Round Up of Major Breaches and Scams
The National Privacy Commission is investigating a suspected data leak involving car registrations under the Land Transportation Office. In a statement, the privacy body said it is looking into the data available on lisensya.info, which has a “Motor Vehicle Authenticator” that reveals the car make, plate and engine number, registration expiry date, and the name of the registered owner by encoding the motor vehicle file number. The website also features a “license authenticator” on its homepage.
Round Up of Major Malware and Ransomware Incidents
Ragnar Locker ransomware gang has attacked multiple firms recently, but now it has taken extortion to the next level. The infamous Ragnar Locker ransomware gang is now running Facebook advertisements to pressurize its victims into paying a ransom. The gang attacked an Italian liquor firm Davide Campari-Milano S.p.A, also known as Campari Group, and stole 2 TB of encrypted data before encrypting their network. In exchange for the decryption key, they demanded a $15 million ransom.
A number of security products for Windows are flagging a bunch of new Dell printer drivers as malware and obviously blocking their installation. While in theory one antivirus solution warning of a potential malware infection in a driver isn’t something concerning given that false positives happen occasionally, this time there are over 20 security products that do this for the latest Dell printer drivers. Security software from leading security vendors like Avast, Bitdefender, F-Secure, McAfee, and Panda are all warning of a possible malware infection in certain drivers released by Dell.
Multiple organizations in Israel have reported several cyberattacks in which attackers targeted them using a new strain of ransomware named “Pay2Key”. According to CheckPoint research, threat actors illicitly obtained the foothold and remotely controlled the infection within the compromised networks. The Pay2Key ransomware is written in C++ and compiled using MSVC++ 2015. It also makes use of third-party libraries like Boost.
Muhstik botnet, also known as Mushtik, has been targeting cloud infrastructure and IoTs for years. The botnet mainly funds itself by mining cryptocurrency using open source tools like XMRig and cgminer. New details have emerged related to this malware that shed light on its nefarious activities and origins. Muhstik is a botnet that leverages known web application exploits to compromise IoT devices, such as routers, to mine cryptocurrency.
Round Up of Major Vulnerabilities and Patches
The flaw stems from an issue with the ingress packet processing function of Cisco IOS XR software. A high-severity flaw in Cisco’s IOS XR software could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers (ASR). The flaw stems from Cisco IOS XR, a train of Cisco Systems’ widely deployed Internetworking Operating System (IOS). The OS powers the Cisco ASR 9000 series, which are fully distributed routers engineered to address massive surges in video traffic.
GitHub security researcher Kevin Backhouse found bugs in Ubuntu 20.04 (a long-term support release) which enabled any desktop user to get root access. The vulnerabilities have now been patched. Backhouse discovered two separate issues, one by accident, which together enable the privilege escalation. He noted that the vulnerability is a basic one. “It’s unusual for a vulnerability on a modern operating system to be this easy to exploit. I have, on some occasions, written thousands of lines of code to exploit a vulnerability,” he said.
Yesterday was the second Tuesday of the month which meant – you guessed it! – it was time for Microsoft to release its latest bundle of security patches. On this occasion Microsoft fixed more than 100 security holes in a wide variety of its products, some of which could allow critical remote code execution attacks if left unpatched. But the update which will probably grab the most attention is CVE-2020-17087, a zero-day vulnerability that has been exploited in active attacks against users of Windows 7 and Windows 10.
A number of data-scraping groups have been using the Facebook link preview feature to scrape data from internet sites which disguised as Facebook’s content crawler. They are using a technique which consists of utilising Facebooks developer accounts in order to place calls to Facebook or Facebook’s Messenger API servers requesting a link preview for pages a group wanted to scrape. Facebook then fetch the data, assemble it in a link preview, and send it to the data scrapers as an API response.
This week Samsung has started rolling out Android’s November security updates to mobile devices to patch critical security vulnerabilities in the operating system and enhance overall features on the devices. This comes after Android had published their November 2020 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devices. As observed by BleepingComputer, Samsung Galaxy devices are automatically pulling updates released on November 9, 2020, this week.
A vulnerability has been discovered in Mozilla Firefox, Firefox Extended Support Release (ESR) and Mozilla Thunderbird, which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Successful exploitation of this vulnerability could allow for arbitrary code execution.