Round Up of Major Breaches and Scams
The student faces a felony charge for allegedly hacking an Indiana school district’s computer system. According to a report from the Times of Northwest Indiana, a 13-year old student from Benjamin Franklin Middle School has been arrested for hacking into the school’s computer system. It is a reputable public school with 820 students and an 18 to 1 student-teacher ratio. Valparaiso police Capt. Joe Hal said that the student faces a felony charge after investigators found him responsible for the disruption in the Valparaiso Community Schools’ online learning system.
In a least one instance, the Palmerworm APT group was able to remain undetected on a compromised system for nearly six months, according to Symantec. Researchers from Symantec have uncovered a new cyber espionage campaign by a likely China-based advanced persistent threat (APT) group called Palmerworm. The group is targeting organizations in multiple countries including, for the first time, the US.
More than two years after he was extradited from Czechoslovakia where he was arrested in 2016 for hacking LinkedIn, Dropbox, and Formspring, Russian national Yevgeniy Nikulin was sentenced today to 88 months by Judge William Alsup in federal court in northern California. Nikulin, also known as “Chinabig01,” “dex.007, ” “valeriy.krutov3, and “itBlackHat,” had been charged with three counts of computer intrusion, two counts of damaging a protected computer, two counts of aggravated identity theft, one count of conspiracy, and one count of trafficking in unauthorized access devices for the hacks that occurred in 2012.
Round Up of Major Malware and Ransomware Incidents
Customers of National Westminster (NatWest) Bank are now eligible to receive a free copy of Malwarebytes Premium subscription for up to 10 devices. NatWest is a prominent British banking giant with upwards of 7.5 million personal banking customers and 850,000 small business accounts. In a press release, Alasdair MacFarlenee, the Head of Fraud Prevention at NatWest, stated that the bank has partnered with Malwarebytes to provide free virus protection to its customers.
Swiss watchmaker Swatch Group shut down its IT systems over the weekend after identifying a cyberattack targeting its organization. Swatch Group is a Swiss watchmaker known for its colorful watches commonly found in department stores and employs over 36,000 people with $9.6 billion in revenue for 2019. In a statement to BleepingComputer, Swatch Group stated that they detected a cyberattack over the weekend and shut down their IT system so prevent the spread of the attack.
The threat actors behind the Exorcist 2.0 ransomware are using malicious advertising to redirect victims to fake software crack sites that distribute their malware. According to security researcher Nao_Sec, PopCash malvertising is redirecting users from legitimate sites to a fake software crack site. This crack site, shown below, pretends to offer download links for the programs that break copyright protection on commercial software so that it can be used for free.
Round Up of Major Vulnerabilities and Patches
More than 247,000 Microsoft Exchange servers are to be patched against the CVE-2020-0688 post-auth remote code execution (RCE) vulnerability impacting all Exchange Server versions under support. The CVE-2020-0688 RCE flaw exists in the Exchange Control Panel (ECP) component — enabled in default configurations — and it enables potential attackers to remotely take over vulnerable Exchange servers using any valid email credentials.
Cisco addressed two actively exploited DoS vulnerabilities that reside in the IOS XR software that runs on multiple carrier-grade routers. Cisco addressed two high severity memory exhaustion DoS vulnerabilities that reside in the IOS XR Network OS that runs on multiple carrier-grade routers. The company confirmed that both vulnerabilities are actively exploited in attacks in the wild. At the end of August, Cisco warned that attackers are trying to exploit a high severity memory exhaustion denial-of-service (DoS) vulnerability (CVE-2020-3566) affecting the Cisco IOS XR Network OS that runs on carrier-grade routers.
Synopsys issues an advisory for vulnerabilities affecting the chipsets of wireless routers from Qualcomm, Mediatek, and Realtek. Synopsys has issued an advisory warning of authentication bypass vulnerabilities in multiple wireless router chipsets built into devices manufactured by Qualcomm, MediaTek, and Realtek. CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991 refer to a partial authentication bypass vulnerability affecting multiple products from these manufacturers.