Bipartisan Coalition of State Governors Announce Cyber Talent Discovery and Scholarship Program For High School Students. Governors from Texas, North Dakota, Alabama, New Jersey, Utah, Idaho, Maryland, and Virginia announced CyberStart America – enabling all high school students in their states to discover whether they have an aptitude to excel in cybersecurity and to win millions in college scholarships. Read more in:
- Governor Abbott Announces Partnership With CyberStart America To Promote Cybersecurity Career Track For Texas High School Students
- Scholarship Program
- Talent Search
Vermont National Guard Called in to Help with Hospital Recover from Ransomware. Vermont’s governor has called in the state’s Army National Guard’s Combined Cyber Response Team to help the University of Vermont Health Network respond to a ransomware attack that affected six area hospitals. Read more in:
- National Guard to Help Vermont Health Network After Cyber-Attack
- Guard Cyber Team to Help Respond to Hospitals Cyberattack
Brazilian Courts Suffer Ransomware Attack. The computer network of Brazil’s Superior Court of Justice was the victim of a ransomware attack earlier this week. The country’s Secretariat for Information and Communication Technology (STI) is working to recover affected systems. A Brazilian journalist said that other Brazilian government agencies are offline. Read more in: Brazil’s court system under massive RansomExx ransomware attack
Mattel Discloses Ransomware Attack. Toy manufacturer Mattel has disclosed that its network was hit with a ransomware attack in late July. The company revealed the information in a form 10-Q filing with the US Securities and Exchange Commission (SEC). Read more in:
- Toy maker Mattel discloses ransomware attack
- Toymaker Mattel Hit by Ransomware Attack
- Nothing is sacred: Ransomware attack hit toy maker Mattel’s systems this summer
- United States Securities and Exchange Commission | Form 10-Q | Mattel, Inc.
Campari Group Network Hit With Ransomware. Italian beverage company Campari Group disclosed that ransomware infiltrated its network on Sunday, November 1. The company said that it isolated affected systems and temporarily suspended IT services, and that it plans to wipe and restore affected systems. Read more in: Italian beverage vendor Campari knocked offline after ransomware attack
Private Prison Operator Discloses Ransomware Attack. A company that operates private prisons says it was the victim of a ransomware attack. GEO Group says that attackers may have stolen data during the incident, which occurred in August 19, 2020. The company’s 120 facilities include several US immigration and Customs Enforcement (ICE) detention centers. The information was disclosed in a form 8-K filing with the US Securities and Exchange Commission (SEC). Read more in:
- Private Prison Operator GEO Group Discloses Data Breach
- Company that runs US illegal immigration detention centers discloses ransomware attack
- United States Securities and Exchange Commission Form 8-K | The GEO Group, Inc.
Chrome Zero-days are Being Actively Exploited. Google has fixed vulnerabilities in its Chrome Browser that are being actively exploited. Users of the Chrome browser for Windows, macOS, and Linux should update to Chrome version 86.0.4240.183; users of Chrome for Android should update to Chrome version 86.0.4240.185. Read more in:
- If you’re an update laggard, buck up: Chrome zero-days are being exploited in the wild
- After two zero-days in Chrome desktop, Google patches a third zero-day in the Android version
- Google fixes two more Chrome zero-days that were under active exploit
- Two Chrome Browser Updates Plug Holes Actively Targeted by Exploits
Adobe Acrobat and Reader Updates Fix Flaws, Remove Insert Flash Option. Adobe has released updates to address a total of 14 security issues in Reader and Acrobat. Four of the vulnerabilities are rated critical; they could be exploited to allow “arbitrary code execution in the context of the current user.” The updates also remove the Embed Flash and Insert Media options from the PDFMaker menu. Read more in:
- Adobe Warns Windows, MacOS Users of Critical Acrobat and Reader Flaws
- Adobe kills Flash in Acrobat and Reader – pushes out these critical security bug fixes
- Was that November’s Patch Tuesday? Already? Oh, no, it’s just Adobe issuing 14 emergency security fixes
- Security Updates Available for Adobe Acrobat and Reader | APSB20-67
- Reader & Acrobat November 2020 Release (DC Continuous, Acrobat 2020 & Acrobat 2017)
- What’s new in Acrobat DC
DoJ Seizes $1 Billion in Silk Road-related Cryptocurrency. A Bitcoin wallet was mysteriously relieved of 1 billion USD worth of the cryptocurrency on November 3. The action was revealed to be the work of the US Department of Justice (DoJ). The funds in the wallet were linked to Silk Road, the darknet marketplace that was shut down in 2013. The funds appear to have been stolen from Silk Road prior to the founder’s trial and sentencing. The person who stole the funds, identified only as Individual X, has signed a Consent and Agreement to Forfeiture. Silk Road’s founder is currently serving two life sentences in prison. Read more in:
- The Feds Seized $1 Billion in Stolen Silk Road Bitcoins
