Round Up of Major Breaches and Scams
Over the course of the last three months, hackers with suspected links to the Chinese government have been targeting the Vatican, according to research from security firm Recorded Future. The targeting, which was delivered in a series of spearphishing emails with malware-laden documents imitating legitimate Vatican correspondence and news about Hong Kong’s national security law, appears to have begun in May of this year, Recorded Future researchers said.
Russian cyber-security firm Kaspersky said today in a webinar that it discovered a new hacker-for-hire mercenary group that appears to have been active for almost a decade. The group, which Kaspersky codenamed Deceptikons, has primarily targeted law firms and fintech companies, according to Kaspersky malware analyst Vicente Diaz. The Kaspersky researcher said the group appears to be focused on stealing business and financial secrets, rather than government-related information.
Round Up of Major Malware and Ransomware Incidents
The FBI has issued a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations, advising their victims not to pay the ransom and reporting incidents to their local FBI field offices. FBI’s flash alert also provides indicators of compromise associated with the Netwalker ransomware (also known as Mailto) and includes a list of recommended mitigation measures.
Round Up of Major Vulnerabilities and Patches
Critical flaws in Adobe’s Magento e-commerce platform – which is commonly targeted by attackers like the Magecart cybergang – could enable arbitrary code execution on affected systems. Magento is a popular, Adobe-owned open-source e-commerce platform that powers many online shops. Adobe on Tuesday released security updates for flaws affecting Magento Commerce 2 and Magento Open Source 2, versions 2.3.5-p1 and earlier. These included two critical vulnerabilities and two important-severity flaws.
Researchers identified a variety of vulnerabilities in apps and websites for the popular online dating platform. Researchers at Check Point recently found that the mobile app and website for dating service OKCupid contained multiple vulnerabilities that could allow a malicious user to perform actions ranging from stealing users’ personal data to performing in-app actions on behalf of those users.
Remote code-execution vulnerabilities in virtual private network (VPN) products could impact the physical functioning of critical infrastructure in the oil and gas, water and electric utilities space, according to researchers. Researchers at Claroty found that VPNs used to provide remote access to operational technology (OT) networks in industrial systems are vulnerable to an array of security bugs, which could give an attacker direct access to field devices and cause physical damage or shut-downs.
India has banned 47 more Chinese apps just weeks after blocking the highly popular video-sharing platform TikTok and 58 others over national security and privacy concerns, an information ministry official and media reports said Monday. Tensions between the world’s two most-populous nations soared last month after a Himalayan border clash that left 20 Indian troops dead and an unknown number of Chinese casualties.
Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue, dubbed BootHole, that can be exploited to install a stealthy malware. Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader vulnerability, tracked as CVE-2020-10713 and dubbed BootHole, which can be exploited by attackers to install persistent and stealthy malware. According to researchers, the BootHole flaw affects any operating system that uses GRUB2 with Secure Boot.