Breach Brute-force Data leak Hacking Malware Maze Misinformation Ransomware RCE Scam Vulnerability

State-backed hackers target 2020 US elections, 100,000 Razer fans’ sensitive data exposed, and more

Major cybersecurity events on 11th September 2020 (Morning Post): Telehealth applications and services broaden the attack surface, more actors target such apps. Twitter to remove misleading election tweets, gets on Trump’s bad side. SoftServe hit by ransomware attack, exploits Windows customization tool.

Round Up of Major Breaches and Scams

Microsoft: State-backed hackers are targeting the 2020 US elections

Nation state-sponsored hacking groups operating from Russia, China, and Iran are targeting organizations and individuals involved in this year’s U.S. presidential election according to Microsoft. Among the political campaigns, advocacy groups, parties and political consultants that were targeted in these ongoing attacks, Microsoft also mentioned unsuccessful attacks on people associated with the Trump and Biden campaigns.

Razer Gaming Fans Caught Up in Data Leak

An estimated 100,000 customers of Razer, a purveyor of high-end gaming gear ranging from laptops to apparel, have had their private info exposed, according to a researcher. Security consultant Bob Diachenko ran across a misconfigured Elasticsearch cloud cluster that exposed a segment of Razer’s infrastructure to the public internet, for anyone to see. It contained a raft of information of use to cybercriminals, including full name, email, phone number, customer internal ID, order number, order details, billing and shipping address.

Cyber-Risks Explode With Move to Telehealth Services

The hasty shift to online delivery of primary care services since the COVID-19 outbreak has attracted significant attacker interest. The mass adoption of telehealth applications and services in the months since the COVID-19 outbreak began has introduced new cyber-risks within the healthcare industry. New research by SecurityScorecard and Dark Owl found that the rapid onboarding of technologies for enabling the delivery of health services online has significantly broadened the attack surface.

NorthShore health system reports 348,000 affected by Blackbaud breach

I’ve been so busy adding Blackbaud incident-related reports to my worksheets that I maintain for my research with Protenus for Breach Barometer that I forgot to post some incidents here. Thankfully, a kind reader gave me a gentle poke to let you know that Lisa Schenker reported that NorthShore University HealthSystem is notifying approximately 348,000 patients whose protected health information (PHI) was involved in the Blackbaud incident.

Twitter plans to remove false election tweets, setting up clash with Trump

Twitter announced on Thursday that it will label or remove false or misleading information that could cause confusion about an election, or is meant to undermine confidence in civic processes. The update includes enforcement against unverified claims of election rigging, ballot tampering, claiming a political victory before election results are certified and inciting unlawful conduct to prevent a peaceful transfer of power or orderly succession.

Trinity Area School District, police investigating after security breaches during virtual classrooms

Trinity Area School District reported a security breach in a fifth-grade cyber-classroom at Trinity West Elementary on Wednesday, according to a letter by the district’s superintendent that was obtained by Post-Gazette news partner KDKA-TV. Superintendent Michael P. Lucas said the “hacker” accessed the virtual classroom and was “able to introduce offensive racial and other inappropriate comments.” Mr. Lucas also told parents in the letter that there was a report of an alleged pornographic image as well.

Round Up of Major Malware and Ransomware Incidents

SoftServe hit by ransomware, Windows customization tool exploited

Ukrainian software developer and IT services provider SoftServe suffered a ransomware attack on September 1st that may have led to the theft of customers’ source code. With over 8,000 employees and 50 offices worldwide, SoftServe is one of Ukraine’s largest companies offering software development and IT consulting. News about a cyberattack on SoftServe first began circulating on the ‘Telegram DС8044 Kyiv Info’ channel, where an alleged message sent by the company to employees was shared.

‘CDRThief’ Malware Targets Linknat Softswitches

ESET security researchers have discovered a new piece of malware that specifically targets softswitches from Linknat. A VoIP solutions provider from China, Linknat offers software switches (delivering control, billing, and management for VoIP networks) to operators, virtual operators and large industrial organizations. The company was established in 2005. ESET on Thursday published information on CDRThief, a piece of malware designed specifically to target the Linknat VOS2009 and VOS3000 softswitches, which run on standard Linux servers.

MAZE Claims Attack on US School System

The threat group MAZE claims to have carried out a ransomware attack on the twelfth-largest school system in the United States. According to their website, the cyber-criminal gang has successfully targeted Fairfax County Public Schools in Virginia with crypto-ransomware. As proof of the attack, the threat actors have uploaded a zip file of data they claim was exfiltrated from the school system. At time of publication, Maze had published just 2% of the data they claim to have swiped from Fairfax County Public Schools.

Round Up of Major Vulnerabilities and Patches

New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices

Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation (CTKD) of devices supporting both — Basic Rate/Enhanced Data Rate (BR/EDR) and Bluetooth Low Energy (BLE) standard.

Multiple Vulnerabilities in Palo Alto PAN-OS Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Palo Alto PAN-OS, the most severe of which could allow for arbitrary code execution. PAN-OS is an operating system for Palo Alto Network Appliances. An attacker can exploit this issue by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated remote attacker to disrupt system processes and potentially execute arbitrary code with root privileges.

Hackers are fighting a war over 300K vulnerable WordPress sites

Attackers who are actively exploiting a critical remote code execution flaw affecting over 600,000 of WordPress sites running vulnerable File Manager plugin versions have also been seen protecting the sites they compromise from other threat actors’ attacks. The critical vulnerability allows unauthenticated attackers to upload malicious PHP files and execute arbitrary code following successful exploitation. File Manager’s dev team addressed the flaw with the release of File Manager 6.9.

Employees’ Social Media Use on Work Devices Lead to Security Risks

The surge in remote work brought a new wave of security concerns, as many organizations believed that cyber habits of employees could compromise business systems or make corporate data vulnerable to cyberattacks. According to a new survey by the Cyber Readiness Institute, small and medium-sized businesses (SMBs) are concerned that their employees’ social media activities may bring security risks to organizations.