Skip to Content

Cybersecurity News Headlines Update on November 06, 2020

Bipartisan Coalition of State Governors Announce Cyber Talent Discovery and Scholarship Program For High School Students. Governors from Texas, North Dakota, Alabama, New Jersey, Utah, Idaho, Maryland, and Virginia announced CyberStart America – enabling all high school students in their states to discover whether they have an aptitude to excel in cybersecurity and to win millions in college scholarships. Read more in:

Vermont National Guard Called in to Help with Hospital Recover from Ransomware. Vermont’s governor has called in the state’s Army National Guard’s Combined Cyber Response Team to help the University of Vermont Health Network respond to a ransomware attack that affected six area hospitals. Read more in:

Brazilian Courts Suffer Ransomware Attack. The computer network of Brazil’s Superior Court of Justice was the victim of a ransomware attack earlier this week. The country’s Secretariat for Information and Communication Technology (STI) is working to recover affected systems. A Brazilian journalist said that other Brazilian government agencies are offline. Read more in: Brazil’s court system under massive RansomExx ransomware attack

Mattel Discloses Ransomware Attack. Toy manufacturer Mattel has disclosed that its network was hit with a ransomware attack in late July. The company revealed the information in a form 10-Q filing with the US Securities and Exchange Commission (SEC). Read more in:

Campari Group Network Hit With Ransomware. Italian beverage company Campari Group disclosed that ransomware infiltrated its network on Sunday, November 1. The company said that it isolated affected systems and temporarily suspended IT services, and that it plans to wipe and restore affected systems. Read more in: Italian beverage vendor Campari knocked offline after ransomware attack

Private Prison Operator Discloses Ransomware Attack. A company that operates private prisons says it was the victim of a ransomware attack. GEO Group says that attackers may have stolen data during the incident, which occurred in August 19, 2020. The company’s 120 facilities include several US immigration and Customs Enforcement (ICE) detention centers. The information was disclosed in a form 8-K filing with the US Securities and Exchange Commission (SEC). Read more in:

Chrome Zero-days are Being Actively Exploited. Google has fixed vulnerabilities in its Chrome Browser that are being actively exploited. Users of the Chrome browser for Windows, macOS, and Linux should update to Chrome version 86.0.4240.183; users of Chrome for Android should update to Chrome version 86.0.4240.185. Read more in:

Adobe Acrobat and Reader Updates Fix Flaws, Remove Insert Flash Option. Adobe has released updates to address a total of 14 security issues in Reader and Acrobat. Four of the vulnerabilities are rated critical; they could be exploited to allow “arbitrary code execution in the context of the current user.” The updates also remove the Embed Flash and Insert Media options from the PDFMaker menu. Read more in:

DoJ Seizes $1 Billion in Silk Road-related Cryptocurrency. A Bitcoin wallet was mysteriously relieved of 1 billion USD worth of the cryptocurrency on November 3. The action was revealed to be the work of the US Department of Justice (DoJ). The funds in the wallet were linked to Silk Road, the darknet marketplace that was shut down in 2013. The funds appear to have been stolen from Silk Road prior to the founder’s trial and sentencing. The person who stole the funds, identified only as Individual X, has signed a Consent and Agreement to Forfeiture. Silk Road’s founder is currently serving two life sentences in prison. Read more in:

Massachusetts Votes to Grant Third-Party Access to Wireless Car Repair Data. Massachusetts has voted to extend the state’s automotive right-to-repair law to connected car platforms and telematics. The initial right to repair automotive law passed in 2013 and took effect in 2018. It requires that all vehicles sold in Massachusetts have a “non-proprietary vehicle interface device” to allow repair businesses to access mechanical data. The newly passed ballot initiative will allow car owners and independent repair businesses access to wireless vehicle maintenance and repair information. Read more in:

Update Available for WordPress Welcart eCommerce Plugin. A critical vulnerability in the Welcart eCommerce WordPress plugin could be exploited to inject a PHP Object. The plugin’s publisher was notified of the issue earlier this month and released an updated version, Welcart eCommerce 1.9.36, on October 20. Read more in: Object Injection Vulnerability in Welcart e-Commerce Plugin

Apple Releases Update to Fix Three Actively Exploited Flaws in iOS, macOS. Apple has updated its mobile and desktop operating systems to fix three security flaws that are being actively exploited. The three vulnerabilities were detected by Google’s Project Zero, which gives developers just seven days to fix flaws that are being exploited in the wild. Users are urged to update their devices to iOS 14.2 and macOS 10.15.7. Updates are also available for iPadOS, watchOS, and for older iPhones. Read more in:

Google Drive Collaboration Feature is Being Exploited by Bad Actors. Bad actors are exploiting a legitimate feature in Google Drive to send emails and push notifications that lead to Google docs that contain malicious links. Google Drive’s collaboration feature lets users send messages to invite others to share a Google doc. The push notifications used in this scheme lead to malicious docs; the email messages include the malicious link. Read more in:

