Cybersecurity News Headlines Update on December 09, 2020

NSA Warns that VMware Flaw is Being Actively Exploited, Fixes Available. The US National Security Agency (NSA) has issued a cybersecurity advisory, warning that Russian hackers are exploiting a command injection flaw in VMware Access and VMware identity Manager. The exploit allows attackers to install malware, access data, and maintain a persistent presence on vulnerable systems. VMware issued fixes for the flaw on Thursday, December 3. Read more in:

Kalispell Regional Healthcare Agrees to Pay $4.2M in Breach Settlement. Kalispell (Montana) Regional Healthcare (KRH) has reached a settlement with plaintiffs in a lawsuit filed after a data security breach. KRH will pay $4.2 million. The lawsuit was filed in December 2019; the incident occurred earlier that year. The attack began through phishing emails; the attackers gained access to employee accounts and retained that access until the breach was detected several months later. Read more in:

NDAA Would Create Position of National Cybersecurity Director. The proposed 2021 US National Defense Authorization Act (a must-pass bill) would establish a new Senate-confirmed, executive branch position of National Cyber Director. The bill would also give the Cybersecurity and Infrastructure Security Agency (CISA) subpoena authority to keep tabs on critical infrastructure cybersecurity and require CISA to hire cybersecurity coordinators for every state. Read more in:

Greater Baltimore Medical Center Suffers Ransomware Attack. The Greater Baltimore Medical Center (GBMC) has acknowledged that its network was hit with ransomware over the weekend. GBMC Health Care says that the attack has forced them to cancel some procedures that were scheduled for Monday, December 7. Read more in: Greater Baltimore Medical Center Hit by Ransomware Attack

Embraer Data Leaked After Ransomware Attack. Ransomware operators behind a November ransomware attack on Brazilian aerospace company Embraer have published files that were allegedly taken from the company’s network. Embraer has refused to pay the demanded ransom and has restored its systems from backups. Read more in:

Randstad Discloses Ransomware Attack. Randstad, a human resources company based in the Netherlands, has disclosed that its network was hit with ransomware known as Egregor. The ransomware operators have also targeted systems at Barnes and Noble and at TransLink, Vancouver, BC’s transportation agency. Read more in:

Kmart Network Reportedly Hit with Ransomware. US retailer Kmart has reportedly been targeted in a ransomware attack. The incident affected the company’s back-end servers. Kmart has not confirmed the report; a ransom note was shared with Bleeping Computer. Read more in:

UK Engineering Services Firm Acknowledges Cyberattack. RMD Kwikform, a UK engineering services firm, was the target of a cyberattack in November. The company has notified the Information Commissioner’s Office (ICO) and is cooperating with the National Cyber Security Centre (NCSC) and other authorities. Kwikform’s parent company, Interserve, was the target of a cyberattack in May 2020. Read more in:

Kazakhstan Government Wants to Intercept Citizens’ HTTPS Traffic Again. The government of Kazakhstan is once again requiring that citizens living in the country’s capital install a government-issued digital certificate on their devices if they want to access Internet services outside the country. The certificate allows the government to intercept all HTTPS traffic from those devices. If Kazakh citizens want to access sites like Facebook, YouTube, Instagram, Twitter, or Netflix, they will need the certificate. This has happened twice before – in December 2015 and in July 2019. In those previous instances, browser makers blacklisted the Kazakh government certificate. The requirement is being touted as a security initiative; the country plans to hold a parliamentary election in January 2021. Read more in:

Package Delivery Lockers Hacked. Someone hacked into a system that allowed them to unlock thousands of package delivery lockers in Moscow, Russia. The PickPoint delivery service allows people to order items and have them delivered to lockers, where they retrieve their packages using a mobile app. Read more in: Hacker opens 2,732 PickPoint package lockers across Moscow

Italian Police Make Arrests in Leonardo Data Theft. Authorities in Italy have arrested two people in connection with the theft of data from a defense contractor LeonardoSpA. The suspects introduced malware into the company computers through a USB drive; they allegedly stole 10GB of data from Leonardo over a two-year period. One of the suspects was an IT manager at the company. Read more in:

