Categories
ACE Breach Bug Cross-site Scripting CVE Cyber Security Data leak DDoS Emotet Ransomware RCE Scam Skimming Vulnerability Zero-day

Credit card skimmer Baka evades detection methods, Netwalker targets Pakistani power utility K-Electric, and more

Major cybersecurity events on 9th September 2020 (Morning Post): Russian government claims that USA, UK, Ukrainian DDoS attacks targeted voting in Russian Federation. France, Japan, and New Zealand warn of a surge in Emotet attacks. Adobe InDesign, Framemaker, and Experience Manager flaws fixed.

Round Up of Major Breaches and Scams

Swiss Official Airs Concerns About Data Privacy in US

A Swiss federal commissioner announced Tuesday that a U.S.-Swiss program aimed to protect personal information exchanged between the two countries doesn’t go far enough, and has downgraded the United States to rank it as a country deemed to have inadequate data protection. Federal Data Protection and Information Commissioner Adrian Lobsiger recommends that Swiss companies or government should disclose personal data to the U.S. only if safeguards are put in place to protect people from prying U.S. authorities.

DDoS attacks from the USA, UK, Ukraine were recorded during the voting in the Russian Federation

Andrey Krutskikh, special representative of the President of Russia for international cooperation in the field of information security, said on Monday at a conference on cybersecurity that the sources of DDoS attacks on Russian government agencies during the voting on amendments to the constitution were recorded from the United States, Great Britain, Ukraine and a number of CIS countries. He noted that in 2020, attacks with the aim of affecting critical infrastructure and electoral processes have become commonplace.

“Baka” Credit Card Skimmer Poses Anti-Detection Capabilities: Visa

Payment cards provider Visa has warned its users about a new credit card skimming malware dubbed “Baka” that can evade traditional detection methods. The skimmer was discovered by Visa’s Payment Fraud Disruption (PFD) division while analyzing a command and control (C2) server, which also found seven C2 servers hosting the Baka skimming kit. Along with the basic features offered by various skimming kits, the Baka skimmer has certain advanced capabilities that helps it bypass security scanners.

DOJ Scam Targets Elderly Americans

Unscrupulous criminals are impersonating employees of the United States Department of Justice to scam elderly victims of crime. The DOJ issued a fraud alert on Friday in which it strongly encouraged the public to remain vigilant and urged them not to provide personal information over the phone to anyone claiming to be from the department. An alert was issued after the Office of Justice Programs’ Office for Victims of Crime (OVC) received multiple reports that individuals claiming to represent the Department of Justice are calling members of the public as part of an imposter scam.

Round Up of Major Malware and Ransomware Incidents

Netwalker ransomware hits Pakistan’s largest private power utility

K-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services. K-Electric is Pakistan’s largest power supplier, serving 2.5 million customers and employing over 10 thousand people. Starting yesterday, K-Electric customers have been unable to access the online services for their account. To resolve this issue, K-Electric appears to be trying to reroute users through a staging site, but are currently having difficulties.

France, Japan, and New Zealand warn of a surge in Emotet attacks

Cybersecurity agencies from multiple countries are warning of the surge of Emotet attacks targeting the private sector and public administration entities. Cybersecurity agencies across Asia and Europe are warning of Emotet spam campaigns targeting businesses in France, Japan, and New Zealand. The French national cyber-security agency published an alert to warn of a significant increase of Emotet attacks targeting the private sector and public administration entities in France.

Ransomware delays first day of school for Hartford, Connecticut

The Hartford School District in Connecticut has postponed their first day of school as they struggle with getting classroom and transportation systems restored and running after a Labor Day holiday weekend ransomware attack. This school year, most USA school districts had struggled with the decision of how and when they were going to reopen schools due to the COVID-19 pandemic. For the Hartford School District, this choice was taken away from them after suffering a ransomware attack on Saturday.

Round Up of Major Vulnerabilities and Patches

Microsoft Releases September 2020 Security Patches For 129 Flaws

As part of this month’s Patch Tuesday, Microsoft today released a fresh batch of security updates to fix a total of 129 newly discovered security vulnerabilities affecting various versions of its Windows operating systems and related software.Of the 129 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, ChakraCore, SQL Server, Exchange Server, Office, ASP.NET, OneDrive, Azure DevOps, Visual Studio, and Microsoft Dynamics — that received new patches, 23 are listed as critical, 105 are important, and one is moderate in severity.

WordPress Plug-in Has Critical Zero-Day

The vulnerability in WordPress File Manager could allow a malicious actor to take over the victim’s website. A popular plug-in for WordPress is the subject of a zero-day vulnerability that may expose more than 700,000 sites to malicious exploit. The WordPress File Manager plug-in is generally used to allow website users to upload image files, but a flaw in the plug-in’s file type checking could allow a user to upload a file with an embedded web shell. That web shell could then be used to launch a site takeover against the victim.

Critical Intel Active Management Technology Flaw Allows Privilege Escalation

Intel patched a critical privilege escalation vulnerability in its Active Management Technology (AMT), which is used for remote out-of-band management of PCs. AMT is part of the Intel vPro platform (Intel’s umbrella marketing term for its collection of computer hardware technologies) and is primarily used by enterprise IT shops for remote management of corporate systems. The flaw can be exploited by an unauthenticated attacker on the same network, in order to gain escalated privileges.

Adobe fixes critical flaws in Adobe InDesign, Framemaker, and Experience Manager

Adobe has released security updates to address 12 critical vulnerabilities in Adobe InDesign, Adobe Framemaker, and Adobe Experience Manager. Adobe has released security updates to address twelve critical vulnerabilities that could be exploited by attackers to execute arbitrary code on systems running vulnerable versions of Adobe InDesign, Adobe Framemaker, and Adobe Experience Manager.

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process.

Multiple Vulnerabilities in SAP Products Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in SAP products, the most severe of which could allow for arbitrary code execution. SAP is a software company which creates software to manage business operations and customer relations. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems.

Bug in Google Maps Opened Door to Cross-Site Scripting Attacks

A researcher earned a double-payment totaling $10,000 for a cross-site scripting (XSS) bug he found in Google Maps. He earned $5,000 initially. But when Google’s patch fell short, the researcher earned a second $5,000 for discovering the bypass to the fix. Zohar Shachar, head of application security at Wix.com, reported the flaw to Google on April 23 and was issued a $5,000 reward soon after. Google publicly disclosed the issue, declaring it “fixed” on June 7.