Cybersecurity News Headlines Update on September 18, 2020

US Department of the Interior OIG Audit Report Details Wireless Network Security Problems. According to an audit report from the Department of the Interior Office of Inspector General (DOIOIG), “the Department did not deploy and operate secure wireless network infrastructure, as required by the National Institute of Standards and Technology (NIST) guidance and industry best practices.” Penetration testers were able to access DOI’s internal wireless network with a smartphone and about $200 of equipment stashed in a backpack. They were able to intercept and decrypt traffic. The attacks the pen testers conducted were not detected by DOI employees. Read more in:

DOJ Charges Seven in Connection with Multiple Cyberattacks. The US Department of Justice has charged seven individuals in connection with a series of cyberattacks against software, pharmaceutical and technology companies, non-profit organizations, and universities. Two of the individuals have been arrested in Malaysia; the other five remain at large in China. Some of those charged are allegedly part of the APT41 hacking group. Read more in:

The US Charges Alleged Iranian Hackers. The US Department of Justice has filed charges against two Iranian men, Hooman Heidarian and Mehdi Farhadi, for allegedly launching numerous cyberattacks over the past seven years. The targeted organizations include universities, a defence contractor, a foreign policy organization, and government agencies. Prosecutors believe that Heidarian and Farhadi shared stolen data with Iranian government intelligence officials. Heidarian and Farhadi have not been arrested; they are on the FBI’s wanted list. Read more in:

The US Indicts Three for Alleged Theft of Intellectual Property and Other Information. The US Department of Justice has indicted three Iranian individuals, Said Pourkarim Arabi, Mohammad Reza Espargham, and Mohammad Bayati, for allegedly hacking aerospace and satellite companies. Their campaign allegedly ran from July 2015 until at least February 2019 and targeted organizations in the US as well as in other countries. The campaign was allegedly orchestrated “to steal critical information related to United States aerospace and satellite technology and resources.” Read more in:

Criminal Charges and Financial Sanctions in Cryptocurrency Phishing Case. The US Department of the Treasury’s Office of Foreign Assets Control has officially sanctioned two Russian individuals, Danil Potekhin and Dmitrii Karasavidi, in connection with a phishing campaign “that targeted customers of two U.S.-based and one foreign-based virtual asset service providers.” In addition, the Department of Justice has filed charges against Potekhin and Karasavidi for allegedly stealing millions of dollars’ worth of cryptocurrency. They remain at large. Read more in:

German Authorities Investigating Patient Death After Ransomware Attack on Hospital. In the wake of ransomware on its network, Dusseldorf University Hospital determined that it would not be equipped to conduct scheduled and outpatient procedures or offer emergency care. A patient with a life-threatening condition was rerouted to a different hospital, which resulted in the treatment being delayed by an hour; the patient did not survive. German authorities are investigating the incident as negligent manslaughter. Read more in:

NCSC Warns of Ransomware Attacks Against Education Sector. The UK’s National Cyber Security Centre (NCSC) has issued an alert warning of an increasing number of ransomware attacks targeting schools and universities. The alert describes common ransomware infection vectors (phishing emails, Remote Desktop Protocol, and unpatched hardware and software vulnerabilities) and provides a list of suggested mitigations. Read more in:

Ransomware Attack Disrupts Online Learning for California School District. A ransomware attack affecting the network of the Newhall School District in Valencia, California, resulted in a temporary shutdown of remote learning. District servers remain shut down to allow a forensic investigation. Read more in:

Adobe Patches Flaws in Media Encoder. Adobe has released an unscheduled update for Media Encoder to address “out-of-bounds read vulnerabilities that could lead to information disclosure in the context of the current user.” The flaws affect Adobe Media Encoder versions 14.3.2 and earlier. Read more in:

BLESA: Bluetooth Low Energy Spoofing Attacks Vulnerability. Researchers from Purdue University have uncovered “design weaknesses” in Bluetooth Low Energy protocol that could put devices at risk of spoofing attacks. The researchers note that “BLE requires limited or no user interaction to establish a connection between two devices.” The weaknesses lie in the fact that “link-layer encryption/authentication is optional” and that authentication procedure can be circumvented. Read more in:

Apple iOS Security Updates. Apple has released updates for iOS and iPadOS. The newest versions – iOS 14 and iPadOS 14 – fix 11 security issues, including a privilege elevation vulnerability that can be exploited if users are manipulated into opening a maliciously crafted file. Apple has also issued updates for Safari, tvOS, and watchOS. Read more in:

