Google Fixes Gmail Spoofing Vulnerability. Google has fixed a security issue affecting Gmail and G Suite that could have been exploited to spoof email messages and make them appear to be compliant with Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting, and Conformance (DMARC). Google was notified of the issue on April 3, 2020.
Read more in:
- Google fixes major Gmail bug seven hours after exploit details go public
- Google fixes Gmail bug allowing attackers to send spoofed emails
- The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer
CISA, FBI Warn of New North Korean Malware Used in Attacks on Defense Contractors. The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released a joint malware analysis report regarding malware they say North Korean hackers have been using in attacks against US defense contractors. The BLINDINGSCAN trojan is capable of harvesting information about infected systems; reading, writing, and executing files; and deleting its tracks.
Read more in:
- US govt exposes new North Korean BLINDINGCAN backdoor malware
- CISA warns of BLINDINGCAN, a new strain of North Korean malware
- FBI, DHS expose North Korean government malware used in fake job posting campaign
- DHS and FBI warn of North Korean malware targeted at defense contractors
- MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN
University of Utah Paid $457,000 to Ransomware Operators. The University of Utah has revealed that it paid ransomware operators more than $450,000 to prevent stolen data from being leaked. The university was able to restore computer systems from backups. The attack occurred in mid-July.
Read more in:
- University of Utah update on data security incident
- University of Utah pays $457,000 to ransomware gang
WannaRen Ransomware Operators Offer Key. A ransomware group responsible for spreading WannaRen ransomware earlier this year has offered up the malware’s decryption key. WannaRen infected tens of thousands of computers belonging to Chinese and Taiwanese companies and home users. WannaRen uses the EternalBlue exploit, which WannaCry operators used in May 2017. Within a week, the malware spread more widely than the operators had intended, so they contacted a cybersecurity company and offered the master decryption key.
Read more in: WannaRen ransomware author contacts security firm to share decryption key
Upstate NY Medical Center Recovering From Cyberattack. Samaritan Medical Center in Watertown, New York, is recovering from an unspecified cyberattack that occurred in late July. The attack prevented medical care providers from accessing patients’ electronic medical records. The payroll and accounting systems were affected as well. The facility has continued to care for patients.
Read more in: Weeks after malware disruption, New York hospital is getting back online
Hackers Used Canva Design Platform to Create Phishing eMails. Hackers hijacked Australian design platform Canva and used it to create graphics to lend legitimacy to phishing campaigns. More than 4,200 phishing emails have been generated through Canva since February 2020.
Read more in: Hackers hijack design platform to go phishing
Cisco Issues Fix for Critical Flaw in Virtual Wide Area Application Services. On Wednesday, August 19, Cisco released a fix for a critical vulnerability in its Virtual Wide Area Application Services (vWAAS). The flaw could be exploited to obtain administrator privileges without authentication. Cisco also released two high-severity advisories that address vulnerabilities in Cisco Video Surveillance 8000 Series IP cameras and Cisco Smart Software Manager On-Prem (SSM On-Prem), and 21 medium severity advisories.
Read more in:
- Cisco Critical Flaw Patched in WAN Software Solution
- Cisco bug warning: Critical static password flaw in network appliances needs patching
- Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability
- Cisco Security Advisories
Microsoft Announces End-of-Support Dates for IE 11 and Edge Legacy. In a blog post on Monday, August 17, Microsoft announced that is it phasing out support for Internet Explorer 11 (IE 11). The Microsoft Teams web app will stop supporting IE 11 as of November 20, 2020; Microsoft 365 apps and services will end support for IE 11 as of August 17, 2021. Microsoft also announced that it will be ending support for Edge Legacy as of March 9, 2021.
Read more in:
- Microsoft 365 apps say farewell to Internet Explorer 11 and Windows 10 sunsets Microsoft Edge Legacy
- Microsoft takes one more step toward the death of Internet Explorer
Microsoft Releases Fixes for Flaws in Windows 8.1, Server 2012. Microsoft has released an unscheduled security update to address two high-severity vulnerabilities in Windows 8.1 and Windows Server 2012. Both issues are elevation-of-privilege vulnerabilities that exist in the Windows Remote Access service. The flaws were first disclosed on August 11 in Microsoft’s scheduled Patch Tuesday release, but those patches excluded fixes for Windows 8.1 and Server 2012.
Read more in:
- Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws
- Security update for Windows 8.1, RT 8.1, and Server 2012 R2: August 19, 2020
FritzFrog P2P Botnet. A peer-to-peer (P2P) botnet dubbed FritzFrog has launched attacks against more than 500 SSH servers at government agencies and private companies over the past eight months. FritzFrog installs backdoors and cryptominers on servers it infects.
Read more in:
- New FritzFrog P2P botnet has breached at least 500 enterprise, government servers
- FritzFrog Botnet Attacks Millions of SSH Servers
- Brute-Force P2P Botnet Targeting SSH Servers of Medical Centers, Banks
- Fritzfrog: A New Generation of Peer-to-Peer Botnets
Diebold and NCR Release Fixes for ATM Vulnerabilities. Security flaws in ATMs made by Diebold Nixdorf and NCR could be exploited to modify the amount of currency being deposited to a payment card. Known as “deposit forgery” attacks. Vulnerability notes from Carnegie Mellon University’s CERT Coordination Center say that the problem is due to the fact that the affected machines “do not encrypt, authenticate, or verify the integrity of messages between [Diebold’s cash and check deposit module (CCDM) and NCR’s bunch note accepter (BNA)] and the host computer.”
Read more in:
- ATM makers Diebold and NCR deploy fixes for ‘deposit forgery’ attacks
- Diebold Nixdorf ProCash 2100xe USB ATM does not adequately secure communications between CCDM and host
- NCR SelfServ ATM BNA contains multiple vulnerabilities
Published by Thomas Apel