Botnet Breach Bug Cyber Security Data leak DDoS Emotet Hacking Malware Misinformation Ransomware Scam Vulnerability

Twitter flags Trump tweet regarding Coronavirus immunity, Microsoft disrupts MaaS botnet Trickbot, and more

Major cybersecurity events on 12th October 2020 (Evening Post): Ransomware operators outsource network access exploits to speed up attacks. Cyberattack targeting Longmont’s NextLight, affects customers’ service. Middlemen IT firms, Conduent and Cognizant give ransomware gangs more attack options.

Round Up of Major Breaches and Scams

Twitter slaps warning on President Trump tweet claiming coronavirus immunity

US President Trump has become subject to another fact-check warning on social media after claiming immunity to COVID-19. In a tweet posted on Sunday, the US president claimed that physicians at the White House have given him a clean bill of health, and as a result, he is now “immune” to further infection by the novel coronavirus.

Some Longmont NextLight customers’ service affected by Friday cyberattack

A Friday afternoon cyberattack on NextLight, Longmont’s high-speed, fiber optic broadband internet service, affected a number of customers but has been resolved by NextLight engineers, Longmont Power and Communications reported in a Facebook post Friday. Longmont Power and Communications spokesman Scott Rochat wrote in an email that the disruption was the result of a a DDoS, or “distributed denial of service” attack.

Round Up of Major Malware and Ransomware Incidents

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot, a global menace that has infected millions of computers and is used to spread ransomware. A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks. However, it appears the operation has not completely disabled the botnet.

Ransomware operators now outsource network access exploits to speed up attacks

Ransomware operators are now turning to network access sellers in their droves to cut out a difficult step in the infection process. On Monday, Accenture’s Cyber Threat Intelligence (CTI) team released new research on emerging cybersecurity trends, including an investigation into the nature of relationships between ransomware operators and exploit sellers.

Major cruise ship brand hit with ransomware

One of the largest cruise line operators, Carnival suffered a ransomware attack back in August and has since confirmed that the breach leaked personal information relating to customers, employees and crew members. There are roughly 150,000 employees working for Carnival who get over 13 million guests a year across its 13 cruise brands. However, the company has said that only one brand was hit.

How middlemen are giving ransomware gangs more attack options

The last six months have seen damaging ransomware attacks on two multibillion-dollar IT firms, Conduent and Cognizant, with clients all over the world. The incidents locked computers across the companies, cut into revenue and required days, if not weeks, of clean up. A report published Monday by consulting giant Accenture warns that the kind of criminal groups behind those attacks have more options than ever for accessing corporate networks thanks to a thriving market for outsourced hacking.

Round Up of Major Vulnerabilities and Patches

Attackers Chaining Zerologon with VPN Exploits

The US government has warned of newly discovered APT attacks combining exploits of VPN products with those for the recently disclosed Zerologon bug. The joint alert from the FBI and Cybersecurity and Infrastructure Security Agency (CISA) revealed that government and non-government targets are being attacked in this campaign. It warned that access to federal and SLTT government networks could put election information at risk, although there’s no evidence that this data has been compromised, or that its theft was the goal of the attackers.

One year after server hackers left NordVPN red-faced, firm’s first colocated setup is online

In brief NordVPN has hit the go-live button for the first of its colocated server setups. The move means the VPN provider can take tighter control over the service as it now only rents space for its own custom servers, rather than renting a server in a data centre. The difference being that NordVPN gets to control all the hardware and settings. This dates back to October 2019, when NordVPN was embarrassed by hackers who managed to get into a rented server that was being used to host the VPN service.