Round Up of Major Breaches and Scams
A shift from attackers targeting individual systems to entire organizations is pushing up cost of cyberattacks sharply, McAfee says. Security industry estimates of global cybercrime losses tend to vary quite widely, and sometimes the projections can be startling in terms of magnitude. But the data still helps lend some broad perspective to the mushrooming nature of cybercrime.
Security giant FireEye has been on the receiving end of a sophisticated, novel attack from nation state actors looking for data on government clients, the firm has revealed. CEO Kevin Mandia explained in a blog post yesterday that the attackers were able to access some internal systems but that there’s no evidence so far they managed to exfiltrate customer data or metadata collected by the firm’s threat intelligence systems.
Round Up of Major Malware and Ransomware Incidents
The Phorpiex botnet earned the notorious designation of “most wanted malware” for the month of November 2020. In its Global Threat Index for November 2020, Check Point Research revealed that it had observed a surge in new Phorpiex botnet infections that had affected four percent of organizations globally. This threat activity enabled Phorpiex to return to Check Point Research’s monthly malware list for the first time since June 2020. It also succeeded in pushing the threat to the top of that roundup.
As the Christmas holidays begin, enterprise cybersecurity provider, Barracuda, warns APAC users of a substantial threat from bots that can run DDoS attacks while you shop online. Christmas is around the corner and the festivities have just begun. In a year that was rather dull and marred with the COVID-19 pandemic, this season brings a breath of fresh air. Market experts believe the festive season is changing public sentiments and people are now spending positively.
Round Up of Major Vulnerabilities and Patches
Microsoft has issued security updates to address a Kerberos security feature bypass vulnerability impacting multiple Windows Server versions in a two-phase staged rollout. The vulnerability tracked as CVE-2020-16996 is exploitable remotely by attackers with low privileges as part of low complexity attacks where user interaction is not required. CVE-2020-16996 exists on Active Directory DCs and RODCs only on servers where the Protected Users global security group is available and the RBCD is enabled.
Siemens and Schneider Electric on Tuesday informed customers about the availability of patches and mitigations for several potentially serious vulnerabilities affecting their industrial control system (ICS) products. Siemens has released six new advisories and updated 18 previous advisories. The new advisories describe vulnerabilities affecting the company’s SICAM, SIMATIC, SIPLUS, LOGO! 8, SENTRON, SIRIUS, and XHQ products.
The US National Security Agency (NSA) is warning organizations to patch or take mitigation steps to close a vulnerability in several VMware products that Russian state-sponsored hackers are exploiting to hijack authentication tokens and access sensitive data on other systems. The vulnerability, tracked as CVE-2020-4006, is a command injection flaw in the web administration interface of VMware Workspace One Access, VMware Workspace One Access Connector, VMware Identity Manager, VMware Identity Manager Connector, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.
A war of words has erupted between the National Police Chiefs’ Council (NPCC) and a British web security pro after a senior cop declared it would be “a waste of public money” to keep discussing security flaws in the body’s Cyberalarm product. Paul Moore says he uncovered what he described as a number of serious flaws in Cyberalarm, a distributed logging and monitoring tool intended to be deployed by small public-sector organisations.
A vulnerability has been discovered in Apache Struts, which could allow for remote code execution. Apache Struts is an open source framework used for building Java web applications. Successful exploitation of this vulnerability could allow for remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view; change, or delete data; or create new accounts with full user rights.
Critical vulnerabilities discovered by Digital Defense can allow attackers to gain root access and take over devices running same firmware. Buggy firmware opens a number of D-Link VPN router models to zero-day attacks. The flaws, which lack a complete vendor fix, allow adversaries to launch root command injection attacks that can be executed remotely and allow for device takeover. Impacted are D-Link router models DSR-150, DSR-250, DSR-500 and DSR-1000AC VPN running firmware version 3.14 and 3.17, according to a report published Tuesday by Digital Defense.