APT BEC Botnet Breach CVE Cyber Security Data leak DDoS Emotet Hacking Malware Ransomware RCE Scam Spying TrickBot Vulnerability

Hackers have access to 50K security cams, Emotet malware operators resume services, and more

Major cybersecurity events on 14th October 2020 (Evening Post): Twitter suspends Trump supporters accounts on the grounds of spam and manipulation. Financial crime group FIN11 pivots to ransomware and stolen data extortion. Allen-Bradley adapter found to have remotely exploitable DoS flaws.

Round Up of Major Breaches and Scams

DVLA Submits Nearly 200 Breach Notifications to ICO

The DVLA reported nearly 200 breach notifications to the data protection regulator over the past year, according to new Freedom of Information (FOI) data. FOI requests were sent to 17 government departments by secure storage vendor Apricorn, to assess the effectiveness of data security measures in the public sector. Some 14 departments provided responses for the period April 2019 to July 2020. The DVLA said it submitted 181 breach notifications to the Information Commissioner’s Office (ICO) across 2019-20.

Governments Use Pandemic to Crack Down on Online Dissent: Watchdog

Governments around the world are using the pandemic as a justification to expand surveillance and crack down on dissent online, resulting in a 10th consecutive annual decline in internet freedom, a human rights watchdog report said Wednesday. The report by Washington-based Freedom House said authorities in dozens of countries have cited the Covid-19 outbreak “to justify expanded surveillance powers and the deployment of new technologies that were once seen as too intrusive.”

Hackers Claim to Have Access to 50,000 Home Security Cameras

A hacking group is selling access to more than 50,000 hacked home security cameras, including footage of children in various states of undress, it has emerged. The group, which has over 1000 global members, has been using messaging platform Discord to advertise its wares, according to a report on AsiaOne. It’s reportedly offering access to the camera footage for a one-off subscription fee of $150 and claims to have already shared over 3TB of clips with scores of members.

Twitter suspends accounts claiming to be Black Trump supporters

Several Twitter accounts claiming to be owned by Black Trump supporters have been suspended for breaking the platform’s rules on spam and manipulation. Many of the accounts were using similar language and phrases such as “YES IM BLACK AND IM VOTING FOR TRUMP!!!” Twitter is still investigating the accounts and has yet to finalise the number of accounts it has suspended relating to this issue. Darren Linvil, a social media disinformation researcher has found more than 24 accounts like this which have generated over 265,000 retweets and mentions.

Round Up of Major Malware and Ransomware Incidents

Financial crime group FIN11 pivots to ransomware and stolen data extortion

Extorting money from companies and other organizations using sophisticated ransomware has become a highly profitable business model for cybercriminals. This has also led to a shift in focus for some groups that were traditionally involved in financial crime and payment card theft. According to a new report by Mandiant, one such group is FIN11, which throughout 2017 and 2018 targeted primarily organizations from the financial, retail and restaurant sectors.

The G7 expresses its concern over ransomware attacks

G7 Finance ministers expressed concern on Tuesday over the rise in ransomware attacks during the Covid-19 pandemic, including some involving cryptocurrencies. Finance ministers from the G7 industrialized countries expressed concern on Tuesday over the rise in malicious cyberattacks, especially ransomware attacks, in the midst of the Covid-19 pandemic. G7 Finance ministers warn of ransomware attacks that have been growing in scale, sophistication, and frequency over the past two years.

Stay Alert! Emotet Malware Operators Have Resumed Services: ACSC

The Australian Cyber Security Centre (ACSC) has issued a high alert warning for a new wave of Emotet malware campaigns specifically targeting Australia’s critical infrastructure and other government agencies. Back in 2019, the ACSC had issued a similar red alert for the Emotet malware campaign but over the due course of the pandemic, the number remained below alert levels. However, the ACSC noted that the Emotet campaigns are further used to deploy ransomware attacks and network compromises, and even a small spike in its number of attacks at this moment is unaffordable.

Round Up of Major Vulnerabilities and Patches

Foxit Patches Code Execution Vulnerabilities in PDF Software

PDF software developer Foxit has released patches to address several high-risk vulnerabilities affecting both Windows and macOS applications. The Chinese software company’s tools allow users to create and edit PDF files, as well as secure them when necessary. Foxit also offers products under a freemium licensing model. Last week, the company released security updates for both Foxit PhantomPDF Mac and Foxit Reader Mac, to address a vulnerability that could result in code injection or information disclosure.

Microsoft Fixes Fewer Than 100 Bugs for First Time Since February

Microsoft has issued its first patch update for eight months fixing fewer than 100 CVEs, although six are related to publicly disclosed bugs and will need prioritizing. October’s Patch Tuesday yesterday addressed 87 vulnerabilities including 11 rated critical. Many experts pointed to CVE-2020-16898, which has a CVSS score of 9.8, as a priority. “This is a remote code execution vulnerability in Microsoft’s TCP/IP stack. The vulnerability is in the way the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets,” explained Recorded Future senior security architect, Allan Liska.

Remotely Exploitable DoS Vulnerabilities Found in Allen-Bradley Adapter

Cisco Talos this week released the details of several remotely exploitable denial-of-service (DoS) vulnerabilities found by one of its researchers in an industrial automation product made by Rockwell Automation. The affected product is the Allen-Bradley 1794-AENT Flex I/O series B adapter, specifically the device’s Ethernet/IP request path port/data/logical segment functionality. Cisco Talos and Rockwell Automation say a total of five high-severity buffer overflow vulnerabilities have been identified. They impact adapters running versions 4.003 and earlier.