Bug CVE Cyber Security Malware Phishing Ransomware Scam Vulnerability

New Outlook mail issues phishing scam, Mozilla rewards bypassing Firefox exploit mitigations, and more

Major cybersecurity events on 21st August 2020 (Evening Post): US FINRA issues warning for members, threat actors create phishing websites. University of Utah pays $457,000 after ransomware attack. Researchers sound alarm over malicious AWS community Amazon Machine Images.

Round Up of Major Breaches and Scams

Outlook “mail issues” phishing – don’t fall for this scam!

Here’s a phish that our own security team received themselves. Apart from some slightly clumsy wording (but when was the last time you received an email about a technical matter that was plainly written in perfect English?) and a tiny error of grammar, we thought it was surprisingly believable and worth writing up on that account, to remind you how modern phishers are presenting themselves.

US financial regulator warns of phishing sites impersonating brokers

The U.S. Financial Industry Regulatory Authority (FINRA) has issued a new regulatory notice warning members of threat actors using registered brokers’ info to create phishing websites. FINRA is a not-for-profit organization authorized by the U.S. government to regulate member brokerage firms and exchange markets, and to defend American investors by ensuring that the broker-dealer industry functions honestly and equitably.

Round Up of Major Malware and Ransomware Incidents

Researchers Sound Alarm Over Malicious AWS Community AMIs

Researchers are sounding the alarm over what they say is a growing threat vector tied to Amazon Web Services and its marketplace of pre-configured virtual servers. The danger, according to researchers with Mitiga, is that threat actors can easily build malware-laced Community Amazon Machine Images (AMI) and make them available to unsuspecting AWS customers. The threat is not theoretical. On Friday, Mitiga released details of a malicious AMI found in the wild running an infected instance of Windows Server 2008.

University of Utah Pays $457K After Ransomware Attack

The University of Utah coughed up a $457,000 ransom payment after a ransomware attack hit the university’s servers, impacting undisclosed student and faculty related data. The Salt Lake City school, which has 24,485 undergraduate students and 8,333 graduate students enrolled, as well as 1,592 faculty members, was hit by the cyberattack on July 19. The university’s computing servers for its College of Social and Behavioral Science Unit were targeted and rendered temporarily inaccessible.

Round Up of Major Vulnerabilities and Patches

Mozilla Offering Rewards for Bypassing Firefox Exploit Mitigations

Mozilla says mitigation bypasses have until now been classified as low- or moderate-severity issues, but they are now eligible for a reward associated with a high-severity flaw as part of the new Exploit Mitigation Bug Bounty. This means a bypass mitigation with privileged access can earn researchers up to $5,000 if they submit a high-quality report. However, if the mitigation is bypassed without privileged access researchers can receive a reward for the vulnerability itself and a 50 percent bonus for the mitigation bypass.

Shared memory vulnerability in IBM’s Db2 database could let nefarious insiders wreak havoc – so get patching

A bug-hunter has uncovered a vulnerability in IBM’s popular enterprise database which, if left unpatched, could allow a local user to access data and kick off a denial-of-service attack. Security firm Trustwave said the shared memory vulnerability in Db2 – CVE-2020-4414 – was similar to the problems found with Cisco’s Webex in June (CVE-2020-3347). According to TrustWave, “Only Db2 for LUW (Linux, Unix, Windows) is affected. Db2 for other platforms like IBM mainframes and z/OS are unaffected.”

CERT/CC Warns of Vulnerabilities in Diebold Nixdorf, NCR ATMs

A vulnerability in the Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30, CERT/CC reveals, could be abused by an attacker with physical access to internal machine components to commit deposit forgery. The issue exists because the vulnerable devices do not encrypt, authenticate, or verify the integrity of messages transmitted between the cash and check deposit module (CCDM) and the host computer.