Cybersecurity News Headline Updated on 20 Aug 2020

The headline on 20 Aug 2020

Kaspersky uncovered 2 Windows zero-day vulnerabilities from failed attack. Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. Scripting Engine Memory Corruption Vulnerability (CVE-2020-1380) would allow threat actors to execute arbitrary code remotely in Internet Explorer browsers (via Internet Explorer 11’s JavaScript engine). Windows Kernel Elevation of Privilege Vulnerability (CVE-2020-0986) which is Windows kernel flaw that was used in tandem with the Internet Explorer vulnerability to escalate privileges and access the whole operating system. Read more at Kaspersky Daily > Operation PowerFall: Two zero-day vulnerabilities

Indiana University Health CISO Mitchell Parker offers alternatives to ‘snake oil’ companies. Parker discussed his experiences about internal risk assessments, security snake oil salespeople and more at Black Hat USA 2020 session.

Games, not shame: Why security awareness training needs a makeover. Elevate Security co-founder Masha Sedova spoke at Black Hat USA 2020 about why traditional security awareness training is ineffective and fails to change risky behavior.

Apache Struts vulnerabilities allow remote code execution, DoS. The Apache Software Foundation issued security advisories last week for two Apache Struts vulnerabilities found in Apache Struts versions 2.0.0 – 2.5.20, that were originally patched but not fully disclosed last fall.

Bitdefender Releases Landmark Open Source Software Oroject – Hypervisor-based Memory Introspection. If you are new to Hypervisor-based Memory Introspection, or are looking at revolutionizing your security with GravityZone Hypervisor Introspection, have a look at Bitdefender Hypervisor Introspection (HVI) Security Solution.

The headline on 19 Aug 2020

Australian Government Seeks Powers to Respond to Active Cyberattacks Against Critical Infrastructure. Australia’s Cybersecurity Strategy 2020 will require operators of critical infrastructure to report cyber incidents to ASD in real time and potentially allow ASD into their networks to monitor and defend the networks against cyberattacks. Directors will be help legally responsible for ensuring a certain level of cybersecurity. The plan expands the critical infrastructure designation to include universities, the financial sector, the health sector, and food and grocery sector. The government has released a Consultation Paper regarding these issues.

Read more in:

Apache Struts Vulnerabilities. Vulnerabilities detected in Apache Struts can be exploited to execute remote code and to create denial-of-service conditions. The issues affect Apache Struts versions 2.0.0 through 2.5.20. Users are urged to upgrade to Apache Struts version 2.5.22.

Read more in:

Hackers Launched Credential Stuffing Attacks Against Canadian Government Website. Hackers used credential stuffing attacks to access thousands of accounts used by Canadian citizens to access various government services websites. The attacks targeted the Canada Revenue Agency (CRA) and the GCKey portal that provides single sign-on to multiple Canadian government services websites. The hackers used the compromised accounts to access government services and apply for COVID-19 relief payments. The Canada Revenue Agency has temporarily disabled the site. The attacks targeted the Canada Revenue Agency (CRA) and the GCKey portal that provides single sign-on to multiple Canadian government services websites suspended online services.

Read more in:

Update Available to Address Critical Flaws in WordPress Quiz and Survey Master Plugin. Two critical flaws in the Quiz and Survey Master WordPress plugin could be exploited to take control of vulnerable websites. The flaws are an arbitrary file upload vulnerability and an unauthenticated arbitrary file deletion error. Users are urged to update to Quiz and Survey Master version 7.0.1. The plugin is installed in more than 30,000 sites.

Read more in:

Cruise Line Operator Carnival Targeted in Ransomware Attack. Carnival Corporation, the world’s largest cruise line operator, was the victim of a ransomware attack. The August 15 incident was disclosed in a US Securities and Exchange Commission (SEC) 8-K form filing. In the filing, Carnival writes, “We detected a ransomware attack that accessed and encrypted a portion of one brand’s information technology systems. The unauthorized access also included the download of certain of our data files.”

Read more in:

R1 RCM Hit With Ransomware. Medical debt collection company R1 RCM was the target of a ransomware attack. The company says it took its systems offline in response to the attack. While it is not known how long the ransomware operators were inside R1 RCM’s systems, the ransomware was activated earlier this month. R1 RCM was formerly known as Accretive Health Inc.

Read more in: Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Beverage Company Brown-Forman Suffers Cyberattack. Kentucky-based alcoholic beverage company Brown-Forman was the victim of an apparent ransomware attack. In communications with Bleeping Computer, Brown-Forman wrote, “Unfortunately, we believe some information, including employee data, was impacted. We are working closely with law enforcement, as well as world-class third-party data security experts, to mitigate and resolve this situation as soon as possible.” The company is not actively negotiating with the attackers. The company also told Bleeping Computer that they managed to prevent their systems from being encrypted.