2,000 eCommerce Sites Running Magento were Hacked Over the Weekend. Nearly 2,000 eCommerce sites running on the Magento platform were compromised over the weekend. The attackers installed malicious code to log payment card data. Most of the hacked sites were running Magento version 1, which is no longer supported. Magento 1.x reached EOL at the end of June 2020. Read more in:

Malvertising Sneaks Into Banner Ads on Adult Sites, Exploits Flaws in Flash and IE. Hackers have placed malicious banner ads on numerous adult websites. The ads redirect users to malicious sites that attempt to install malware through vulnerabilities in Adobe Flash and Internet Explorer. Read more in:

Update Available for WordPress Email Subscribers & Newsletters Plugin Flaw. Developers of the Email Subscribers & Newsletters plugin for WordPress have released an updated version to fix a spoofing vulnerability. The plugin has more than 100,000 active installations. Users are urged to upgrade to version 4.5.6. Read more in:

USPS OIG: Vulnerable Apps Could Have Exposed Data. According to a July 27, 2020, memorandum from the US Postal Service (USPS) Office of Inspector General, USPS has been using six applications that contained known vulnerabilities and which remained unpatched for years. The flaws in the apps could have been exploited to gain access to sensitive data. USPS has since addressed the security issues. Read more in:

Dept. of Veterans Affairs Breach Affects 46,000. A data breach affecting the US Department of Veterans Affairs (VA) Financial Service Center (FSC) compromised personal information belonging to 46,000 veterans. The malicious actors accessed a FSC application without authorization. FSC has taken the application offline. Read more in:

Fairfax County, Virginia, School System Suffers Ransomware Attack. Fairfax County (Virginia) Public Schools (FCPS) is investigating a ransomware attack on “some of [its] technology systems.” While the attack did not disrupt the district’s remote learning program, FCPS is working with federal authorities and “cybersecurity consultants to investigate the nature, scope and extent of any possible data compromise.” Read more in:

Artech Information Systems Hit with Ransomware Last January. Artech Information Systems has disclosed that its systems were targeted in a ransomware attack in January 2020. While investigating reports of unusual activity on a user account, Artech discovered ransomware on several of its systems. The company brought in a third-party forensic investigation firm, which “determined that an unauthorized actor had access to certain Artech systems between January 5, 2020, and January 8, 2020.” The compromised systems contained sensitive information, including health and financial data. Read more in:

Tutanota’s DDoS Defense Prevented Users From Accessing Accounts. Tutanota, a company that offers encrypted email service, has apologized to its users for unintentionally shutting them out of their accounts while the company dealt with a distributed denial-of-service (DDoS) attack. Tutanota experienced DDoS attacks on at least five occasions in the past month. Read more in: Sorry we shut you out, says Tutanota: Encrypted email service weathers latest of ongoing DDoS storms

CISA and FBI Alert Warns of China’s State-Sponsored Hackers. The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint alert warning that cyber threat actors affiliated with China’s Ministry of State Security (MSS) have been targeting US government agencies. According to the alert, the Chinese hackers are exploiting vulnerabilities in Microsoft Exchange Server, F5 Big-IP, Pulse Secure VPN, and Citrix VPN. Patches are available for the flaws. Read more in:

IRS Seeks Technology to Help it Trace Cryptocurrency. The US Internal Revenue Service (IRS) is seeking proposals that will allow the agency to trace cryptocurrency transactions as part of its investigations into money laundering and other cybercrimes. The deadline for proposals is Wednesday, September 16. Read more in:

Researchers and Tech Companies Respond to Voatz’s CFAA Supreme Court Amicus Brief. Nearly 70 individuals and organizations in the cybersecurity community have signed a letter criticizing the argument put forth in an amicus brief submitted to the US Supreme Court regarding a case that could have wide-reading implications for security research. Voatz’s brief argues that the Computer Fraud and Abuse Act (CFAA) should not protect security researchers who do not have explicit permission to examine code for vulnerabilities. The signatories say that “As representatives of the security community, including pioneers of coordinated vulnerability disclosure, bug bounties, and election security, it is our opinion that Voatz’s brief to the Court fundamentally misrepresents widely accepted practices in security research and vulnerability disclosure, and that the broad interpretation of the CFAA threatens security research activities at a national level.” Read more in:

FBI Warns Financial Institutions of Credential Stuffing Attacks. An FBI warning sent to US organizations in the financial sector warns of an increase in credential stuffing attacks targeting their institutions. Suggested mitigations include advising customers and employees to use unique passwords for accounts and to change Internet login page responses so that they do not indicate if just one component of the login is correct. Read more in:

Microsoft: Russian Hackers Are Targeting US Presidential Campaigns. In a blog post, Microsoft writes that it “has detected cyberattacks targeting people and organizations involved in the upcoming presidential election.” Microsoft has seen malicious activity from hacking groups operating from Russia, China, and Iran. The attacks are targeting “candidates and campaign staffers, but also those they consult on key issues.” Read more in:

Zoom Will Offer Two-Factor Authentication to All Users. Zoom has announced plans to roll out two-factor authentication (2FA) to all users. There will be several 2FA options for users to choose from: authentication apps like Google Authenticator, Microsoft Authenticator, and FreeOTP, or code from Zoom sent via SMS or a phone call. Read more in:

Irish Data Protection Commission Will Order Facebook to Stop Sending EU User Data to the US. Facebook has received a preliminary order to stop sending the European Union (EU) user data to the US. Facebook has until mid-September to respond to the order from the Irish Data Protection Commission. The order grew out of a July 2020 ruling from the Court of Justice of the European Union (CJEU) that invalidated Privacy Shield, the current EU-US data transfer agreement because the protections it offered against US Surveillance laws were found to be inadequate to protect the rights of EU data subjects. The CJEU ruling left in place Standard Contractual Clauses (SCC), which provide for data transfers between EU and non-EU countries. The Irish Data Protection Commission believes that the SCC provisions are not sufficient and is therefore asking Facebook to stop data transfers. (Please note that the WSJ story is behind a paywall.) Read more in:

School Openings Delayed Due to Ransomware and Other Digital Disruptions. School districts in Connecticut, North Carolina, Nevada, and other US states have been hit with ransomware, interrupting plans for both online and in-person classes. In some districts, online classes have been interrupted by Zoom-bombing and distributed denial-of-service (DDoS) attacks. Hartford (Connecticut) Public Schools, which are resuming both in-person and remote classes, postponed the first day of school after suffering a ransomware attack. Read more in:

Pakistani Power Company Hit with Ransomware. Systems at K-Electric, the company that provides electricity to Karachi, Pakistan, were infected with Netwalker ransomware. The attack disrupted billing and online services. The attack reportedly occurred on September 7. Read more in: Netwalker ransomware hits Pakistan’s largest private power utility

Equinix Internal Systems Hit with Ransomware. Data colocation centre company Equinix has acknowledged that its internal systems were hit with ransomware. In a blog post, Equinix writes, “Note that as most customers operate their own equipment within Equinix data centres, this incident has had no impact on their operations or the data on their equipment at Equinix.” Read more in:

Microsoft Patch Tuesday. Microsoft’s monthly security update release for September includes fixes for 129 security issues. Twenty-three of the vulnerabilities are considered critical. One of the more worrisome flaws patched earlier this week is a memory corruption issue in Microsoft Exchange that could be exploited simply by sending a maliciously-crafted email. Read more in:

Adobe Patch Tuesday. On Tuesday, September 8, Adobe released fixes for vulnerabilities in Experience Manager, Framemaker, and InDesign. Nine of the 11 vulnerabilities fixed in Experience Manager could be exploited to execute arbitrary JavaScript in the browser. The two fixes for Framemaker could be exploited to allow arbitrary code execution, as could the five memory corruption flaws fixed in InDesign. Read more in:

CodeMeter Vulnerabilities. US-CERT has released industrial control systems (ICS) advisory warning of multiple vulnerabilities affecting Wibu-Systems CodeMeter. The flaws could be exploited “to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code execution, read heap data, and prevent normal operation of third-party software dependent on the CodeMeter.” Read more in:

Bluetooth Vulnerability. A high-severity flaw in the pairing process for Bluetooth implementations 4.0 – 5.0 could be exploited to snoop on vulnerable devices. Devices that use the pairing process, known as Cross-Transport Key Derivation (CTKD) in implementations supporting pairing and encryption with both Bluetooth BR/EDR and LE in Bluetooth Specifications 4.2 through 5.0, are vulnerable to key overwrite. Attackers would need to be within wireless range of targeted devices. Read more in:

Lisa Turnbull Published by Lisa Turnbull

, always been a Windows lover since her childhood days. I have always been enthusiastic about emerging technologies, especially Artificial Intelligence (AI), Data Science and Machine Learning. I am working as a freelancer on numerous technical projects.