Cybersecurity News Headline Updated on 08 Aug 2020 – FBI Warns on Windows 7; NSA on Mobile Devices Location Data; Canon and Lafayette (CO) Hit With Ransomware, and more

The headline on 08 Aug 2020

FBI Issues Warning on Windows 7 EOL. On Monday, August 3, the FBI sent out a private industry notification urging organizations to upgrade systems still running on Windows 7. Microsoft ended support for Windows 7 more than six months ago. Microsoft allows Windows 7 systems to upgrade to Windows 10 at no cost. However, older hardware may not have the capacity to support Windows 10, so an upgrade would necessitate purchasing new equipment.

Read more in:

NSA: Mobile Devices Expose Location Data. The US National Security Agency (NSA) has released an advisory that enumerates ways in which mobile devices leak location data, often by design. The advisory includes suggestions for users to limit the ways they are tracked through their mobile devices. Recommendations include turning off services like find-my-phone, Wi-Fi, and Bluetooth when they are not needed.

Read more in:

Lafayette, Colorado, Paid Ransomware Demand. The city of Lafayette, Colorado, paid $45,000 to regain access to encrypted data following a ransomware attack. The July 27 attack caused city email, phones, online payments, and reservations to be temporarily unavailable.

Read more in:

ES&S Releases New Vulnerability Disclosure Policy. Voting machine manufacturer Electronic Systems and Software (ES&S) has announced a new vulnerability disclosure policy in an effort to improve the security of its products. The “policy applies to all digital assets owned and operated by ES&S, including corporate IT networks and public facing websites. (Please note that the WSJ story is behind a paywall.)

Read more in:

Twitter Fixes Flaw in Android App. Twitter has fixed a vulnerability in its app for Android devices. The flaw could be exploited to access others’ direct messages and other private information. The high-severity flaw lies in a security issue in the Android OS versions 8 and 9.

Read more in:

Trend Micro Report: ICS Protocol Gateway Vulnerabilities. Researchers at Trend Micro discovered vulnerabilities in protocol gateways, which translate communications between devices used at industrial plants. The most critical of the flaws could be exploited to disable temperature monitoring sensors; the vendor does not plan to release a patch as it considers the product “end-of-life.” Other security issues they found include weak encryption implementation and “specific scenarios wherein an attacker could exploit vulnerabilities in the translation function to issue stealth commands that can sabotage the operational process.”

Read more in:

York, PA: Physical IT Attack Prompts City Hall Closure. The York, Pennsylvania, city hall has been closed following a physical attack on IT infrastructure there. On Wednesday evening, August 5, a press release noted that “access to ALL city landline phone numbers are down. Additionally, access to city files and services are limited. Some web services may be unavailable as our staff works to repair the damage.” Emergency services and other critical operations are functioning.

Read more in: York, Pa., City Hall Closes After Attack on IT Infrastructure

Capital One Fined $80M Over 2019 Breach. The US Office of the Comptroller of the Currency (OCC) has announced that it is imposing an $80 million fine on Capital One for “the bank’s failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank’s failure to correct the deficiencies in a timely manner.” In 2019, a data breach compromised information belonging to more than 100 million Capital One customers. OCC is an independent bureau of the Department of the Treasury.

Read more in:

Operation Skeleton Key Stole IP from Taiwanese Semiconductor Companies. Researchers from Taiwanese cybersecurity firm CyCraft say they have found evidence that hackers believed to have ties to China have stolen intellectual property from seven Taiwanese semiconductor companies. The stolen data include source code, software development kits, and chip designs.

Read more in:

Intel Data Leaked Online. Intel is investigating the leak of 20GB of its internal documents online. The documents include source code, schematics, and other intellectual property that belongs to the chip maker. An Intel spokesperson said that the leaked documents include data that is shared with partners and customers under non-disclosure agreements (NDAs).

Read more in:

The headline on 05 Aug 2020

Ransomware Operators Publish Data Allegedly Stolen from LG, Xerox. Maze ransomware operators have published data they claim to have taken from internal networks at LG and Xerox after the companies declined to pay a ransom. In a June email exchange with ZDNet, Maze operators say they did not launch ransomware on LG’s network, but only exfiltrated data. Read more in: Ransomware gang publishes tens of GBs of internal data from LG and Xerox

Blackbaud Paid Ransomware Demand. Blackbaud’s CEO says the company “discovered and stopped a sophisticated attempted ransomware attack.” Blackbaud paid the ransomware demand in May 2020; the attack was publicly disclosed in July. Blackbaud provides customer relationship management (CRM) software for colleges and universities, non-profit groups, and others. Read more in: ‘We stopped ransomware’ boasts Blackbaud CEO. And by ‘stopped’ he means ‘got insurance to pay off crooks’

Bleeping Computer: Garmin Paid Ransomware Demand. According to a report in Bleeping Computer, Garmin received the WastedLocker ransomware encryption key on July 25, two days after its network was hit with the malware. While it is not known how much Garmin paid the WastedLocker operators, the initial demand was reportedly $10 million. Bleeping Computer obtained “access to an executable created by the Garmin IT department to decrypt a workstation and then install a variety of security software on the machine.” Read more in:

US Travel Agency CWT Reportedly Paid $4.5M Ransomware Demand. Corporate travel agency CWT, formerly known as Carlson Wagonlit Travel) has confirmed that its network was shut down due to a ransomware attack in late July. The company reportedly paid $4.5 million to regain access to its encrypted data. The strain of ransomware used in the attack appears to be Ragnar Locker. Read more in:

Texas School District Will Pay Ransomware Demand. The Athens (Texas) Independent School District (ISD) will pay $50,000 to ransomware operators to regain access to the data in its servers that have been encrypted. The district’s board of trustees voted to pay the ransom, which will be covered by insurance. The attack will postpone the start of the school year by at least a week. Read more in: Texas School District Forks Over $50K in Ransomware Attack

No More Ransom Website Helps Ransomware Victims. The No More Ransom decryption tool repository was established four years ago this month. No More Ransom offers free tools to decrypt 140 strains of ransomware. “The website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.” Read more in:

Three Arrested in Connection With the Twitter Hack. Authorities have arrested and charged three people in connection with the July 15 Twitter hack that took over several high-profile accounts and used them in a Bitcoin fraud scheme. The attackers allegedly used social engineering to gain access to internal Twitter tools. One of the suspects, a 17-year-old, faces 30 felony charges and will be tried as an adult. Read more in:

GandCrab Suspect Arrested. Authorities in Belarus have arrested an individual allegedly involved in the distribution of the GandCrab ransomware. GandCrab ceased operations in June 2019. The FBI released master encryption keys for GandCrab, and Bitdefender released a decryptor. Read more in:

FastPOS Author Pleads Guilty to RICO Conspiracy. A Moldovan citizen has pleaded guilty to RICO (Racketeer Influenced and Corrupt Organizations) conspiracy in a Nevada courtroom for his role in the Infraud cybercriminal organization. In a plea agreement, Valerian Chiochiu admitted to creating malware known as FastPOS, which was designed to facilitate payment card data theft. Chiochiu is the second person in just over a month to plead guilty in connection with Infraud; in late June, Sergey Medvedev also pleaded guilty to RICO conspiracy.
Read more in:

Taidoor RAT. The FBI, the US Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense have issued a joint malware analysis report about malware that China has been using since 2008. Taidoor, as the malware is known, is a remote access trojan (RAT) and has been used in cyberespionage campaigns. Read more in:

BootHole Fix is Causing Problems. Users are urged to take steps to mitigate the issue. Linux distributions have released fixes for the GNU GRUB2 bootloader vulnerability, a.k.a. BootHole. However, some users are reporting that these fixes are causing problems themselves. Users are rebooting booting and dual-booting issues in Debian, Ubuntu, Red Hat, CentOS, and Fedora. The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued advisories that include suggestions for mitigating the BootHole vulnerability. Read more in:

Update Available for WordPress Newsletter Plugin Flaws. Flaws in the Newsletter plugin for WordPress can be exploited to establish backdoors, create admin accounts, and possibly take control of vulnerable sites. The plugin’s developers have released an updated version, Newsletter 6.8.3, which addresses these vulnerabilities.
Read more in:

Citizen Lab: NSO Used to Spy on Clergy, Supporters of Political Opposition in Togo. A report from Citizen Lab says that spyware made by NSO Group was used to target political opposition members and members of the clergy in Togo. All of the targets had spoken out about the need for government reform in the West African country.
Read more in:

Thomas Apel Published by Thomas Apel

, a dynamic and self-motivated information technology architect, with a thorough knowledge of all facets pertaining to system and network infrastructure design, implementation and administration. I enjoy the technical writing process and answering readers' comments included.