Round Up of Major Breaches and Scams
Slovak National Criminal Agency (NAKA) seized wiretapping devices connected to the Govnet network and arrested four individuals, including the head of a government agency, who was responsible for managing the government network. Govnet is a network that interconnects different Slovak government agencies. Slovak authorities were investigating a series of suspicious devices that were discovered connected to the government’s IT network.
On May 30th, select Roku streaming channels stopped working, leaving impacted customers clueless with no idea what was wrong. The same day payment platforms Stripe and Spreedly experienced disruptions and blamed it on expiring Certificate Authority (CA) root certificates. We always knew SSL certificates came with an expiration date, but we didn’t plan for the fact it’d be happening this year!
The researchers from California-based firm Anomali said the apps, once installed on a device, “are designed to download and install malware” on devices and “steal banking credentials and personal data.” Anomali said the fake COVID-19 apps do not appear to be distributed through official channels like the Google Play Store but rather are being spread through other apps, third-party stores, and websites that encourage downloads.
The coronavirus pandemic has pushed IT leaders to move at breakneck pace and accomplish objectives they never conceived likely, let alone possible. Perhaps nowhere has this been more acute than in the call center. T-Mobile, for instance, sent 12,000 customer representatives located in 17 call centers around the globe to work from home in the wake of the pandemic, says Cody Sanford, the telecommunications company’s CIO and chief product officer.
Facebook filed a lawsuit in Virginia against 12 hoax domain names registered by Indian-based proxy service provider Compsys Domain Solutions Private Ltd. The malicious domains spoofed Facebook and its product names to carry out unethical activities. The social networking giant claimed that imposter domains like facebook-verify-inc.com, instagramhjack.com, and videocall-whatsapp.com were designed to mislead people.
Round Up of Major Malware and Ransomware Incidents
The Snake ransomware has reportedly hit two high-profile companies this week: Honda and a South American energy-distribution company called Enel Argentina. In a tweet on Monday, the Honda Automobile Customer Service said it was “experiencing technical difficulties and are unavailable.” And later, the Japanese auto giant told the BBC that “Honda can confirm that a cyberattack has taken place on the Honda network.”
Hackers have converted software initially created as a testing tool into a destructive strain of ransomware, weaponizing inside knowledge about digital fortifications at a time when internet extortion only is accelerating.
An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers. The tool, according a recent investigation, creates GuLoader samples and helps the malware avoid antivirus detection.
Round Up of Major Vulnerabilities and Patches
Tracked as CVE-2020-12405 and featuring a CVSS score of 8.8, the issue was one of five high-severity bugs that were patched earlier this month with the release of Firefox 77. Tor Browser 9.5, which is based on Firefox ESR 68.9, fixes the flaw as well. Identified by Marcin ‘Icewall’ Noga of Cisco Talos, the vulnerability is a use-after-free in SharedWorkerService and it can be triggered when the user navigates to a malicious page.
OmniBallot is election software that is used by dozens of jurisdictions in the United States. In addition to delivering ballots and helping voters mark them, it includes an option for online voting. At least three states—West Virginia, Delaware, and New Jersey—have used the technology or are planning to do so in an upcoming election. Four local jurisdictions in Oregon and Washington state use the online voting feature as well.
VMware has addressed a high-severity information disclosure vulnerability, tracked as CVE-2020-3960, that affects its Workstation, Fusion and vSphere virtualization products. The CVE-2020-3960 flaw was discovered by Cfir Cohen, a researcher from Google’s cloud security team.
Microsoft released the June 2020 Office security updates, with a total of 19 security updates and 5 cumulative updates for 7 different products, patching 4 critical bugs that enable attackers remotely execute arbitrary code on unpatched systems. The June 2020 Patch Tuesday security updates were also published yesterday, addressing 129 vulnerabilities, 11 of them being rated as Critical and 109 as Important.
Operators of the cryptojacking botnet Kingminer botnet are trying to keep their business humming by applying hotfixes from Microsoft on vulnerable infected computers to lock out other threat actors thay may claim a piece of their pie. Kingminer has been around for about two years and continues to brute-force its way on SQL servers to install the XMRig cryptocurrency miner for Monero.