Cybersecurity News Headlines Update on November 24, 2020

GoDaddy Employees Tricked Into Changing DNS Settings for Cryptocurrency Domains. Attackers used social engineering to trick employees at domain name registrar GoDaddy into transferring control of several cryptocurrency-related domains. The bad actors managed to gain access to some Liquid.com customer data. NiceHash noticed traffic was being redirected. The company froze customer accounts for 24 hours while it ensured that the domain settings were returned to normal. Read more in:

Tesla Bluetooth Vulnerability Could be Exploited to Steal Model X Vehicles. The keyless entry system for Tesla Model X automobiles is vulnerable to a Bluetooth attack that could be exploited to steal a Model X. The attack involves a flaw in the firmware update process for Tesla Model X key fobs. Telsa will start pushing out over-the-air updates for the affected key fobs this week. Read more in:

VMware Working on Fixes for Critical Privilege Elevation Vulnerability. A critical privilege elevation vulnerability in six VMware products could be exploited to “execute commands with unrestricted privileges on the underlying operating system.” VMware has released workarounds as a temporary solution until patches are available. Read more in:

VMware Issues Patches for ESXi Hypervisor Vulnerabilities. VMware has released fixes for multiple flaws affecting its ESXi hypervisor. A critical use-after-free vulnerability could be exploited “to execute code as the virtual machine’s VMX process running on the host.” An important privilege elevation vulnerability affects the way some system calls are managed. Both of the vulnerabilities were discovered during the Tianfu Cup Hacking Challenge earlier this month. Read more in:

Ransomware Attack Against Managed.com Affects Local Governments. The ransomware attack against the network of hosting provider Managed.com has affected local governments in the US. The company took down its web hosting services after becoming aware of the attack last week. That action has rendered some Managed.com client websites unavailable. The affected organizations include some local governments in Indiana, North Carolina, and Oregon. The website of the Arizona Judicial Branch has also been affected. Read more in:

Brazilian Superior Electoral Court System Recovers from Ransomware Attack. Brazil’s Superior Electoral Court has its IT systems fully operational following a ransomware attack that hit on November 3. The court was operating “with limited functionality” before November 20. The incident is being called “the worst-ever” cyberattack suffered by a Brazilian government department. Read more in: Brazilian government recovers from “worst-ever” cyberattack

South Korean Retailer E-Land Suffers Ransomware Attack. E-Land, a South Korean retail company, has temporarily suspended operations at 23 of its NC Department Stores and NewCore Outlet stores in the wake of a ransomware attack. The ransomware was activated on systems at E-Land headquarters on November 22. Read more in: Ransomware forces E-Land South Korean retail giant to close stores

Manchester United Says Cyberattack is Disrupting IT Systems. On Friday, November 20, the Manchester United football club has disclosed that its network experienced a cyberattack that is causing “ongoing IT disruption.” The incident is under investigation. Manchester United said “All critical systems required for matches to take place” over the weekend were operational. Read more in:

Romanian Police Arrest Malware Purveyors. Police in Romania have arrested two individuals in connection with three online services that are designed to help malware evade detection by antivirus software. The investigators also took down relevant servers in Romania, Norway, and the US. Read more in:

Google Plans to Add End-to-End Encryption to Android Messaging App. Google plans to begin beta-testing end-to-end encryption (E2EE) for its Android Messaging App. The feature will be rolled out to one-on-one Rich Communication Services (RCS) conversations. Google has been touting the RCS text-messaging standard as an alternative to SMS. Read more in:

Cryptocurrency and Criminal Finances Conference. Europol hosted the fourth Global Conference on Criminal Finances and Cryptocurrencies, which was held virtually. There were more than 2,000 participants, representing “law enforcement and judicial authorities, financial intelligence units, international organisations and the private sector.” Presentations included “case examples to exchange knowledge and best practices on investigations related to cryptocurrency facilitated crime and subsequent money-laundering activities. Read more in: Over 2 000 Participants from 132 Countries Logged on for the 4th Global Conference on Criminal Finances and Cryptocurrencies

