Categories
Arbitrary Code Execution Botnet Breach Bug CVE Cyber Security Data leak Emotet Hacking Malware Phishing Ransomware RCE Scam Vulnerability Zero-day

LTO data leak involves car registrations, Ragnar Locker gang uses Facebook ads to extort victims, and more

Major cybersecurity events on 11th November 2020 (Evening Post): Antivirus software flags Dell printer drivers as malware, blocks installation. Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal. Patched Ubuntu desktop vulnerability allows privilege escalation.

Round Up of Major Breaches and Scams

Privacy Commission probes suspected LTO data leak

The National Privacy Commission is investigating a suspected data leak involving car registrations under the Land Transportation Office. In a statement, the privacy body said it is looking into the data available on lisensya.info, which has a “Motor Vehicle Authenticator” that reveals the car make, plate and engine number, registration expiry date, and the name of the registered owner by encoding the motor vehicle file number. The website also features a “license authenticator” on its homepage.

Round Up of Major Malware and Ransomware Incidents

Ragnar Locker ransomware gang using Facebook ads to extort victims

Ragnar Locker ransomware gang has attacked multiple firms recently, but now it has taken extortion to the next level. The infamous Ragnar Locker ransomware gang is now running Facebook advertisements to pressurize its victims into paying a ransom. The gang attacked an Italian liquor firm Davide Campari-Milano S.p.A, also known as Campari Group, and stole 2 TB of encrypted data before encrypting their network. In exchange for the decryption key, they demanded a $15 million ransom.

Antivirus Software Flagging Dell Drivers as Malware

A number of security products for Windows are flagging a bunch of new Dell printer drivers as malware and obviously blocking their installation. While in theory one antivirus solution warning of a potential malware infection in a driver isn’t something concerning given that false positives happen occasionally, this time there are over 20 security products that do this for the latest Dell printer drivers. Security software from leading security vendors like Avast, Bitdefender, F-Secure, McAfee, and Panda are all warning of a possible malware infection in certain drivers released by Dell.

Pay2Key Alert! Israel Firms Targeted with New Ransomware

Multiple organizations in Israel have reported several cyberattacks in which attackers targeted them using a new strain of ransomware named “Pay2Key”. According to CheckPoint research, threat actors illicitly obtained the foothold and remotely controlled the infection within the compromised networks. The Pay2Key ransomware is written in C++ and compiled using MSVC++ 2015. It also makes use of third-party libraries like Boost.

Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal

Muhstik botnet, also known as Mushtik, has been targeting cloud infrastructure and IoTs for years. The botnet mainly funds itself by mining cryptocurrency using open source tools like XMRig and cgminer. New details have emerged related to this malware that shed light on its nefarious activities and origins. Muhstik is a botnet that leverages known web application exploits to compromise IoT devices, such as routers, to mine cryptocurrency.

Round Up of Major Vulnerabilities and Patches

High-Severity Cisco DoS Flaw Can Immobilize ASR Routers

The flaw stems from an issue with the ingress packet processing function of Cisco IOS XR software. A high-severity flaw in Cisco’s IOS XR software could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers (ASR). The flaw stems from Cisco IOS XR, a train of Cisco Systems’ widely deployed Internetworking Operating System (IOS). The OS powers the Cisco ASR 9000 series, which are fully distributed routers engineered to address massive surges in video traffic.

Now-patched Ubuntu desktop vulnerability allows privilege escalation

GitHub security researcher Kevin Backhouse found bugs in Ubuntu 20.04 (a long-term support release) which enabled any desktop user to get root access. The vulnerabilities have now been patched. Backhouse discovered two separate issues, one by accident, which together enable the privilege escalation. He noted that the vulnerability is a basic one. “It’s unusual for a vulnerability on a modern operating system to be this easy to exploit. I have, on some occasions, written thousands of lines of code to exploit a vulnerability,” he said.

Windows users told to patch now after active zero-day attacks disclosed by Google

Yesterday was the second Tuesday of the month which meant – you guessed it! – it was time for Microsoft to release its latest bundle of security patches. On this occasion Microsoft fixed more than 100 security holes in a wide variety of its products, some of which could allow critical remote code execution attacks if left unpatched. But the update which will probably grab the most attention is CVE-2020-17087, a zero-day vulnerability that has been exploited in active attacks against users of Windows 7 and Windows 10.

Facebook’s link preview feature abused for website-scraping scheme

A number of data-scraping groups have been using the Facebook link preview feature to scrape data from internet sites which disguised as Facebook’s content crawler. They are using a technique which consists of utilising Facebooks developer accounts in order to place calls to Facebook or Facebook’s Messenger API servers requesting a link preview for pages a group wanted to scrape. Facebook then fetch the data, assemble it in a link preview, and send it to the data scrapers as an API response.

Samsung fixes critical Android flaws with November 2020 updates

This week Samsung has started rolling out Android’s November security updates to mobile devices to patch critical security vulnerabilities in the operating system and enhance overall features on the devices. This comes after Android had published their November 2020 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devices. As observed by BleepingComputer, Samsung Galaxy devices are automatically pulling updates released on November 9, 2020, this week.

A Vulnerability in Mozilla Firefox Could Allow for Arbitrary Code Execution

A vulnerability has been discovered in Mozilla Firefox, Firefox Extended Support Release (ESR) and Mozilla Thunderbird, which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Successful exploitation of this vulnerability could allow for arbitrary code execution.