Round Up of Major Breaches and Scams
US President Trump has become subject to another fact-check warning on social media after claiming immunity to COVID-19. In a tweet posted on Sunday, the US president claimed that physicians at the White House have given him a clean bill of health, and as a result, he is now “immune” to further infection by the novel coronavirus.
A Friday afternoon cyberattack on NextLight, Longmont’s high-speed, fiber optic broadband internet service, affected a number of customers but has been resolved by NextLight engineers, Longmont Power and Communications reported in a Facebook post Friday. Longmont Power and Communications spokesman Scott Rochat wrote in an email that the disruption was the result of a a DDoS, or “distributed denial of service” attack.
Round Up of Major Malware and Ransomware Incidents
Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot, a global menace that has infected millions of computers and is used to spread ransomware. A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks. However, it appears the operation has not completely disabled the botnet.
Ransomware operators are now turning to network access sellers in their droves to cut out a difficult step in the infection process. On Monday, Accenture’s Cyber Threat Intelligence (CTI) team released new research on emerging cybersecurity trends, including an investigation into the nature of relationships between ransomware operators and exploit sellers.
One of the largest cruise line operators, Carnival suffered a ransomware attack back in August and has since confirmed that the breach leaked personal information relating to customers, employees and crew members. There are roughly 150,000 employees working for Carnival who get over 13 million guests a year across its 13 cruise brands. However, the company has said that only one brand was hit.
The last six months have seen damaging ransomware attacks on two multibillion-dollar IT firms, Conduent and Cognizant, with clients all over the world. The incidents locked computers across the companies, cut into revenue and required days, if not weeks, of clean up. A report published Monday by consulting giant Accenture warns that the kind of criminal groups behind those attacks have more options than ever for accessing corporate networks thanks to a thriving market for outsourced hacking.
Round Up of Major Vulnerabilities and Patches
The US government has warned of newly discovered APT attacks combining exploits of VPN products with those for the recently disclosed Zerologon bug. The joint alert from the FBI and Cybersecurity and Infrastructure Security Agency (CISA) revealed that government and non-government targets are being attacked in this campaign. It warned that access to federal and SLTT government networks could put election information at risk, although there’s no evidence that this data has been compromised, or that its theft was the goal of the attackers.
In brief NordVPN has hit the go-live button for the first of its colocated server setups. The move means the VPN provider can take tighter control over the service as it now only rents space for its own custom servers, rather than renting a server in a data centre. The difference being that NordVPN gets to control all the hardware and settings. This dates back to October 2019, when NordVPN was embarrassed by hackers who managed to get into a rented server that was being used to host the VPN service.