- U.S. Feds Seized Nearly $1 Billion in Bitcoin from Wallet Linked to Silk Road
- The feds just seized Silk Road’s $1 billion stash of bitcoin
- US govt behind $1 billion Bitcoin transfer of Silk Road funds
Massachusetts Votes to Grant Third-Party Access to Wireless Car Repair Data. Massachusetts has voted to extend the state’s automotive right-to-repair law to connected car platforms and telematics. The initial right to repair automotive law passed in 2013 and took effect in 2018. It requires that all vehicles sold in Massachusetts have a “non-proprietary vehicle interface device” to allow repair businesses to access mechanical data. The newly passed ballot initiative will allow car owners and independent repair businesses access to wireless vehicle maintenance and repair information. Read more in:
- Connected cars must be open to third parties, say Massachusetts voters
- SecuRepairs Celebrates Huge Win for Right To Repair in Massachusetts
- Episode 193: Repair, Cyber and Your Car with Assaf Harel of Karamba Security
Update Available for WordPress Welcart eCommerce Plugin. A critical vulnerability in the Welcart eCommerce WordPress plugin could be exploited to inject a PHP Object. The plugin’s publisher was notified of the issue earlier this month and released an updated version, Welcart eCommerce 1.9.36, on October 20. Read more in: Object Injection Vulnerability in Welcart e-Commerce Plugin
Apple Releases Update to Fix Three Actively Exploited Flaws in iOS, macOS. Apple has updated its mobile and desktop operating systems to fix three security flaws that are being actively exploited. The three vulnerabilities were detected by Google’s Project Zero, which gives developers just seven days to fix flaws that are being exploited in the wild. Users are urged to update their devices to iOS 14.2 and macOS 10.15.7. Updates are also available for iPadOS, watchOS, and for older iPhones. Read more in:
- Apple patches iOS against 3 actively exploited 0-days found by Google
- Apple fixes three iOS zero-days exploited in the wild
- Apple emits iOS, iPadOS, watchOS, macOS patches to fix three hijack-my-device flaws exploited in the wild
Google Drive Collaboration Feature is Being Exploited by Bad Actors. Bad actors are exploiting a legitimate feature in Google Drive to send emails and push notifications that lead to Google docs that contain malicious links. Google Drive’s collaboration feature lets users send messages to invite others to share a Google doc. The push notifications used in this scheme lead to malicious docs; the email messages include the malicious link. Read more in:
- Beware a New Google Drive Scam Landing in Inboxes
- Scammers Abuse Google Drive to Send Malicious Links
Google Project Zero Discloses Windows Kernel Zero-day. Google’s Project Zero has disclosed a zero-day vulnerability in Windows that is being actively exploited. The high-severity flaw lies in the Windows Kernel Cryptography Driver and can be exploited to escape sandboxes. The Windows flaw is being exploited in attacks that combine it with a recently-disclosed vulnerability in Chrome. Microsoft has not yet released a fix for the issue. Google gave Microsoft seven days to produce a patch, which is its policy when the vulnerability is being actively exploited. Read more in:
- Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape
- Google’s Project Zero discloses Windows 0-day that’s been under active exploit
- Google discloses Windows zero-day exploited in the wild
- Windows kernel zero-day disclosed by Google’s Project Zero after bug exploited in the wild by hackers
- Google Discloses Unpatched Windows Flaw Used in Attacks
- Issue 2104: Windows Kernel cng.sys pool-based buffer overflow in IOCTL 0x390400
Oracle Releases Emergency Fix for WebLogic Server Vulnerability. Oracle has released a patch for address a critical remote code execution flaw that affects multiple versions of Oracle WebLogic Server. The US Cybersecurity and Infrastructure Security Agency (CGISA) is urging users and admins to apply the updates. Read more in:
- Oracle Releases Out-of-Band Security Alert
- Oracle issues emergency patch for critical WebLogic Server flaw
- Oracle Security Alert Advisory – CVE-2020-14750
WordPress Releases Multiple Security Updates. Last week, WordPress pushed out a security update, WordPress 5.5.2, which was intended to address a critical remote code execution issue and nine other vulnerabilities. The update caused problems installing WordPress on new sites. After learning of the issue, WordPress halted the rollout, which inadvertently caused a pre-release version of WordPress 5.5.3, (5.5.3-alpha) to be pushed out WordPress has now released WordPress 5.5.3. Read more in:
- Emergency WP 5.5.3 Release
- WordPress Pushes Out Multiple Flawed Security Updates
- This WordPress update might have caused your website to go berserk
UK’s ICO Fines Marriott £18.4m Over Four-Year Data Breach. The UK Information Commissioner’s Office (ICO) has fined Marriott £18.4 million (USD 23.8 million) over a data breach that compromised information belonging to millions of customers. In 2014, hackers gained access to Starwood databases that held customer data. (Marriott acquired Starwood in 2016.) The system remained compromised through 2018. The number of customers affected is believed to be 339 million. Approximately seven million of those are UK citizens. The fine is significantly lower than the originally proposed £99m (USD 128 million) largely because of the economic situation created by the COVID pandemic. Read more in:
