Swiss watchmaker known for its colorful watches commonly found in department stores and employs over 36,000 people with $9.6 billion in revenue for 2019. In a statement to BleepingComputer, Swatch Group stated that they detected a cyberattack over the weekend and shut down their IT system so prevent the spread of the attack.

Fake software crack sites used to push Exorcist 2.0 Ransomware

The threat actors behind the Exorcist 2.0 ransomware are using malicious advertising to redirect victims to fake software crack sites that distribute their malware. According to security researcher Nao_Sec, PopCash malvertising is redirecting users from legitimate sites to a fake software crack site. This crack site, shown below, pretends to offer download links for the programs that break copyright protection on commercial software so that it can be used for free.

Round Up of Major Vulnerabilities and Patches

Over 247K Exchange servers unpatched for actively exploited flaw

More than 247,000 Microsoft Exchange servers are to be patched against the CVE-2020-0688 post-auth remote code execution (RCE) vulnerability impacting all Exchange Server versions under support. The CVE-2020-0688 RCE flaw exists in the Exchange Control Panel (ECP) component — enabled in default configurations — and it enables potential attackers to remotely take over vulnerable Exchange servers using any valid email credentials.

Cisco fixes actively exploited issues in IOS XR Network OS

Cisco addressed two actively exploited DoS vulnerabilities that reside in the IOS XR software that runs on multiple carrier-grade routers. Cisco addressed two high severity memory exhaustion DoS vulnerabilities that reside in the IOS XR Network OS that runs on multiple carrier-grade routers. The company confirmed that both vulnerabilities are actively exploited in attacks in the wild. At the end of August, Cisco warned that attackers are trying to exploit a high severity memory exhaustion denial-of-service (DoS) vulnerability (CVE-2020-3566) affecting the Cisco IOS XR Network OS that runs on carrier-grade routers.

Vulnerability in Wireless Router Chipsets Prompts Advisory

Synopsys issues an advisory for vulnerabilities affecting the chipsets of wireless routers from Qualcomm, Mediatek, and Realtek. Synopsys has issued an advisory warning of authentication bypass vulnerabilities in multiple wireless router chipsets built into devices manufactured by Qualcomm, MediaTek, and Realtek. CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991 refer to a partial authentication bypass vulnerability affecting multiple products from these manufacturers.