QNAP Releases Fixes for Vulnerabilities in NAS Devices. QNAP has published a security advisory urging users to update to the most recent versions of QTS and QuTS to address four vulnerabilities in its Network Attached Storage (NAS) products. One of the flaws could be exploited to take control of vulnerable NAS devices. Read more in:

FBI Warns of BEC Scammers Exploiting eMail Forwarding Rules. The FBI has released a Private Industry Notification warning that cyber threat actors are exploiting email forwarding rules to evade detection while conducting business email compromise (BEC) attacks. The thieves are setting email forwarding rules on web-based email clients. If the company admins have not synced email settings for web-based email accounts and desktop clients, the forwarding rule changes could go unnoticed. Read more in:

Phishing Campaign Targets COVID Cold Chain. An IBM Security X-Force threat intelligence task force “recently uncovered a global phishing campaign targeting organizations associated with a COVID-19 cold chain.” British regulators have approved Pfizer’s vaccine; US regulators are scheduled to evaluate Pfizer’s and Moderna’s vaccines next week. Once vaccines are approved, they must be transported at extremely low temperatures, hence the term cold chain for the companies that will provide the specialized refrigeration for vaccine storage and transportation. EU regulators are due to approve this vaccine over the coming weeks. Read more in:

Oracle WebLogic Flaw is Being Actively Exploited. Cyber threat actors are actively exploiting a critical vulnerability in Oracle WebLogic. Oracle released a fix for the flaw in its October 2020 Critical Patch Update. The remote code execution flaw is being exploited to drop several different payloads, including one that installs the DarkIRC bot. Users are urged to apply the available patch for CVE-2020-14882 as well as for CVE-2020-14750, a related vulnerability for which Oracle released an unscheduled fix in November. Read more in:

Alabama School District Hit with Ransomware. Huntsville (Alabama) City Schools have temporarily shut down in the wake of a ransomware attack. The school district has been providing both remote and in-person learning. The attack became apparent on Monday, November 30. The district has asked that all district-owned devices be shut down until further notice. Schools will remain closed for the rest of the week and possibly into next week. Read more in: Alabama school district shut down by ransomware attack

Online Curriculum Company K12 Pays Ransomware Demand. K12, a Virginia-based company that provides customized online learning curricula, paid threat actors to regain access to compromised systems following a November 2020 ransomware attack. Read more in: K12 online schooling giant pays Ryuk ransomware to stop data leak

Vancouver Transit System Hit with Ransomware. TransLink, the Vancouver, British Columbia, transit system, was infected with ransomware. On December 1, TransLink said that the incident had disrupted phones, inline services, and the ability to pay fares with credit and debit cards, but that transit services were not affected. As of Thursday, December 3, customers were once again able to use payment cards for fares. Read more in:

Aerospace Company Embraer Discloses Cyberattack. Brazilian aerospace conglomerate Embraer has disclosed that one of its systems was hit with a cyberattack in November. The incident has been reported to Brazil’s Securities and Exchange Commission. Read more in:

CISA Warns that Foreign Threat Actors are Targeting US Think Tanks. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert warning that it has “observed persistent continued cyber intrusions by advanced persistent threat (APT) actors targeting U.S. think tanks.” The alert includes an attack profile and recommended mitigations. Read more in:

TrickBot’s Up to New Tricks. A new component in the TrickBot botnet/banking Trojan is capable of modifying the Unified Extensible Firmware Interface (UEFI) on targeted computers. This new feature “makes use of readily available tools to check devices for well-known vulnerabilities that can allow attackers to read, write, or erase the UEFI/BIOS firmware of a device,” according to researchers at Eclypsium and AdvantIntel. Read more in:

Allegations that DHS Agents Bought Phone Location Data from Brokers Prompt Lawsuit and Investigation. The American Civil Liberties Union (ACLU) is suing the US government for information about whether the US Department of Homeland Security (DHS) is circumventing warrant requirements and buying cell phone location information from commercial data brokers. According to a 2018 US Supreme Court ruling, law enforcement must obtain a valid search warrant prior to accessing mobile device information, including location. In a related story, the Department of Homeland Security’s (DHS’s) inspector general is investigating similar allegations. Read more in:

iOS Flaw Could Have Been Exploited to Take Control of Vulnerable Devices. A Google Project Zero researcher has found a bug that could have been exploited to take control of iOS devices without user interaction. Ian Beer found that a memory corruption bug affecting the iOS kernel could be exploited through Wi-Fi to remotely gain control of nearby iOS devices. Apple patched the flaw in May 2020 with iOS 12.4.7, iPadOS & iOS 13.5 and watchOS 5.3.7 & 6.2.5. Read more in:

