Round Up of Major Breaches and Scams
The University of York has disclosed a data breach caused by a cyberattack experienced by a third-party service provider. Personal information belonging to “alumni, staff and students, and extended networks and supporters” is thought to have been stolen during the incident, although the number of individuals potentially impacted has not been disclosed — nor how many years back the stolen records relate to.
Round Up of Major Malware and Ransomware Incidents
Dutch law enforcement cracked the encryption on EncroChat, a secure messaging platform popular with criminals, and made hundreds of arrests. But is this a dangerous precedent? Due to the level of sophistication of the attack, and the malware code, we can no longer guarantee the security of your device. This text caused a lot of aggravation, worries, and sleepless nights. No one wants to hear the security of their device has been compromised by a malware attack.
Researchers tracking Emotet botnet noticed that the malware started to push QakBot banking trojan at an unusually high rate, replacing the longtime TrickBot payload. Last week, Emotet came back to life after a break of more than five months. Starting yesterday, the malspam operation briefly began installing TrickBot on compromised Windows systems again. Researchers noticed that Emotet was dropping QakBot.
Twilio today disclosed that its TaskRouter JS SDK was compromised by attackers after they gained access to one of its misconfigured Amazon AWS S3 buckets which left the SDK’s path publicly readable and writable for roughly five years, since 2015. Twilio is a cloud communications platform as a service (CPaaS) company that powers communications for over 40,000 businesses and helps developers add voice, video, messaging, and authentication capabilities to their apps using Twilio’s web service APIs.
The APT group, known for its attack on Sony Pictures in 2014, has created an “advanced malware framework” that can launch and manage attacks against systems running Windows, MacOS, and Linux. The Lazarus Group, an advanced persistent threat (APT) group linked to North Korea, has developed an “advance malware framework” that has been used to launch and manage attacks against Windows, MacOS, and Linux systems in at least a dozen organizations.
Round Up of Major Vulnerabilities and Patches
Security researchers have demonstrated a method to decrypt proprietary firmware images embedded in D-Link routers. Firmware is the piece of code that powers low-level functions on hardware devices. It is typically hard-coded within the read-only memory. Companies encrypt firmware images in their devices to prevent their reverse engineering by competitors and threat actors, and to prevent their customers from flashing the device with customized firmware.
Citrix informed customers this week that it has patched a vulnerability in its Workspace app that can allow an attacker to remotely hack the computer running the affected application. The security hole, tracked as CVE-2020-8207 and classified as high severity, affects the automatic update service used by the Citrix Workspace app for Windows, and it can be exploited by a local attacker to escalate privileges or by a remote attacker for arbitrary command execution.