OMB Directs Agencies to Prepare for IPv6-only Infrastructure. A memo from the US Office of Management and Budget (OMB) directs federal agencies to take steps to prepare for the transition to IPv6. Agencies have 45 days to create IPv6 integrated project teams that will “govern and enforce IPv6 efforts.” Within 180 days, agencies must establish and publish on their websites their own IPv4 policies. They are also required to conduct at least one pilot of an IPv6-only operational system and to develop an IPv6 implementation plan prior to the end of FY 2021. Read more in:

Internet of Things Security Bill To Establish Security Standards Mandatory for Government. The US Senate has unanimously passed the IoT Cybersecurity Improvement Act. The bill will require that Internet of Things (IoT) devices purchased by the federal government meet certain cybersecurity standards which will be set by the National Institute of Standards and Technology (NIST). Agencies will also need to establish vulnerability disclosure processes for IoT devices. The House of Representatives passed the bill in September. Read more in:

Cisco Webex Flaws Could be Exploited to Join Meetings Surreptitiously. Three vulnerabilities in Cisco’s Webex video-conferencing application could be exploited to join meetings as ghost users, able to listen in without the knowledge of other meeting participants or the host. An attacker could exploit one of the flaws to access the names, email addresses, and IP addresses of meeting participants. Another flaw could be exploited to remain in a meeting even after being dismissed by the host. Cisco has released updates to address the vulnerabilities. Read more in:

Bad Actors Scanning for Vulnerable WordPress Sites. Hackers appear to be scanning for WordPress sites that use Epsilon Framework-based themes. Multiple function injection vulnerabilities could be exploited together to execute code remotely and to take over vulnerable websites. Users are urged to update to a fixed version of the theme(s) they use, if they are available. Themes built with Epsilon Framework are used on at least 150,000 sites. Read more in:

Organizations Involved in COVID-19 Response Hit by Cyberattacks. Two companies with ties to COVID-19 research and treatment were recently targeted by cyberattacks. Americold, an Atlanta-based company that provides cold storage for food distributors and is planning to be involved with COVID vaccine storage has disclosed that its network was hit with a cyberattack earlier this month. The disclosure was made in a US Securities and Exchange Commission (SEC) filing. Miltenyi Biotec, a biotechnology company based in Germany, was hit with a cyberattack that affected some operational processes; Miltenyi supplies research companies with antigens for use in developing COVID-19 treatments. Read more in:

CISA Director Krebs Fired. Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs has been fired. The decision to fire Krebs has met with condemnation from legislators and from cybersecurity experts. Read more in:

Firefox 83 has HTTPS-Only Mode Feature. Firefox 83 has a new mode that connects only to HTTPS sites; users will be asked to approve connections to unsecure websites. The feature is disabled by default. Mozilla released Firefox 83 to the stable channel earlier this week. Read more in:

Mozilla Seeks Input Before Rolling Out DNS-over-HTTP to All Firefox Users. Mozilla plans to rollout the DNS-over-HTTPS (DoH) protocol for Firefox for all users worldwide, but is asking companies, governments, and Internet service providers (ISPs) for their input. The public comment period runs through January 4, 2021. Read more in:

Firefox Says Goodbye to Flash in January. Mozilla has announced that it will end support for Flash in Firefox as of January 26, 2021. With the release of Firefox 85, “there will be no setting to re-enable Flash support.” Read more in:

Industrial Control System Vulnerabilities. Four industrial control system (ICS) vendors have recently disclosed vulnerabilities in their products. Real Time Automation disclosed a stack overflow flaw in its 499ES ENIP stack protocol. Paradox disclosed two vulnerabilities in its IP150 Internet Module. Schneider Electric disclosed nine security issues in its Interactive Graphical SCADA System, and Sensormatic Electronics disclosed a vulnerability in the American Dynamics victor Web Client and Software House C•CURE Web Client. Read more in: Multiple Industrial Control System Vendors Warn of Critical Bugs

Managed.com Hit with Ransomware. Hosting provider Managed.com was hit with a ransomware attack that began earlier this week. The company has taken down all its servers to contend with the incident. The attack affected Managed.com’s public facing hosting systems; some customers’ sites were encrypted. Read more in:

Published by Thomas Apel

, a dynamic and self-motivated information technology architect, with a thorough knowledge of all facets pertaining to system and network infrastructure design, implementation and administration. I enjoy the technical writing process and answering readers' comments included.