Round Up of Major Breaches and Scams
The Qbot botnet uses a new template for the distribution of their malware that uses a fake Windows Defender Antivirus theme to trick you into enabling Excel macros. Qbot, otherwise known as QakBot or QuakBot, is Windows malware that steals bank credentials, Windows domain credentials, and provides remote access to threat actors who install ransomware. Victims usually become infected with Qbot through another malware infection or via phishing campaigns using various lures.
These clips were recorded from home security cameras featuring people’s daily and even personal lives. As of 2019, there were over 770 million security cameras around the world, and when it comes to the Internet of Things (IoT) devices, in total, there are over 28 billion IoT devices currently connected to the Internet. While security cameras play a vital role in remotely monitoring children, the elderly, and pets, etc., they are also a lucrative target for cybercriminals especially when a huge number of these devices are known to be vulnerable.
In Singapore it’s not at all uncommon today for people to have IP cameras all over their homes. And, of course, the more people who installed internet-connected cameras throughout their private residences the more you would be considered odd if you hadn’t jumped on the bandwagon, and put cameras in your living room, kitchen, bedroom, sometimes even with a view of even more private areas of your house.
Round Up of Major Malware and Ransomware Incidents
Microsoft and security firms ESET, Black Lotus Labs, and Symantec collaborated with the financial services industry to cut off the ransomware operation’s C2 infrastructure. Technology and security companies teamed up with the financial services and telecommunications industries to disrupt the command-and-control (C2) infrastructure used to manage the well-known Trickbot ransomware to infect more than a million computing devices, the firms behind the takedown said on Monday.
The attack, which now includes extortion components, has moved into its second week. Software AG, Germany’s second-largest software company (after SAP) continues to struggle with a ransomware attack that has evolved into an extortion bid carrying a $20 million payoff demand. The attack began on October 3 as a ransomware attack in which the attackers demanded the unusually high ransom in return for a decryption key.
In the cyber-security field, the term OST refers to software apps, libraries, and exploits that possess offensive hacking capabilities and have been released as either free downloads or under an open source license. OST projects are usually released to provide a proof-of-concept exploit for a new vulnerability, to demonstrate a new (or old) hacking technique, or as penetration testing utilities shared with the community. Today, OST is one of the most (if not the most) controversial topics in the information security (infosec) community.
Microsoft says that customers who install the optional KB4577062 update for Windows 10 versions 1903 and 1909 will encounter issues upgrading to newer Windows 10 versions on some devices. KB4577062 was released on September 16, 2020, with the main highlight being that it enables an Internet Explorer 11 notification to inform users about Adobe Flash’s end of support in December 2020.
The City of Mt. Pleasant has fallen victim to a ransomware attack, that is according to city officials. According to a press release on the city site, a remote ransomware attack was detected on the city’s computer and phone systems on Saturday morning. Officials said the city’s firewall remained secure and they do not plan to pay a ransom.
Round Up of Major Vulnerabilities and Patches
The Windows Update client has just been added to the list of living-off-the-land binaries (LoLBins) attackers can use to execute malicious code on Windows systems. LoLBins are Microsoft-signed executables that can be abused by threat actors to evade detection while downloading, installing, or executing malicious code. They can also be used by attackers in their efforts to bypass Windows User Account Control (UAC) or Windows Defender Application Control (WDAC) and to gain persistence on already compromised systems.
Government-backed hackers have compromised and gained access to US elections support systems by chaining together VPN vulnerabilities and the recent Windows CVE-2020-1472 security flaw. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says that advanced persistent threat (APT) actors used this vulnerability chaining tactic to target federal and SLTT (state, local, tribal, and territorial) government networks, as well as election organizations, and critical infrastructure.
Facebook has announced a series of updates for its bug bounty program, including bonus rewards for engaged researchers, as well as a faster bug triage process. Extra rewards and benefits, Facebook says, are being offered as part of Hacker Plus, a loyalty program meant for those researchers who are actively identifying vulnerabilities in its products. Researchers may also receive access to soon-to-be-released products and features, and invites to annual events.