Categories
Botnet Breach CVE Cyber Security Malware Ransomware RCE Trojan Vulnerability

Expiring SSL certificates affect smart appliances, Thanos’ weaponized research tools target Windows users, and more

Major cybersecurity events on 11th June 2020 (Morning Post): Indian firm Compsys invites law suits after registering hoax domains. Snake Ransomware hits Honda and Energy Co. Contract tracing apps on Google Play deployed to steal data. Voting tech used in 5 US states fatally flawed.

Round Up of Major Breaches and Scams

Slovak police found wiretapping devices connected to the Govnet government network

Slovak National Criminal Agency (NAKA) seized wiretapping devices connected to the Govnet network and arrested four individuals, including the head of a government agency, who was responsible for managing the government network. Govnet is a network that interconnects different Slovak government agencies. Slovak authorities were investigating a series of suspicious devices that were discovered connected to the government’s IT network.

Expiring SSL certs expected to break smart TVs, fridges, and IoTs

On May 30th, select Roku streaming channels stopped working, leaving impacted customers clueless with no idea what was wrong. The same day payment platforms Stripe and Spreedly experienced disruptions and blamed it on expiring Certificate Authority (CA) root certificates. We always knew SSL certificates came with an expiration date, but we didn’t plan for the fact it’d be happening this year!

Bogus ‘Contact Tracing’ Apps Deployed to Steal Data: Researchers

The researchers from California-based firm Anomali said the apps, once installed on a device, “are designed to download and install malware” on devices and “steal banking credentials and personal data.” Anomali said the fake COVID-19 apps do not appear to be distributed through official channels like the Google Play Store but rather are being spread through other apps, third-party stores, and websites that encourage downloads.

COVID-19 crisis accelerates rise of virtual call centers

The coronavirus pandemic has pushed IT leaders to move at breakneck pace and accomplish objectives they never conceived likely, let alone possible. Perhaps nowhere has this been more acute than in the call center. T-Mobile, for instance, sent 12,000 customer representatives located in 17 call centers around the globe to work from home in the wake of the pandemic, says Cody Sanford, the telecommunications company’s CIO and chief product officer.

Facebook Sues Indian Firm for Registering Impostor Domains

Facebook filed a lawsuit in Virginia against 12 hoax domain names registered by Indian-based proxy service provider Compsys Domain Solutions Private Ltd. The malicious domains spoofed Facebook and its product names to carry out unethical activities. The social networking giant claimed that imposter domains like facebook-verify-inc.com, instagramhjack.com, and videocall-whatsapp.com were designed to mislead people.

Round Up of Major Malware and Ransomware Incidents

Snake Ransomware Delivers Double-Strike on Honda, Energy Co.

The Snake ransomware has reportedly hit two high-profile companies this week: Honda and a South American energy-distribution company called Enel Argentina. In a tweet on Monday, the Honda Automobile Customer Service said it was “experiencing technical difficulties and are unavailable.” And later, the Japanese auto giant told the BBC that “Honda can confirm that a cyberattack has taken place on the Honda network.”

This was inevitable: ‘Thanos’ ransomware weaponizes research tool against Microsoft Windows users

Hackers have converted software initially created as a testing tool into a destructive strain of ransomware, weaponizing inside knowledge about digital fortifications at a time when internet extortion only is accelerating.

Encryption Utility Firm Accused of Bundling Malware Functions in Product

An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers. The tool, according a recent investigation, creates GuLoader samples and helps the malware avoid antivirus detection.

Round Up of Major Vulnerabilities and Patches

Details Released for Recently Patched Code Execution Vulnerability in Firefox

Tracked as CVE-2020-12405 and featuring a CVSS score of 8.8, the issue was one of five high-severity bugs that were patched earlier this month with the release of Firefox 77. Tor Browser 9.5, which is based on Firefox ESR 68.9, fixes the flaw as well. Identified by Marcin ‘Icewall’ Noga of Cisco Talos, the vulnerability is a use-after-free in SharedWorkerService and it can be triggered when the user navigates to a malicious page.

Researchers say online voting tech used in 5 states is fatally flawed

OmniBallot is election software that is used by dozens of jurisdictions in the United States. In addition to delivering ballots and helping voters mark them, it includes an option for online voting. At least three states—West Virginia, Delaware, and New Jersey—have used the technology or are planning to do so in an upcoming election. Four local jurisdictions in Oregon and Washington state use the online voting feature as well.

A high-severity flaw affects VMware Workstation, Fusion and vSphere products.

VMware has addressed a high-severity information disclosure vulnerability, tracked as CVE-2020-3960, that affects its Workstation, Fusion and vSphere virtualization products. The CVE-2020-3960 flaw was discovered by Cfir Cohen, a researcher from Google’s cloud security team.

Microsoft Office June security updates fix critical RCE bugs

Microsoft released the June 2020 Office security updates, with a total of 19 security updates and 5 cumulative updates for 7 different products, patching 4 critical bugs that enable attackers remotely execute arbitrary code on unpatched systems. The June 2020 Patch Tuesday security updates were also published yesterday, addressing 129 vulnerabilities, 11 of them being rated as Critical and 109 as Important.

Kingminer patches vulnerable servers to lock out competitors

Operators of the cryptojacking botnet Kingminer botnet are trying to keep their business humming by applying hotfixes from Microsoft on vulnerable infected computers to lock out other threat actors thay may claim a piece of their pie. Kingminer has been around for about two years and continues to brute-force its way on SQL servers to install the XMRig cryptocurrency miner for Monero.