Google Project Zero Discloses Windows Kernel Zero-day. Google’s Project Zero has disclosed a zero-day vulnerability in Windows that is being actively exploited. The high-severity flaw lies in the Windows Kernel Cryptography Driver and can be exploited to escape sandboxes. The Windows flaw is being exploited in attacks that combine it with a recently-disclosed vulnerability in Chrome. Microsoft has not yet released a fix for the issue. Google gave Microsoft seven days to produce a patch, which is its policy when the vulnerability is being actively exploited. Read more in:

Oracle Releases Emergency Fix for WebLogic Server Vulnerability. Oracle has released a patch for address a critical remote code execution flaw that affects multiple versions of Oracle WebLogic Server. The US Cybersecurity and Infrastructure Security Agency (CGISA) is urging users and admins to apply the updates. Read more in:

WordPress Releases Multiple Security Updates. Last week, WordPress pushed out a security update, WordPress 5.5.2, which was intended to address a critical remote code execution issue and nine other vulnerabilities. The update caused problems installing WordPress on new sites. After learning of the issue, WordPress halted the rollout, which inadvertently caused a pre-release version of WordPress 5.5.3, (5.5.3-alpha) to be pushed out WordPress has now released WordPress 5.5.3. Read more in:

UK’s ICO Fines Marriott £18.4m Over Four-Year Data Breach. The UK Information Commissioner’s Office (ICO) has fined Marriott £18.4 million (USD 23.8 million) over a data breach that compromised information belonging to millions of customers. In 2014, hackers gained access to Starwood databases that held customer data. (Marriott acquired Starwood in 2016.) The system remained compromised through 2018. The number of customers affected is believed to be 339 million. Approximately seven million of those are UK citizens. The fine is significantly lower than the originally proposed £99m (USD 128 million) largely because of the economic situation created by the COVID pandemic. Read more in:

Wroba Mobile Banking Trojan Spreads Though Text Messages. The Wroba banking trojan spreads through text massages to infect mobile phones. It targets both iPhones and Android-based phones. Wroba is not new; it has mainly been used to target users in the APAC region. A campaign targeting US users was detected on October 29. The malicious text messages are often phony package delivery notifications. If users click on the link included in the message, the infection process begins. Read more in:

Canadian Mall Customers’ Images Collected Without Their Knowledge. A real estate firm that owns shopping malls in Canada collected images of shoppers in 12 of those malls and used “anonymous video analytics” (AVA) facial recognition technology to convert the images into individual biometric representations of each face. An investigation conducted by Canadian privacy commissioners revealed that the AVA service provider had collected and stored approximately five million numerical representations of faces on behalf of Cadillac Fairview Corporation Limited (CFCL). The data were stored on on a decommissioned server, for no apparent purpose and with no justification. Read more in: Mall real estate company collected 5 million images of shoppers, say privacy watchdogs

Precious Metals Dealer JM Bullion Hit with Skimmer Attack. JM Bullion, a Texas-based company that deals in precious metals, has notified its customers that their personal information may have been stolen in a breach earlier this year. The company became aware of the issue on July 6, although the hackers had been in the system since February. The malicious code used to steal information was present on the JM Bullion from February 18 through July 17. Read more in:

UHS Ransomware Recovery. Universal Health Services (UHS) says it has recovered from a late September 2020 ransomware attack that affected the organization’s facilities in the US. In both the company’s third quarter financial report and in a form 8-K filing with the US Securities and Exchange Commission (SEC), UHS writes, “as a result of this cyberattack, we suspended user access to our information technology applications related to operations located in the United States,” and “since that time, our information technology applications have been restored at our acute care and behavioral health hospitals.” Read more in:

Hackers Stole US Voter Registration Data. On October 30, the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI jointly released an alert offering additional information about an Iranian cyber threat actor targeting state websites. “The actor successfully obtained voter registration data in at least one” of the systems they scanned earlier this fall. Read more in:

Montreal Transit Agency Says it Will Not Pay Ransom. The hackers behind an attack that took down Société de transport de Montréal (STM) servers in mid-October are demanding a payment of USD 2.8 million. The attack caused an outage of more than two-thirds of the Montreal transit agency’s servers; a reservation system for adapted transportation was rendered unavailable. While the STM website is still down, the adapted transportation reservation system is now operational. STM says it does not intend to pay the ransom. Read more in:

Chatham County, NC Government Network Hit with “Cyber Incident”. The Chatham County, North Carolina, communication system experienced a “cyber incident” on Wednesday, October 28. The county’s government network, including email and phone lines, were rendered unavailable. The incident did not affect 911 emergency services or early voting. The Chatham County manager released a statement on October 30, saying the incident “is still under investigation [and] Chatham County’s Management and Information Systems (MIS) Department, along with federal, state and local partners continue working to restore the affected systems.” Read more in:

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.