Round Up of Major Breaches and Scams
The DVLA reported nearly 200 breach notifications to the data protection regulator over the past year, according to new Freedom of Information (FOI) data. FOI requests were sent to 17 government departments by secure storage vendor Apricorn, to assess the effectiveness of data security measures in the public sector. Some 14 departments provided responses for the period April 2019 to July 2020. The DVLA said it submitted 181 breach notifications to the Information Commissioner’s Office (ICO) across 2019-20.
Governments around the world are using the pandemic as a justification to expand surveillance and crack down on dissent online, resulting in a 10th consecutive annual decline in internet freedom, a human rights watchdog report said Wednesday. The report by Washington-based Freedom House said authorities in dozens of countries have cited the Covid-19 outbreak “to justify expanded surveillance powers and the deployment of new technologies that were once seen as too intrusive.”
A hacking group is selling access to more than 50,000 hacked home security cameras, including footage of children in various states of undress, it has emerged. The group, which has over 1000 global members, has been using messaging platform Discord to advertise its wares, according to a report on AsiaOne. It’s reportedly offering access to the camera footage for a one-off subscription fee of $150 and claims to have already shared over 3TB of clips with scores of members.
Several Twitter accounts claiming to be owned by Black Trump supporters have been suspended for breaking the platform’s rules on spam and manipulation. Many of the accounts were using similar language and phrases such as “YES IM BLACK AND IM VOTING FOR TRUMP!!!” Twitter is still investigating the accounts and has yet to finalise the number of accounts it has suspended relating to this issue. Darren Linvil, a social media disinformation researcher has found more than 24 accounts like this which have generated over 265,000 retweets and mentions.
Round Up of Major Malware and Ransomware Incidents
Extorting money from companies and other organizations using sophisticated ransomware has become a highly profitable business model for cybercriminals. This has also led to a shift in focus for some groups that were traditionally involved in financial crime and payment card theft. According to a new report by Mandiant, one such group is FIN11, which throughout 2017 and 2018 targeted primarily organizations from the financial, retail and restaurant sectors.
G7 Finance ministers expressed concern on Tuesday over the rise in ransomware attacks during the Covid-19 pandemic, including some involving cryptocurrencies. Finance ministers from the G7 industrialized countries expressed concern on Tuesday over the rise in malicious cyberattacks, especially ransomware attacks, in the midst of the Covid-19 pandemic. G7 Finance ministers warn of ransomware attacks that have been growing in scale, sophistication, and frequency over the past two years.
The Australian Cyber Security Centre (ACSC) has issued a high alert warning for a new wave of Emotet malware campaigns specifically targeting Australia’s critical infrastructure and other government agencies. Back in 2019, the ACSC had issued a similar red alert for the Emotet malware campaign but over the due course of the pandemic, the number remained below alert levels. However, the ACSC noted that the Emotet campaigns are further used to deploy ransomware attacks and network compromises, and even a small spike in its number of attacks at this moment is unaffordable.
Round Up of Major Vulnerabilities and Patches
PDF software developer Foxit has released patches to address several high-risk vulnerabilities affecting both Windows and macOS applications. The Chinese software company’s tools allow users to create and edit PDF files, as well as secure them when necessary. Foxit also offers products under a freemium licensing model. Last week, the company released security updates for both Foxit PhantomPDF Mac and Foxit Reader Mac, to address a vulnerability that could result in code injection or information disclosure.
Microsoft has issued its first patch update for eight months fixing fewer than 100 CVEs, although six are related to publicly disclosed bugs and will need prioritizing. October’s Patch Tuesday yesterday addressed 87 vulnerabilities including 11 rated critical. Many experts pointed to CVE-2020-16898, which has a CVSS score of 9.8, as a priority. “This is a remote code execution vulnerability in Microsoft’s TCP/IP stack. The vulnerability is in the way the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets,” explained Recorded Future senior security architect, Allan Liska.
Cisco Talos this week released the details of several remotely exploitable denial-of-service (DoS) vulnerabilities found by one of its researchers in an industrial automation product made by Rockwell Automation. The affected product is the Allen-Bradley 1794-AENT Flex I/O series B adapter, specifically the device’s Ethernet/IP request path port/data/logical segment functionality. Cisco Talos and Rockwell Automation say a total of five high-severity buffer overflow vulnerabilities have been identified. They impact adapters running versions 4.003 and earlier.