Categories
APT Breach Bug CVE Cyber Security Data leak Hacking Malware Phishing Ransomware RCE Scam Trojan Virus Vulnerability

Vermont Medical Center attack costs $1.5M a day, Steam flaws let gamers crash opponents’ computers, and more

Major cybersecurity events on 10th December 2020 (Evening Post): njRAT Trojan operators use Pastebin as alternative to central command server. Leaky Elasticsearch server reveals massive Instagram click farm. Potential Starbucks remote code execution vulnerability uncovered and patched.

Round Up of Major Breaches and Scams

Vaccine Documents Hacked as West Grapples With Virus Surge

Documents related to the Pfizer coronavirus vaccine were illegally accessed during a cyberattack at the EU regulator, the company said Wednesday, as Germany and other northern hemisphere countries grappled with a winter surge in the pandemic. The Amsterdam-based European Medicines Agency (EMA) reported the cyberattack as European countries eagerly await a vaccine, including Germany where Chancellor Angela Merkel is pushing for tougher action against a second wave of Covid-19 that is proving deadlier than the first there.

Round Up of Major Malware and Ransomware Incidents

Misery of Ransomware Hits Hospitals the Hardest

Despite hospitals being on the front lines during the pandemic, bad actors have continued to target them with ransomware. In addition to wreaking havoc on operational processes in medical facilities at the worst possible time, the attacks have evolved to threaten patient safety. In September, employees at Universal Health Services (UHS), a Fortune-500 owner of a nationwide network of hospitals, reported widespread outages that resulted in delayed lab results, a fallback to pen and paper, and patients being diverted to other hospitals.

njRAT Trojan operators are now using Pastebin as alternative to central command server

Operators of the njRAT Remote Access Trojan (RAT) are leveraging Pastebin C2 tunnels to avoid scrutiny by cybersecurity researchers. On Wednesday, Palo Alto Networks’ Unit 42 cybersecurity team said njRAT, also known as Bladabindi, is being used to download and execute secondary-stage payloads from Pastebin, scrapping the need to establish a traditional command-and-control (C2) server altogether.

Attack on Vermont Medical Center is costing the hospital $1.5M a day

The attack that hit the University of Vermont Medical Center at the end of October is costing the hospital about $1.5 million a day. In October, ransomware operators hit the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network. The ransomware attack took place on October 28 and disrupted services at the UVM Medical Center and affiliated facilities. A month later, the University of Vermont Medical Center was continuing to recover from the cyber attack that paralyzed the systems at the Burlington hospital.

Round Up of Major Vulnerabilities and Patches

Critical Steam Flaws Could Let Gamers to Crash Opponents’ Computers

Valve fixed critical bugs in its Steam gaming client, which is a platform for popular video games like Counter Strike: Global Offensive, Dota2 and Half Life. Game developer Valve has fixed critical four bugs in its popular Steam online game platform. If exploited, the flaws could allow a remote attacker to crash an opponent’s game client, take over the computer – and hijack all computers connected to a third-party game server.

Proof-of-concept exploit code published for new Kerberos Bronze Bit attack

Proof-of-concept exploit code has been published this week for a new attack technique that can bypass the Kerberos authentication protocol in Windows environments and let intruders access sensitive network-connected services. Named the Bronze Bit attack, or CVE-2020-17049, patching this bug caused quite the issue for Microsoft already. The OS maker delivered an initial fix for Bronze Bit attacks in the November 2020 Patch Tuesday, but the patch caused authentication issues for Microsoft’s customers, and a new update had to be deployed this month to fix the previous issues.

Leaky Elasticsearch Server Reveals Massive Instagram Click Farm

Security researchers have uncovered a massive Instagram click farm in central Asia, operating tens of thousands of fake profiles. A team at vpnMentor found the operation thanks to a completely unsecured Elasticsearch database it was using, connected to the public-facing internet. “The click farm appears to be run by a sophisticated operation that has built a highly automated process to create tens of thousands of fake proxy accounts on Instagram. Each account had its own avatar, bio and ‘persona,’ appearing to join Instagram from all over the world,” said vpnMentor.

Remote code execution vulnerability uncovered in Starbucks mobile platform

A potential remote code execution (RCE) bug has been patched in one of Starbucks’ mobile domains. The US coffee giant runs a bug bounty platform on HackerOne. A new vulnerability report submitted by Kamil “ko2sec” Onur Özkaleli, first submitted on November 5 and made public on December 9, describes an RCE issue found on mobile.starbucks.com.sg, a platform for Singaporean users.