Read more in: U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen

Ritz London Food and Beverage Reservation System Breached. London’s Ritz Hotel is investigating a data breach of its food and beverage reservation system that compromised personal information belonging to some of its clients. Clients have reported being contacted by phone by people claiming to be Ritz Hotel staff seeking to confirm payment card details. The calls were spoofed to appear to be coming from the hotel.

Read more in:

Microsoft Patch Tuesday Included Fix for Flaw First Reported in 2018. One of the vulnerabilities Microsoft patched in its monthly release last week was first reported to the company in August 2018. The Windows spoofing vulnerability affects all supported versions of Windows. The flaw could be exploited to “bypass security features intended to prevent improperly signed files from being loaded.”

Read more in:

The Value of Threat Intelligence Feeds. Researchers from universities in the Netherlands and Germany compared information provided by two commercial and four open source threat intelligence services. They found very little overlap between the six feeds, noting, “These findings raise questions on the coverage and timeliness of paid threat intelligence.”

Read more in:

The headline on 15 Aug 2020

Patch Tuesday: Microsoft: Two Actively Exploited (incl. IE) and File Validation). On Tuesday, August 11, Microsoft released updates to address at least 120 vulnerabilities in Windows and other products and services. Two of the flaws are being actively exploited: a memory corruption vulnerability in the scripting engine in Internet Explorer, and a spoofing flaw in Windows file validation that could be exploited to bypass security features.

Read more in:

NSA and FBI: Fancy Bear Hacking Group Using New Linux Rootkit. In a joint cybersecurity advisory, the US National Security Agency (NSA) and the FBI warn of a new strain of malware being used by hackers with ties to Russia’s government. Drovorub is a rootkit designed to infect Linux systems and steal data.

Read more in:

CISA Warns of Phishing Attempts that Spoof SBA Loan Program. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning of a phishing attack that sends users to a spoofed version of the Small Business Administration’s (SBA’s) COVID-19 loan relief webpage.

Read more in:

US Financial Regulator FINRA Warns of Phishing Website. The US Financial Industry Regulatory Authority (FINRA) has issued an alert warning of the existence of a fraudulent copycat website that includes a registration form for collecting data that could be used in targeted phishing attacks. Observant users will note an extra “n” in the domain name of the copycat site. FINRA has requested that the domain registrar suspend the phony domain.

Read more in:

TikTok Secretly Collected MAC Addresses. According to a report in the Wall Street Journal, the TikTok video-sharing app collected MAC addresses from Android users for more than a year. The app hid the questionable activity with encryption. The activity was conducted for 15 months, ending in November 2019. (Please note that the WSJ story is behind a paywall.)

Read more in:

Amazon Alexa Vulnerabilities Patched. Earlier this year, researchers from Check Point found that some Amazon Alexa subdomains were vulnerable to cross-origin resource sharing (CORS) misconfiguration and cross-site scripting. Check Point notified Amazon of the issues in June. The issues could be exploited to access users’ voice history logs to discover which skill are installed, and to install additional skills. Amazon has fixed the issues.

Read more in:

Citrix Releases Fixes for Flaws in XenMobile Server. Citrix has released updates to address vulnerabilities in its Citrix Endpoint Management, often known as XenMobile Server. Users are urged to apply the updates as soon as possible, as Citrix says they “anticipate malicious actors will move quickly to exploit.” Two of the vulnerabilities are rated critical.

Read more in:

Patch Tuesday: Adobe. Adobe has released updates to address vulnerabilities in Reader and Acrobat; 11 of the flaws are rated critical. Adobe also released an update to address a privilege elevation vulnerability in Lightroom.

Read more in:

TinyMCE Flaw Fixed. TinyMCE developers have released a fix for a cross-site scripting vulnerability in the open-source text editor. The flaw could be remotely exploited to gain administrative access to vulnerable websites. TinyMCE is usually part of content management systems (CMS) used by websites.

Read more in:

Intel Security Updates for Server Boards, Server Systems, and Compute Modules. Intel has released updates to address 22 security issues in certain Intel Server Boards, Server Systems, and Compute Modules. One of the flaws is rated critical; it could be exploited by an unauthenticated remote attacker to gain elevated privileges. Ten of the flaws are rated high severity.

Read more in:

WordPress 5.5: Option to Update Plugins Automatically. WordPress has released version 5.5 of its content management platform. Among the new features is the option to enable automatic updates for plugins and themes. Users can choose to have all background updates, or to enable or disable them on specific themes and plugins.

Read more in:

SEPTA (Philadelphia Transit) Malware Attack. Servers belonging to the Southeastern Pennsylvania Transit Authority (SEPTA) were infected with malware last weekend; SEPTA has called in help from cybersecurity experts and the FBI. Since the infection, SEPTA has shut down employee email, payroll access, remote timekeeping, and real-time data feeds for customers.

Read more in: Pennsylvania Transit Agency Disrupted by Malware Attack

Thomas Apel Published by Thomas Apel

, a dynamic and self-motivated information technology architect, with a thorough knowledge of all facets pertaining to system and network infrastructure design, implementation and administration. I enjoy the technical writing process and answering readers' comments included.