Round Up of Major Breaches and Scams
A carefully coordinated cyber-attack on Lithuania that occurred last week has been described by the republic’s defense minister as one of the “most complex” security incidents to target the Baltic state in recent history. On the night of December 9, cyber-criminals breached multiple content management systems to gain access to 22 different websites operated by Lithuania’s public sector. The attackers then published articles containing misinformation on the sites.
Australia’s consumer watchdog launched legal action against Facebook on Wednesday, alleging the social media giant “misled” thousands of Australians by collecting user data from a free VPN service advertised as private. The platform could face a fine if found guilty of deceiving users, as Australia takes an increasingly assertive stance towards powerful US tech titans. The Australian Competition and Consumer Commission (ACCC) has accused Facebook and two of its subsidiaries — Facebook Israel and Onavo Inc — of misleading people.”
SolarWinds has released a second hotfix for its Orion platform in response to the recent breach, and the company has decided to remove from its website a page listing some of its important customers. IT management and monitoring solutions provider SolarWinds revealed this week that sophisticated threat actors compromised the build system for its Orion monitoring platform, which allowed the attackers to deliver trojanized updates to the firm’s customers between March and June 2020.
Round Up of Major Malware and Ransomware Incidents
An extortion campaign targeting Chinese, Korean, and Japanese speakers recently started using a new piece of spyware, mobile security firm Lookout reported on Wednesday. The campaign is focused on infecting iOS and Android of illicit sites, such as those offering escort services, in order to steal personal information, likely with the intent to blackmail or extort victims. Dubbed Goontact, the spyware typically masquerades as secure messaging applications.
Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research. In a new analysis published by Sophos today and shared with The Hacker News, recent deployments of Ryuk and Egregor ransomware have involved the use of SystemBC backdoor to laterally move across the network and fetch additional payloads for further exploitation.
As the holiday shopping season shifts into high gear, the COVID-19 pandemic is accelerating an ongoing trend: shoppers are opting to buy online. Rather than flooding brick-and-mortar stores with sales, studies suggest a high percentage of shoppers in 2020 will be using online options and e-commerce checkout pages. And, those checkout pages are exactly what cyber criminals are targeting — injecting malicious code into them that will send payment card data directly back to the attackers in a technique some refer to as e-skimming.
Round Up of Major Vulnerabilities and Patches
Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux. While security updates are not yet available for this remote code execution (RCE) vulnerability, HPE has provided Windows mitigation info and is working on addressing the zero-day. Zero-days are publicly disclosed vulnerabilities not yet patched by the vendor which, in some cases, are also actively exploited in the wild or have publicly available proof-of-concept exploits.
As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service (DoS) attacks to deprive subscribers of Internet access and intercept data traffic. The findings form the basis of a new “5G Standalone core security research” exactly six months after the company released its “Vulnerabilities in LTE and 5G Networks 2020” report in June detailing high impact flaws in LTE and 5G protocols.
Updates released this week by Apple for its macOS operating systems patch a total of 59 vulnerabilities, including roughly 30 that could lead to the execution of arbitrary code. An attacker able to exploit the most severe of these issues would execute code within the context of the application, with the same privileges as the current user. Some of the bugs, Apple explains in its advisory, could be exploited to execute code with system or kernel privileges.