Cybersecurity News Headlines Update on August 22, 2020

Google Fixes Gmail Spoofing Vulnerability. Google has fixed a security issue affecting Gmail and G Suite that could have been exploited to spoof email messages and make them appear to be compliant with Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting, and Conformance (DMARC). Google was notified of the issue on April 3, 2020.

Read more in:

CISA, FBI Warn of New North Korean Malware Used in Attacks on Defense Contractors. The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released a joint malware analysis report regarding malware they say North Korean hackers have been using in attacks against US defense contractors. The BLINDINGSCAN trojan is capable of harvesting information about infected systems; reading, writing, and executing files; and deleting its tracks.

Read more in:

University of Utah Paid $457,000 to Ransomware Operators. The University of Utah has revealed that it paid ransomware operators more than $450,000 to prevent stolen data from being leaked. The university was able to restore computer systems from backups. The attack occurred in mid-July.

Read more in:

WannaRen Ransomware Operators Offer Key. A ransomware group responsible for spreading WannaRen ransomware earlier this year has offered up the malware’s decryption key. WannaRen infected tens of thousands of computers belonging to Chinese and Taiwanese companies and home users. WannaRen uses the EternalBlue exploit, which WannaCry operators used in May 2017. Within a week, the malware spread more widely than the operators had intended, so they contacted a cybersecurity company and offered the master decryption key.

Read more in: WannaRen ransomware author contacts security firm to share decryption key

Upstate NY Medical Center Recovering From Cyberattack. Samaritan Medical Center in Watertown, New York, is recovering from an unspecified cyberattack that occurred in late July. The attack prevented medical care providers from accessing patients’ electronic medical records. The payroll and accounting systems were affected as well. The facility has continued to care for patients.

Read more in: Weeks after malware disruption, New York hospital is getting back online

Hackers Used Canva Design Platform to Create Phishing eMails. Hackers hijacked Australian design platform Canva and used it to create graphics to lend legitimacy to phishing campaigns. More than 4,200 phishing emails have been generated through Canva since February 2020.

Read more in: Hackers hijack design platform to go phishing

Cisco Issues Fix for Critical Flaw in Virtual Wide Area Application Services. On Wednesday, August 19, Cisco released a fix for a critical vulnerability in its Virtual Wide Area Application Services (vWAAS). The flaw could be exploited to obtain administrator privileges without authentication. Cisco also released two high-severity advisories that address vulnerabilities in Cisco Video Surveillance 8000 Series IP cameras and Cisco Smart Software Manager On-Prem (SSM On-Prem), and 21 medium severity advisories.

Read more in:

Microsoft Announces End-of-Support Dates for IE 11 and Edge Legacy. In a blog post on Monday, August 17, Microsoft announced that is it phasing out support for Internet Explorer 11 (IE 11). The Microsoft Teams web app will stop supporting IE 11 as of November 20, 2020; Microsoft 365 apps and services will end support for IE 11 as of August 17, 2021. Microsoft also announced that it will be ending support for Edge Legacy as of March 9, 2021.

Read more in:

Microsoft Releases Fixes for Flaws in Windows 8.1, Server 2012. Microsoft has released an unscheduled security update to address two high-severity vulnerabilities in Windows 8.1 and Windows Server 2012. Both issues are elevation-of-privilege vulnerabilities that exist in the Windows Remote Access service. The flaws were first disclosed on August 11 in Microsoft’s scheduled Patch Tuesday release, but those patches excluded fixes for Windows 8.1 and Server 2012.

Read more in:

FritzFrog P2P Botnet. A peer-to-peer (P2P) botnet dubbed FritzFrog has launched attacks against more than 500 SSH servers at government agencies and private companies over the past eight months. FritzFrog installs backdoors and cryptominers on servers it infects.

Read more in:

Diebold and NCR Release Fixes for ATM Vulnerabilities. Security flaws in ATMs made by Diebold Nixdorf and NCR could be exploited to modify the amount of currency being deposited to a payment card. Known as “deposit forgery” attacks. Vulnerability notes from Carnegie Mellon University’s CERT Coordination Center say that the problem is due to the fact that the affected machines “do not encrypt, authenticate, or verify the integrity of messages between [Diebold’s cash and check deposit module (CCDM) and NCR’s bunch note accepter (BNA)] and the host computer.”

Read more in:

Thomas Apel Published by Thomas Apel

, a dynamic and self-motivated information technology architect, with a thorough knowledge of all facets pertaining to system and network infrastructure design, implementation and administration. I enjoy the technical writing process and answering readers' comments included.