- Marriott fined £18.4 million by UK watchdog over customer data breach
- Marriott fined £0.05 for each of the 339 million hotel guests whose data crooks were stealing for four years
Wroba Mobile Banking Trojan Spreads Though Text Messages. The Wroba banking trojan spreads through text massages to infect mobile phones. It targets both iPhones and Android-based phones. Wroba is not new; it has mainly been used to target users in the APAC region. A campaign targeting US users was detected on October 29. The malicious text messages are often phony package delivery notifications. If users click on the link included in the message, the infection process begins. Read more in:
- New Wroba Campaign Is Latest Sign of Growing Mobile Threats
- Wroba mobile banking trojan targets US smartphones
- Wroba Mobile Banking Trojan Spreads to the U.S. via Texts
Canadian Mall Customers’ Images Collected Without Their Knowledge. A real estate firm that owns shopping malls in Canada collected images of shoppers in 12 of those malls and used “anonymous video analytics” (AVA) facial recognition technology to convert the images into individual biometric representations of each face. An investigation conducted by Canadian privacy commissioners revealed that the AVA service provider had collected and stored approximately five million numerical representations of faces on behalf of Cadillac Fairview Corporation Limited (CFCL). The data were stored on on a decommissioned server, for no apparent purpose and with no justification. Read more in: Mall real estate company collected 5 million images of shoppers, say privacy watchdogs
Precious Metals Dealer JM Bullion Hit with Skimmer Attack. JM Bullion, a Texas-based company that deals in precious metals, has notified its customers that their personal information may have been stolen in a breach earlier this year. The company became aware of the issue on July 6, although the hackers had been in the system since February. The malicious code used to steal information was present on the JM Bullion from February 18 through July 17. Read more in:
- Gold seller JM Bullion hacked to steal customers’ credit cards
- Gold Dealer JM Bullion Discloses Months-Long Payment Card Breach
- Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach
UHS Ransomware Recovery. Universal Health Services (UHS) says it has recovered from a late September 2020 ransomware attack that affected the organization’s facilities in the US. In both the company’s third quarter financial report and in a form 8-K filing with the US Securities and Exchange Commission (SEC), UHS writes, “as a result of this cyberattack, we suspended user access to our information technology applications related to operations located in the United States,” and “since that time, our information technology applications have been restored at our acute care and behavioral health hospitals.” Read more in:
- UHS restores hospital systems after Ryuk ransomware attack
- United States Securities And Exchange Commission | Form 8-K
- Universal Health Services, Inc. Reports 2020 Third Quarter Financial Results
Hackers Stole US Voter Registration Data. On October 30, the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI jointly released an alert offering additional information about an Iranian cyber threat actor targeting state websites. “The actor successfully obtained voter registration data in at least one” of the systems they scanned earlier this fall. Read more in:
- Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data
- U.S. Says Iranian Hackers Accessed Voter Information
- Iranian hackers probed election-related websites in 10 states, US officials say
Montreal Transit Agency Says it Will Not Pay Ransom. The hackers behind an attack that took down Société de transport de Montréal (STM) servers in mid-October are demanding a payment of USD 2.8 million. The attack caused an outage of more than two-thirds of the Montreal transit agency’s servers; a reservation system for adapted transportation was rendered unavailable. While the STM website is still down, the adapted transportation reservation system is now operational. STM says it does not intend to pay the ransom. Read more in:
- Montreal Metro Hacker Demands $2.8m Ransom
- STM says it refused hackers’ $2.8M demand in ransomware attack
Chatham County, NC Government Network Hit with “Cyber Incident”. The Chatham County, North Carolina, communication system experienced a “cyber incident” on Wednesday, October 28. The county’s government network, including email and phone lines, were rendered unavailable. The incident did not affect 911 emergency services or early voting. The Chatham County manager released a statement on October 30, saying the incident “is still under investigation [and] Chatham County’s Management and Information Systems (MIS) Department, along with federal, state and local partners continue working to restore the affected systems.” Read more in:
