Cybersecurity News Headlines Update on October 09, 2020

DHS Acting Secretary Speaks About Election Security. US Department of Homeland Security (DHS) Acting Secretary Chad Wolf told an audience at the Cybersecurity and Infrastructure Security Agency’s (CISA) Cyber Summit 2020 that DHS has “not identified any threats that would prevent Americans from voting, or that would change vote tallies.” He also noted that final election tallies may not be available on election night. Ninety-two percent of jurisdictions are using voting systems with auditable paper trails. Read more in: DHS Sees No Threat to Vote Tallies, Warns of Election Outcome Lag

Ransomware Closes Schools in Massachusetts. Springfield (Massachusetts) Public Schools have been closed in the wake of a ransomware attack on its IT network. Students were told to shut down district-owned devices. The district has been teaching remotely since the start of the school year. Read more in: Massachusetts school district shut down by ransomware attack

SEC Agrees to Settle Complaint Against Trader Who Used Stolen Data. The US Securities and Exchange Commission (SEC) has agreed to settle a complaint against Kyungja Cho, a trader who used information stolen in a hack of the SEC’s EDGAR filing system to conduct lucrative transactions. Settlement agreements must be reviewed and approved by SEC Commissioners before they become binding. Read more in:

Wisepay Pulls Site Offline After Spoofing Attempt. Wisepay, a UK school payments company, took its website offline after it became aware that someone was attempting to spoof its card payment page. The website has been “down for maintenance” since Sunday, October 4; on Monday, the site displayed a “down for maintenance” message. Read more in:

Kraken Fileless Malware Exploits Windows Error Reporting. A fileless attack method, dubbed Kraken, hides itself in the Microsoft Windows Error Reporting (WER) service to evade detection. The malware is spreading through a phishing campaign; the messages purport to be information about a worker’s compensation claim. Read more in:

UHS is Restoring Networks After Cyberattack. Universal Health Services is restoring services to facilities affected by a cyberattack that began on September 27. According to an October 5 statement from UHS, “the UHS IT Network has been restored and applications are in the process of being reconnected.” Read more in:

US Seizes Domains Associated with Disinformation Campaigns. The US Department of Justice (DoJ) has announced the takedown of 92 domains owned by Iran’s Islamic Revolutionary Guard Corps (IRGC); several of the domains have been used to spread propaganda in the US. All 92 of the domains were being used in violation of sanctions against Iran and against IRGC. Read more in:

Boom! Mobile Acknowledges Skimming. A page on the Boom! Mobile telecommunications company website has been infected with malware that steals payment card information and sends it to a server controlled by criminals. Boom! Mobile is urging customers who made purchases between September 30 and October 5, 2020, “to take the necessary precautions with their credit card company.” Boom!’s shopping cart provider said that the malware has been removed. Read more in:

Cisco Security Updates Include Fixes for Three High Severity Flaws. Cisco has made fixes available to address three high-severity vulnerabilities affecting the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras, Webex Teams for Windows, and the Cisco Identity Services Engine. Cisco has also released security updates to address 11 medium security vulnerabilities in a variety of products. Read more in:

Adobe Creative Cloud Outage. An outage is preventing Adobe Creative Cloud users from logging in or accessing stored data and applications to which they subscribe. The problem began at about 9:30am EST. Adobe acknowledged the issue on the status.adobe.com page but has not offered details. Read more in: Adobe Creative Cloud down: Users report login, data access issues

Azure App Services Flaws. A pair of security flaws in Azure App Services could be exploited to take control of vulnerable administrative servers. Microsoft was notified of the flaws in July and has fixed the issues. Read more in:

Europol: Ransomware Attacks are Going Unreported. According to a report from Europol, many ransomware attacks are not reported to police. In some cases, organizations targeted by ransomware bring in “private sector security firms” to manage the response to the attack. The Internet Organised Crime Threat Assessment 2020 “provides a unique law enforcement focused assessment of emerging challenges and key developments in the area of cybercrime.” Read more in:

Ransomware Attack Affects Software Used in COVID Treatment Clinical Trials. A ransomware attack affecting eResearchTechnology (ERT) has impacted clinical trials of potential COVID treatments. ERT sells software that is used in clinical trials. The attack did not affect the patients participating in the trials, but organizations using the software were unable to access their digital data and resorted to recording information with pen and paper. Read more in:

NJ Hospital Paid Ransom to Stop More Data from Being Leaked. A hospital in New Jersey paid ransomware operators $670,000 to not publish data they had stolen during a ransomware attack that took place in early September. University Hospital New Jersey (UHNJ) in Newark, NJ, paid the demanded ransom after the ransomware actors published 48,000 documents they had stolen in September. The ransomware operators agreed to provide UHNJ with a decryption key, a security report, the stolen data, and a promise not to attack the hospital again. Read more in: New Jersey hospital paid ransomware gang $670K to prevent data leak

Microsoft Provides More Information About Last Week’s Office 365 Outage. According to a preliminary report from Microsoft, last week’s Office 265 outage was caused by an improperly deployed Azure Active Directory (AD) service update. The September 28 outage prevented users from accessing Microsoft apps and services for several hours. Read more in:

FBI: Chinese Hackers Targeting Users with US Government Security Clearances. The FBI is warning that hackers with ties to China’s government are targeting individuals with US government security clearances through social media sites. The document’s resources include a list of indicators that you are being targeted and suggestions of steps to take to protect yourself. Read more in: The China Threat: Foreign Intelligence Services Use Social Media Sites to Target People with Security Clearances

Telstra Apologizes for Inadvertent BGP Hijacking. Australian telecommunications company Telstra has apologized for a technical error that caused some traffic bound for the ProtonMail encrypted mail service to be diverted through Telstra’s servers. The inadvertent Border Gateway Protocol (BGP) hijacking occurred when “a technical error early on Wednesday morning (AEST) [caused] approximately 500 IPv4 prefixes [to be] incorrectly advertised as Telstra’s.” Once Telstra realized what was happening, they fixed the problem. Read more in: Aussie telco Telstra says soz after accidentally diverting traffic meant for encrypted email biz through its servers

Visa Security Alert: New Malware Samples Found in Point-of-Sale Terminal Compromises. According to a Security Alert from Visa, the company’s Payment Fraud Department “analyzed malware samples recovered from the independent compromises of two North American merchants.” The attackers targeted the point-of-sale (POS) systems of the two unnamed companies. The incidents occurred earlier this year; both victims are in the hospitality industry. Read more in:

Ttint Botnet Exploits Unpatched Flaws in Tenda Routers. A pair of zero-day vulnerabilities in Tenda routers are being exploited to spread a variant of the Mirai Internet of Things (IoT) botnet known called Ttint. Ttint is capable of launching distributed denial-of-service (DDoS) attacks as well as spreading remote access trojans (RATs) and spyware. Read more in:

WordPress: Vulnerabilities Fixed in Post Grid and Team Showcase Plugins. Developers of the Post Grid and Team Showcase WordPress plugins have released updated version to address two high severity security issues – a cross-site scripting flaw and a PHP object-injection issue – that affect both plugins. Users are urged to update to Post Grid version 2.0.73 and Team Showcase version 1.22.16. Read more in:

International Maritime Organization Hit by Cyberattack. The United Nations agency for regulating international shipping, the International Maritime Organization (IMO), experienced a cyberattack at the end of September. The agency’s Global Integrated Shipping Information Systems (GISIS) database, document repository IMODOCS, and its Virtual Publications service were temporarily unavailable. According to an IMO statement, “The interruption of web-based services was caused by a sophisticated cyber-attack against the Organization’s IT systems that overcame robust security measures in place.” Read more in:

“Technical Issue” Delays Reporting of COVID Test Results in England. Public Health England (PHE) has acknowledged that a “technical issue” caused nearly 16,000 cases of COVID from being reported between September 25 and October 2. PHE aggregates test result data from both public and private entities and publishes daily statistics. While the people who tested positive received their results in a timely manner, the error delayed contact-tracing efforts. PHE has not confirmed the source of the problem; reports in several news sources suggest that it was due to limits on the size of Excel files. Read more in:

US Treasury Advisory: Sanction Risks for Paying Ransomware Operators. According to a recent advisory from the US Treasury Department’s Office of Foreign Assets Control, organizations that pay ransomware demands to certain groups could be fined if the recipients of the payments are under economic sanctions. The rule applies not only to the organizations that suffer the attacks, but also to the third-party companies they bring in to help manage the problem. Read more in:

Universal Health Services Still Working on Restoring Systems After Ransomware Attack. As of Thursday, October 1, Universal health Services (UHS) is still “work[ing] through an IT network security issue caused my malware.” The attack began over the weekend; UHS shut down its network to prevent the malware from spreading further. While UHS has facilities in the UK and the US, the issue affects only US facilities. Read more in:

Lawrence General Hospital Investigating “Data Security Incident”. Lawrence General Hospital (LGH) in Massachusetts is working with a third-party forensic organization to investigate a “data security incident” that took place in mid-September. During the incident, LGH took its systems offline to secure its data. The hospital was able to continue to care for patients, but those arriving by ambulance were diverted to other facilities for approximately 36 hours. Read more in: Massachusetts Hospital Investigates ‘Data Security Incident’

Pakistan Power Company Data Published Following Ransomware Attack. Ransomware operators have published data stolen from Pakistan’s K-Electric power company. K-Electric suffered a ransomware attack last month and did not pay the $3.85 million demanded as ransom. The September 7th attack disrupted the company’s billing services but did not interrupt power supply. Read more in: Hackers leak files stolen in Pakistan’s K-Electric ransomware attack

Swatch Group Acknowledges Cyberattack. Swatch Group, the Swiss company that makes the eponymous watches, says that its network was hit with a cyberattack over the weekend. Once the company detected the attack, it shut down IT systems to prevent further damage. Swatch group did not provide details about the nature of the attack. Read more in:

Nikulin Sentenced. A judge in California has sentenced Yevgeniy Nikulin to more than seven years in prison for his role in hacking into and stealing data from LinkedIn, Dropbox, and Formspring. He will be credited for time served following his arrest. Read more in:

North Korean Hackers Targeted UN Security Council Members in Phishing Attacks. According to a report from the United Nations (UN), a hacking group with alleged ties to North Korea’s government has been launching phishing attacks against UN Security Council members earlier this year. At least 28 individuals have been targeted. Read more in: North Korea has tried to hack 11 officials of the UN Security Council

US 911 Emergency System Outage. An outage affecting 911 emergency system availability in more than a dozen US states on Monday, September 28 appears not to be related to a Microsoft outage the same day, as some had speculated. Instead, the issues are likely due to an issue with Intrado, a company that provides 911 and emergency communications infrastructure, systems, and services or with Lumen, its service provider. Read more in: Who’s Behind Monday’s 14-State 911 Outage?

Unpatched Exchange Servers. Nearly 250,000 Internet-facing Microsoft Exchange Servers remain unpatched against a critical remote code execution flaw in the Exchange Control Panel component. Microsoft released a fix for the issue nearly eight months ago. In March, the US Cybersecurity and Infrastructure Security Agency (CISA) and the NSA both urged organizations to patch the vulnerability as it was already being exploited in the wild. Read more in:

Zerologon Attacks Spike. Cisco Talos has noted a significant increase in attempts to exploit the Zerologon vulnerability. The privilege elevation flaw can be exploited to take control of Active Directory identity services. Microsoft has released an updated instructions for patching the vulnerability. Read more in:

QNAP Warns of AgeLocker Ransomware Targeting its NAS Devices. An advisory from QNAP warns of ransomware attacks targeting its network attached storage (NAS) devices. Dubbed AgeLocker, the ransomware exploits a vulnerability in older versions of the Photo Station app. The advisory includes update instructions to secure vulnerable devices. Read more in:

Blackbaud SEC Filing Discloses That Breach Compromised Bank Account Data. Months after disclosing a ransomware attack that compromised data belonging to many clients, customer relationship management (CRM) software provider Blackbaud is now acknowledging that the attackers may have accessed more than just names and email addresses. Bank account information may have been compromised. The additional information came to light in an 8-K filing Blackbaud made with the US Securities and Exchange Commission (SEC) on September 29. The attack occurred in May. Blackbaud paid a ransom demand after the attackers said they destroyed the purloined data. Read more in:

ConnectWise partnered with HackerOne, has launched the bug bounty program aims to improve ConnectWise’s internal testing practices by detecting security vulnerabilities in its remote management software.

Shopify disclosed a data breach incident impacted to “less than 200” merchants involving two insider threats, but questions remain about the breach and how it was discovered, according to Shopify Incident Update.

Microsoft detected Netlogon vulnerability exploitation which already disclosed and patched by Microsoft last month using phased two-part rollout, according to security update published. The first part of the deployment was executed in the August Patch Tuesday security update. The second phase is planned for the first quarter of 2021.

Netlogon Elevation of Privilege Vulnerability dubbed “Zerologon” and identified as CVE-2020-1472, rated the maximum CVSS severity of 10, which allows hackers to essentially become a domain administrator and gain access to enterprise networks.

Published by Julie Robert

, passionate about technology, Windows, and everything that has a power button, I spent most of the time to develop new skills and learning more about the tech world because I derive great satisfaction from helping readers eliminate technological headaches that plague their day-to-day lives.