Cybersecurity News Headlines Update on October 16, 2020

Cyber Command’s TrickBot Disruption Efforts are “Precedent-Setting”. US Cyber Command’s efforts to disrupt the TrickBot botnet mark “the first public, obvious operation to stop someone’s cyber capability before it could be used against us to cause even greater harm,” according to Columbia University cyber conflict researcher Jason Healey. Cyber Command severed communication between infected machines and the botnet’s command-and-control servers, and it injected nonsense data into the information TrickBot stole. While the efforts did not cause serious damage to the botnet, the action Cyber Command took “shows the growing reach of US military hackers.” Read more in: A Trickbot Assault Shows US Military Hackers’ Growing Reach

Microsoft’s TrickBot Legal Maneuver Could Help with Botnet Takedowns in the Future. Microsoft, along with several security firms and the Financial Services Information Sharing and Analysis Center (FS-ISAC), also took steps to disrupt TrickBot’s activity. While the efforts only temporarily hindered the botnet’s operations, the court case in which Microsoft was granted control of TrickBot servers did set a new legal precedent that could help take action against botnets more quickly in the future. Read more in: TrickBot botnet survives takedown attempt, but Microsoft sets new legal precedent

New York Dept. of Financial Services Calls for Regulation of Social Media Companies After Twitter Hack. In an investigative report into the July 2020 Twitter cybersecurity incident, the New York Department of Financial Services calls for “public oversight of social media,” to help improve their cybersecurity practices. The report notes that the “Twitter hack demonstrates the need for strong cybersecurity to curb the potential weaponization of major social media companies.” Read more in:

Zoom Will Release Preview of End-to-End Encryption Next Week. Zoom plans to release a technical preview of its end-to-end encryption (E2EE) next week. The company will be “proactively soliciting feedback from users for the first 30 days.” When Zoom’s E2EE is rolled out, the feature will be available to all users. Read more in:

Updates Address Vulnerabilities in PhantomPDF. Updates are available to address four high-severity security flaws in Foxit’s PhantomPDF. Users are urged to upgrade PhantomPDF version 10.1 for Windows and PhantomPDF version 4.1 for Mac. The Us Cybersecurity and Infrastructure Security Agency (CISA) warned of the flaws in a vulnerability summary earlier this month. Read more in:

Barnes and Noble Hit by Cyberattack. US bookseller Barnes & Noble has disclosed a security breach that may have compromised customer data. The company issued a statement, saying, “We have a serious network issue and are in the process of restoring our server backups.” The attack reportedly occurred on October 10. Since then, users of Barnes & Noble’s Nook Digital eBook and eReader platform have said they are unable to access their libraries of eBooks and periodical subscriptions. Read more in:

German Authorities Conduct Raids in Connection with FinFisher Spyware. Earlier this month, German authorities searched 15 homes and businesses in connection with FinFisher, a company that develops and sells surveillance software. The company is being investigated over suspicions that it exported its FinSpy surveillance software to countries without an export license. If this is true, the company could be charged with violating the Foreign Trade and Payments Act. Read more in:

Microsoft’s October 2020 Patch Tuesday. On Tuesday, October 13, Microsoft released updates to address nearly 90 security issues in Windows and Windows-related products. Eleven of the vulnerabilities are rated critical. One of the most concerning flaws, CVE-2020-16898, is a Windows TCP/IP remote code execution vulnerability that has been dubbed “Bad Neighbor.” The vulnerability can be exploited by sending maliciously crafted packets. Read more in:

Adobe Issues Fixes for Another Critical Flash Flaw. Adobe has released updates to fix for a critical flaw in Flash Player that could be exploited to crash vulnerable installations and allow remote code execution. The NULL pointer dereference vulnerability is fixed in versions 32.0.0.445 of Flash Player products. Read more in:

Adobe Releases Updates to Fix Nine Flaws in Magento. A pair of critical vulnerabilities in Adobe’s Magento eCommerce platform could be exploited to gain read/write access to the database or to execute arbitrary code. These flaws, along with seven other less severe issues, affect both Magento Commerce, which has a licensing fee, and Magento Open Source, which does not. Adobe has released updates to address the vulnerabilities. Read more in:

Microsoft Uses Trademark Law In An Attempt To Disrupt TrickBot Botnet

The TrickBot botnet has infected over a million servers and is used to spread ransomware, notably the Ryuk ransomware that has been infecting organizations like healthcare providers.

A court in Virginia has granted Microsoft permission to seize many of the operating control servers TrickBot uses to deploy malware, based on claims that they are abusing Microsoft’s trademarks. Microsoft argued that Trickbot irreparably harms the company “by damaging its reputation, brands, and customer goodwill.” As a result, they’ve taken over some of the servers, and shut them down.

