Round Up of Major Breaches and Scams
An assisted living services provider in Maryland revealed a data security incident in which attackers encrypted some of its information. In an update posted to its website, Lorien Health Services revealed that the security incident had occurred back on June 6. Upon detecting the incident, Lorien immediately engaged a team of cybersecurity experts to assist with its response and to determine whether any personal information may have been accessed during the incident.
Round Up of Major Malware and Ransomware Incidents
China, Vietnam, and Taiwan are top sources of DDoS botnet activity, but the top data floods use a variety of amplification attacks, a report finds. More than 4.7 million sources in five countries were used to level distributed denial-of-service (DDoS) attacks against victims in the second quarter of 2020, with the portmap protocol most frequently used as an amplification vector to create massive data floods, security and services firm A10 Networks says in its threat report for the second quarter.
Emotet has resurfaced after a five-month hiatus, with more than 250,000 malspam messages being sent to email recipients worldwide. Emotet has returned after a five-month hiatus. Researchers first spotted the malware in a campaign that has spammed Microsoft Office users with hundreds of thousands of malicious emails since Friday. The malware first emerged in 2014, but has since then evolved into a full-fledged botnet that’s designed to steal account credentials and download further malware.
On July 2, we found an archive file with an embedded document pretending to be from the government of India. This file used template injection to drop a malicious template which loaded a variant of Cobalt Strike. One day later, the same threat actor changed their template and dropped a loader called MgBot, executing and injecting its final payload through the use of Application Management (AppMgmt) Service on Windows.
The company warned that cybercriminals are using a black box with proprietary code in attacks to illegally dispense cash across Europe. Cybercriminals are using software from leading ATM manufacturer Diebold in a series of hacks against cash terminals across Europe, forcing the machines to dispense cash to crooks. Criminals using a black-box device common with these type of attacks have increased their activity across Europe by targeting Diebold’s ProCash 2050xe USB terminals.
Round Up of Major Vulnerabilities and Patches
New security features include support for a new standard in Gmail, phishing protection in Chat, and additional admin controls. Google today announced G Suite security updates in Gmail, Meet, and Chat, along with some new tools to help administrators manage and protect enterprise devices in the Admin Console. One of these is the pilot of a standard called Brand Indicators for Message Identification (BIMI) in Gmail.
Adobe issued out-of-band patches for critical flaws tied to 12 CVEs in Photoshop and other applications. Adobe released a slew of patches for critical vulnerabilities Tuesday that were part of an out-of-band security update. Several of the critical flaws are tied to Adobe’s popular Photoshop photo-editing software and allow adversaries to execute arbitrary code on targeted Windows devices.
A threat actor believed to be working for the Iranian government recently launched another round of attacks on Israel’s water sector, and a source tells SecurityWeek that the attackers used vulnerable cellular equipment as a point of entry. Israeli authorities confirmed in late April that hackers had targeted industrial control systems (ICS) at several water and wastewater facilities across the country.