Round Up of Major Breaches and Scams
A DDoS that is distributed denial of service attack is when a perpetrator makes a network unavailable by flooding it with more requests than the network can handle or by disconnecting the host from the Internet. This leads to the website and server to go offline or suffer an outage. Protection from DDoS has been one of Cloudfare’s most demanded service but unless the administration was working on the site they would not know of an attack. With this new feature, they can get notifications when there’s an attack even when they are not actively on the site.
A bug bounty researcher has been awarded $3000 for disclosing a security issue in GitLab leading to the exposure of private groups. The report was made public on the HackerOne bug bounty platform on October 6. Submitted by researcher Riccardo “rpadovani” Padovani on November 29, 2019, the GitLab issue is described as a failure to remove code from Elasticsearch API search results when transferring a public group to a private group.
More than 200 people have died in clashes between ethnic Armenian separatists and Azerbaijani government forces over the breakaway region of Nagorno-Karabakh in the last 10 days. It’s the worst outbreak of violence related to Nagorno-Karabakh since Armenia and Azerbaijan, two former Soviet republics, fought a war over the enclave in the 1990s. And this time, hacking has come with the fighting.
More than a quarter of Canadian IT workers say their organization has suffered a COVID-19-themed cyber-attack, according to a new survey. The “2020 Cybersecurity Report” released today by the Canadian Internet Registration Authority (CIRA) surveyed more than 500 Canadian IT security decision-makers to learn more about their experience with cyber-threats.
A threat actor has hacked into the Chowbus food delivery service and emailed links to the stolen data to all customers. Chowbus is a mobile-based Asian food delivery service that allows customers to order food from local restaurants in cities around the USA, Australia, and Canada. At 1:33 a.m. yesterday, Chowbus customers began receiving mysterious emails titled “Chowbus data,” which simply stated, “Download Chowbus data here.” Included in the email were download links to both a user and restaurant database used by the food delivery service.
Round Up of Major Malware and Ransomware Incidents
A newly discovered botnet contains code that can wipe all data from infected systems, such as routers, servers, and Internet of Things (IoT) devices. Named HEH, the botnet spreads by launching brute-force attacks against any internet-connected system that has its SSH ports (23 and 2323) exposed online. Named HEH, the botnet spreads by launching brute-force attacks against any internet-connected system that has its SSH ports (23 and 2323) exposed online. If the device uses default or easy-to-guess SSH credentials, the botnet gains access to the system, where it immediately downloads one of seven binaries that install the HEH malware.
Philadelphia-based health tech eResearchTechnology (ERT) firm suffered a ransomware attack but no patients were affected. A couple of weeks ago it was reported that a ransomware attack on a German hospital named University Hospital Düsseldorf (UKD) led to the death of a patient. Now, Philadelphia-based health technology firm eResearchTechnology (ERT) has revealed that it was targeted with a ransomware attack.
The CISA agency is warning of a surge in Emotet attacks targeting multiple state and local governments in the US since August. The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. since August. During that time, the agency’s EINSTEIN Intrusion Detection System has detected roughly 16,000 alerts related to Emotet activity.
We discovered a new attack that injected its payload—dubbed “Kraken—into the Windows Error Reporting (WER) service as a defense evasion mechanism. This blog post was authored by Hossein Jazi and Jérôme Segura. On September 17th, we discovered a new attack called Kraken that injected its payload into the Windows Error Reporting (WER) service as a defense evasion mechanism.
Cisco Talos discovered PoetRAT earlier this year. We have continued to monitor this actor and their behavior over the preceding months. We have observed multiple new campaigns indicating a change in the actor’s capabilities and showing their maturity toward better operational security. We assess with medium confidence this actor continues to use spear-phishing attacks to lure a user to download a malicious document from temporary hosting providers.
The source code of Mirai was leaked in September 2016, on the hacking community Hackforums. Just like the legitimate software world where plenty of code is available as open-source for developers to build upon, this is a harsh reality in the cybercrime world as well. In light of this, recently, a threat actor going by the online handle of named “Priority” has been found using the infamous Mirai malware source code to launch their own version of the malware by researchers at Juniper Threat Labs.
Round Up of Major Vulnerabilities and Patches
MERCURY, the Iranian advanced persistent threat group, is using Zerologon in a new series of attacks detected by Microsoft. Zerologon, a vulnerability Dark Reading reported on in September, is back, this time in the hands of an Iranian advanced persistent threat group known as MERCURY. In a tweet, Microsoft Security Intelligence said that it has observed MERCURY using CVE-2020-1472 (Zerologon) in active campaigns during the most recent two weeks.
Chrome 86 will alert users when stored passwords are compromised, and block or warn of insecure downloads, among other security updates. Google today published several security protections arriving in Chrome 86. Updates include new password defenses on Android and iOS, Safe Browsing for Android, improvements for touch-to-fill passwords on iOS, and alerts for users before they submit nonsecure forms.
Products from every vendor had issues that allowed attackers to elevate privileges on a system — if they already were on it. A majority of security tools that organizations use to defend against malware attacks are themselves vulnerable to exploits that allow attackers to escalate privileges on a compromised system, a new CyberArk study has found.
Mozilla published a support document with a quick fix for a widely reported known issue causing Twitter not to load on the Firefox web browser. According to a bug Mozilla has been tracking and working on fixing for the last 20 days, some users might see blank pages or errors when trying to visit the social network’s website, with some reports also saying that the issue also affects mobile users. On devices where Firefox fails to load Twitter’s website, users would see “The site at https://twitter.com/ has experienced a network protocol violation that cannot be repaired” error.
Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process.
Using a WordPress flaw (File-Manager plugin–CVE-2020-25213) to leverage Zerologon (CVE-2020-1472) and attack companies’ Domain Controllers. Recently, a critical vulnerability called Zerologon – CVE-2020-1472 – has become a trending subject around the globe. This vulnerability would allow a malicious agent with a foothold on your internal network to essentially become Domain Admin with just one click. This scenario is possible when communication with the Domain Controller can be performed from the attacker’s viewpoint.