Microsoft said that they don’t expect their action to permanently disrupt it, but they’re doing all they can to make the operator’s lives harder. The cybersecurity firm Intel 471 agreed, stating that “It is highly likely a takedown of the Trickbot infrastructure would have little medium- to long-term impact on the operation of Trickbot.” Refer to the legal filings from Microsoft here.

CISA: Hackers are Chaining Long-Known Vulnerabilities to Attack Government Networks. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning that hackers have been using a combination of vulnerabilities in several different VPNs along with the Windows Netlogon vulnerability to gain access to government networks. The advisory notes that there have been “some instances where this activity resulted in unauthorized access to elections support systems,” but that the integrity of election data has not been compromised. The advisory includes advice for protecting systems. Read more in:

Software AG Recovering From Ransomware Attack. German software company Software AG was hit with a ransomware attack on October 3. The ransomware operators encrypted files and demanded more than $20 million in return for the decryption key. Software AG attempted to negotiate with the attackers; after the communication broke down, the attackers published screenshots of what they say are data stolen from the company. Software AG says that the attack affected its internal network, but that customer services were not affected. Read more in:

US Senator Demands Answers on Healthcare Ransomware Attacks. In the wake of a ransomware attack that affected multiple Universal Health Services (UHS) healthcare facilities, US Senator Mark Warner (D-Virginia) has written a letter to the CEO expressing “grave concerns” about the attack. Warner is seeing answers to a number of questions, including a description of UHS’s vulnerability management process, how various UHS networks are segmented and isolated, and whether the company has paid a ransom demand. Read more in:

Carnival Acknowledges Data Theft from Ransomware Attack. Carnival Corporation has acknowledged that ransomware actors who launched an attack on the cruise line operator’s network in August also stole personal data. Carnival disclosed the attack in a US Securities and Exchange Commission (SEC) filing on August 17, 2020. On October 8, 2020, Carnival filed an additional SEC form that acknowledged that the attackers accessed customer and employee information. Read more in: Largest cruise line operator Carnival confirms ransomware data theft

Ransomware Operators Post School District Data Online. Maze ransomware operators have published data stolen from Fairfax County (Virginia) Public Schools. The information about students and employees was taken during a September 2020 attack. Read more in:

DHS Homeland Threat Assessment Report Reveals Hackers Targeted Census Bureau. The US Department of Homeland Security says that hackers targeted the US Census Bureau’s computer network several times over the last year. The information was disclosed in a Homeland Threat Assessment report released last week. In addition to the threats posed to the US democratic process, the Cyber Threat to the Homeland section of the report also addresses nation state threats, cybercrime, and opportunities for cyber actors to exploit COVID-19. Read more in:

Electrum Bitcoin Wallet Scam. Cybercriminals are targeting users of the Electrum cryptocurrency app. They send users what appears to be an update for the app, but which actually transfers the contents of the wallet to one controlled by the attackers. Over the past two years, the thieves have stolen more than $22 million. Read more in: Bitcoin wallet update trick has netted criminals more than $22 million

Disrupting TrickBot. Microsoft, ESET, Black Lotus Labs, and Symantec worked with the Financial Services Information Sharing and Analysis Center (FS-ISAC) to disrupt the TrickBot botnet. The organizations obtained a court order allowing them to seize TrickBot command-and-control servers. US Cyber Command has also taken steps to disrupt the TrickBot botnet by sending out configuration files that cut off communications between the infected machines and the command-and-control servers. Read more in:

Governments Call for Encryption Backdoors. An “International Statement” calls for technology companies to provide a means for law enforcement to access communications protected by end-to-end encryption. The statement is signed by justice officials from the Five Eyes intelligence alliance – the UK, the US, Canada, Australia, and New Zealand – and from Japan and India. Read more in:

GAO: FAA Needs to Improve Avionics Cybersecurity Oversight. A report from the US Government Accountability Office (GAO) says that the Federal Aviation Administration (FAA) needs to strengthen its avionics cybersecurity oversight program. Avionics systems share information, including weather and positioning data, with “pilots, passengers, maintenance crews, other aircraft, and air-traffic controllers.” As the systems become increasingly interconnected, the surface for cyberattacks also increases. Read more in:

Published by Julie Robert

, passionate about technology, Windows, and everything that has a power button, I spent most of the time to develop new skills and learning more about the tech world because I derive great satisfaction from helping readers eliminate technological headaches that plague their day-to-day lives.