Categories
APT Breach Bug CVE Cyber Security Data leak DDoS Hacking Misinformation Phishing Scam Spoofing Vulnerability

Iran’s Proud Boys emails threaten Democrat voters, Gift voucher scam targets Marks & Spencer CEO, and more

Major cybersecurity events on 22nd October 2020 (Morning Post): Hackers held Caribbean’s biggest conglomerate Ansa McAl’s IT systems hostage in a ransomware attack. Oracle releases 402 security patches in its latest critical patch update (CPU). WordPress deploys forced security fix for bug in Loginizer.

Round Up of Major Breaches and Scams

US blames Iran for spoofed Proud Boys emails threatening Democrat voters

In a short press conference held today by the US Department of Justice, high-ranking officials with the US government claimed that Iran was behind a wave of emails sent to US voters earlier this week. Spoofing the identity of violent extremist group Proud Boys, the emails threatened registered Democrat voters with repercussions if they didn’t vote for Donald Trump in the upcoming US Presidential Election. The senders claimed to have “gained access into the entire [US] voting infrastructure,” but appeared to use public voter registration databases to target Democrat voters in Alaska, Arizona, and Florida.

FIRST Announces Cyber-Response Ethical Guidelines

The Forum of Incident Response and Security Teams (FIRST) has launched ethics guidelines for incident response and security teams. The group, consisting of Internet emergency response teams from 539 organizations worldwide, seeks to provide cybersecurity professionals with guidance on how to behave ethically during incidents. On the website for ethicsfIRST, there are 12 ethical duties listed and explained. They include duties of trustworthiness, confidentiality, transparency, team health, and evidence-based reasoning.

M&S Boss Spoofed in Gift Voucher Scam

Criminals are impersonating the boss of a major British multinational retailer to trick victims into sharing their bank account details. Posing as Marks & Spencer CEO Steve Rowe, the scammers have posted fraudulent adverts online that promise victims the chance to win a gift voucher as part of a fictitious prize draw promotion.  When victims click on the link in the ad, they are taken to an M&S-branded portal and asked to provide their name, address, mobile phone number, and bank details including SORT code and account number.

Round Up of Major Malware and Ransomware Incidents

Another REvil attack creates havoc for the Caribbean’s biggest conglomerate

The Caribbean’s biggest conglomerate, Ansa McAl, is the victim of ransomware hackers holding some of the company’s IT systems hostage. Newsday understands that work at Tatil, the country’s biggest insurer, has been effectively stalled for about two weeks as the IT department works to find and expel the ransomware from the company’s servers.

Round Up of Major Vulnerabilities and Patches

Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks

Chinese state-sponsored cyberattackers are actively compromising U.S. targets using a raft of known security vulnerabilities – with a Pulse VPN flaw claiming the dubious title of “most-favored bug” for these groups. That’s according to the National Security Agency (NSA), which released a “top 25” list of the exploits that are used the most by China-linked advanced persistent threats (APT), which include the likes of Cactus Pete, TA413, Vicious Panda and Winniti.

Oracle Releases Another Mammoth Security Patch Update

For the second straight quarter this year, Oracle’s latest critical patch update (CPU) released this week contained more than 400 security patches addressing vulnerabilities in a wide range of the company’s product sets. With 402 patches, Oracle’s October 2020 CPU was slightly smaller than its previous one in July, which contained a record-breaking 444 security patches. But the October CPU addresses more security vulnerabilities across more products than the previous patch update.

Cisco Warns of Severe DoS Flaws in Network Security Software

Cisco has stomped out a slew of high-severity vulnerabilities across its lineup of network-security products. The most severe flaws can be exploited by an unauthenticated, remote attacker to launch a passel of malicious attacks — from denial of service (DoS) to cross-site request forgery (CSRF). The vulnerabilities exist in Cisco’s Firepower Threat Defense (FTD) software, which is part of its suite of network-security and traffic-management products.

Google Releases Security Updates for Chrome

Google has released Chrome version 86.0.4240.111 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary changes.

Google Chrome now blocks site notifications with abusive content

Starting with Chrome 86, Google is automatically hiding website notification spam on sites showing a pattern of sending abusive notification content to visitors. The “quiet notification permission UI” used to hide the web alert spam from users was introduced in Chrome 80 and improved in Chrome 84 with the addition of auto-enrollment in the notification anti-spam system for sites using deceptive patterns to request notification permissions.

Adobe releases a new set of out-of-band patches for its products

Adobe has released a second out-of-band security update to fix critical vulnerabilities that impact numerous products of the IT giant.  The flaws impact Adobe Illustrator, Dreamweaver, Marketo, Animate, After Effects, Photoshop, Premiere Pro, Media Encoder, InDesign, and the Creative Cloud desktop application on Windows and macOS machines. Adobe has released seven critical vulnerabilities in Illustrator, including memory corruption and out of bounds read/write issues that can lead to arbitrary code execution.

WordPress deploys forced security update for dangerous bug in popular plugin

The WordPress security team has taken a rare step last week and used a lesser-known internal capability to forcibly push a security update for a popular plugin. WordPress sites running the Loginizer plugin were forcibly updated this week to Loginizer version 1.6.4. This version contained a security fix for a dangerous SQL injection bug that could have allowed hackers to take over WordPress sites running older versions of the Loginizer plugin.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 82, Firefox ESR 78.4, and Thunderbird 78.4 and apply the necessary updates.