Cybersecurity News Headlines Update on August 28, 2020

Russian Man Arrested in Connection with Scheme to Infect Tesla Factory Network with Malware. US law enforcement authorities have arrested and charged a Russian man for allegedly offering $1 million to an employee at Tesla’s Sparks, Nevada factory in return for infecting the company’s network with malware. The employee contacted the FBI. Egor Igorevich Kriuchkov was arrested earlier this week and charged with one count of conspiring to intentionally cause harm to a protected computer.

Read more in:

New Zealand Stock Exchange Struck by DDoS Attack. The New Zealand stock exchange (NZX) has temporarily halted trading as it deals with the effects of a distributed denial-of-service (DDoS) attack that hit its network on Tuesday, August 25. The attack is likely the work of a group that has been launching DDoS attacks against other high-profile financial service organizations, including MoneyGram, Worldpay, Venmo, and PayPal. The group demands a ransom to be paid in bitcoin to stop the attacks.

Read more in:

Autodesk Vulnerability Exploited in Cyberespionage Campaign. Hackers launched a cyberespionage campaign against an international architecture and video production firm through a vulnerability in Autodesk 3D computer graphics software. The hackers managed to get someone at the company to download a malicious Autodesk plugin.

Read more in:

Fix Available for Pulse Secure VPN Vulnerability. A code execution vulnerability in Pulses Secure VPN could be exploited to take control of networks. While the exploit requires that the attacker have admin privileges, this can be accomplished by tricking a user with those privileges into clicking on a malicious link. Users are urged to update to version 9.1R8 of Pulse Connect Secure and Pulse Policy Secure.

Read more in:

Medical Data Leaked on GitHub. Medical data belonging to as many as 200,000 people were exposed on GitHub. The information from clinics, hospitals, billing services, and other healthcare-related organizations was not leaked by hackers but was insufficiently protected due to faulty access control configuration and hardcoded credentials.

Read more in:

Qbot Trojan Now Hijacking eMail Threads. A new variant of the Qbot Trojan is hijacking email threads, according to a report from Check Point. Qbot , which is also called Qakbot and Pinkslipbot, has been in use since at least 2008. It also is capable of stealing information, installing additional malware, and conducting fraudulent bank transactions.

Read more in:

Microsoft Azure Sphere Bugs Patched. Researchers at Cisco Talos found four vulnerabilities in Microsoft’s Azure Sphere: two of the flaws could lead to unsigned code execution, and two could be exploited to gain elevated privileges. Microsoft has released Azure Sphere 20.08, which addresses these vulnerabilities.

Read more in:

Google Patches Flaw in Chrome Browser. Google has fixed a high-severity use-after-free vulnerability in its Chrome browser. The flaw exists because Chrome’s Web Graphics Library (WebGL) component does not properly handle objects in memory. The vulnerability could be exploited to execute arbitrary code. The issue is fixed in Chrome 85, which has been released to the stable channel for Windows, Mac, and Linux.

Read more in:

US Government Agencies Warn of North Korean Hackers Targeting ATMs. The US Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, the FBU, and US Cyber Command have issued a joint technical alert regarding an automated teller machine (ATM) cash-out scheme that is being conducted by actors working on behalf of the North Korean government. According to the alert, the group has been stealing large sums of money through the cash-out schemes and fraudulent international funds transfers.

Read more in:

DARPA’s Hardened Hardware Standing Up to Bug Bounty Program. The US Defense Advanced Research Projects Agency’s (DARPA) bug bounty program, Find Exploits to Thwart Tampering (FETT), began in July and runs through September. The program is designed to find bugs in DARPA’s System Security Integrated Through Hardware and Firmware (SSITH) program. To date, no bugs have been found.

Read more in:

Thomas Apel Published by Thomas Apel

, a dynamic and self-motivated information technology architect, with a thorough knowledge of all facets pertaining to system and network infrastructure design, implementation and administration. I enjoy the technical writing process and answering readers' comments included.