Categories
APT Breach Bug CVE Cyber Security Data leak DDoS Hacking Malware Phishing Ransomware Scam Vulnerability Zero-day

Iranian cyber actors threaten US election officials, Citrix confirms ongoing DDoS attack, and more

Major cybersecurity events on December 2020 (Evening Post): Millions stolen from online bank accounts following large-scale fraud operation. Google reports that Microsoft failed to fix a Windows zero-day flaw. Misconfigured AWS bucket exposes hundreds of social influencers.

Round Up of Major Breaches and Scams

Iranian Cyber Actors Responsible for Website Threatening U.S. Election Officials

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) possess highly credible information indicating Iranian cyber actors almost certainly were responsible for the creation of a website called Enemies of the People, which contained death threats aimed at U.S. election officials in mid-December 2020.

Citrix confirms ongoing DDoS attack impacting NetScaler ADCs

Citrix has confirmed today that an ongoing ‘DDoS attack pattern’ using DTLS as an amplification vector is affecting Citrix Application Delivery Controller (ADC) networking appliances with EDT enabled. Datagram Transport Layer Security (DTLS) is a communications protocol for securing delay-sensitive apps and services that use datagram transport. DTLS is based on the Transport Layer Security (TLS) protocol and it is designed to prevent eavesdropping and tampering, and to protect data privacy.

Millions stolen from online bank accounts following large-scale fraud operation

Researchers from IBM Trusteer say they’ve uncovered a massive fraud operation that used a network of mobile device emulators to drain millions of dollars from online bank accounts in a matter of days, reported WIRED. The scale of the operation was unlike anything the researchers have seen before. In one case, crooks used about 20 emulators to mimic more than 16,000 phones belonging to customers whose mobile bank accounts had been compromised. In a separate case, a single emulator was able to spoof more than 8,100 devices.

Round Up of Major Malware and Ransomware Incidents

Leon Medical Center confirms ransomware attack, credits employees and staff with providing quality care despite attack

One of the medical entities recently identified as a victim of a ransomware attack is Leon Medical Centers (LMC) in Florida. Founded in 1996, LMC expanded over the years into a comprehensive outpatient healthcare system that includes seven medical centers among other healthcare services. LMC offers a range of services to Medicare patients as well as classes and events, transportation services, and pharmacy services.

Vermont Hospital Says Cyberattack Was Ransomware

A Vermont-based hospital network is now saying a cyberattack that crippled its computer systems in October was ransomware. While the Burlington-based University of Vermont Health Network, which serves hospitals in Vermont and upstate New York, had said its systems were attacked on Oct. 28, officials had not confirmed the attack that disabled the system’s 600 applications was ransomware. On Tuesday, hospital officials said its information technology workers found a file directing them to contact the attackers if they wanted their systems restored, but it did not contain a request for money.

Round Up of Major Vulnerabilities and Patches

Google reported that Microsoft failed to fix a Windows zero-day flaw

Google’s Project Zero experts publicly disclosed details of an improperly patched zero-day code execution vulnerability in Windows. White hat hackers at Google’s Project Zero team has publicly disclosed details of an improperly patched zero-day vulnerability in Windows. The vulnerability tracked as CVE-2020-0986, resides in the Print Spooler API and could be exploited by a threat actor to execute arbitrary code.

Misconfigured AWS Bucket Exposes Hundreds of Social Influencers

A misconfigured cloud storage bucket has exposed the personal details of hundreds of social media influencers, potentially putting them at risk of fraud and harassment, according to researchers. A team at vpnMentor discovered the AWS S3 bucket wide open with no encryption or password protection, back in early November. Action has apparently yet to be taken by the company responsible, Barcelona-based “social commerce” company 21 Buttons.