Current Version of NDAA Gives CISA Subpoena Power to Identify Owners of Vulnerable Critical Infrastructure. The most recent version of the US National Defense Authorization Act (NDAA) gives the Cybersecurity and Infrastructure Security Agency (CISA) the authority to issue administrative subpoenas to help identify owners of unsecure and/or unpatched Internet-connected devices. The provision would grant CISA the authority to obtain the information from Internet service providers. Read more in: CISA set to receive subpoena powers over ISPs in effort to track critical infrastructure vulnerabilities

Malware Targets macOS. Researchers have detected a new malware variant that targets macOS systems. The malware has been linked to the OceanLotus advanced persistent threat (APT) group, which has ties to the Vietnamese government. The malware spreads through malicious files included in phishing emails. Read more in:

New Zealand’s New Data Privacy Law Takes Effect December 1, 2020. New Zealand’s Privacy Act 2020 takes effect on December 1. Under the new law, organization are obligated to report data breaches that pose a “risk of harm.” The law applies to New Zealand-based organizations that handle data as well as organizations that conduct business and/or collect data about New Zealand residents. Read more in: New Zealand Privacy Act: Updated data breach legislation comes into effect tomorrow

Texas Governor’s Support Leads to 1,150 Students in 235 High Schools Discovering Their Level of Cybersecurity Talent and Vying for $2 Million in Scholarships. Texas Governor Abbott’s active support has enabled more than 1,000 high school students to use CyberStart America to discover their cyber aptitude in less than 30 days. Many participants are finding they are hooked on solving cybersecurity problems as “cyber protection agents,” even those who never took a computer science or networking or cybersecurity class. New Jersey’s Governor Murphy also promoted the program to students and New Jersey’s students are cutting into Texas’s lead. With 100 more days to go in CyberStart America and every high school student in every state eligible for the free program, at least 30,000 America high school students will be able to begin their professional journey toward a career in cybersecurity and/or computer science with $2 million in college scholarships available to those who do well.

Governor Abbott Announces Partnership With CyberStart America To Promote Cybersecurity Career Track For Texas High School Students

Governor Murphy Strongly Encourages High School Girls To Participate In Upcoming 2020 Girls Go CyberStart Competition

Leaderboard to see how students in your state are doing.

Site to Learn More and Sign Up for CyberStart America.

Pennsylvania County Pays $500,000 After Ransomware Attack. The government of Delaware County (Pennsylvania) paid $500,000 to regain access to their systems following a ransomware attack. The county took some of its systems offline after discovering the incident. Read more in:

Baltimore (Maryland) County Schools Suffers Ransomware Attack. The Baltimore County Public School (BCPS) system was forced to cancel classes and shut its offices on Wednesday, November 25 after its network was hit with ransomware. BCPS exhorted students and staff not to use district-issued Windows computers. District-issued Chromebooks were not affected. Read more in:

University of Vermont Medical Health Network Still Recovering from October Ransomware Attack. More than a month after a ransomware attack hit systems at the University of Vermont Medical Health Network (UVMHN), the organization is still working on restoring services. UVMHN comprises seven facilities in Vermont and New York State. Read more in:

AspenPointe Discloses September Data Breach. Colorado-based healthcare company AspenPointe has disclosed a data breach that affected nearly 300,000 patients. The attackers compromised both personal health information (PHI) and personally identifiable information (PII). The attackers had access to the system for 10 days in mid-September 2020. Read more in: Healthcare provider AspenPointe data breach affects 295K patients

Advantech Confirms Ransomware Attack. Advantech, a Taiwan-based company that manufactures chips used in Internet of Things (IoT) devices, has confirmed that its systems were hit with a ransomware attack. The threat actors have posted some Advantech documents online; they are reportedly demanding 750 Bitcoins for ransom. Read more in:

Microsoft Teams No Longer Supports Internet Explorer. As of Monday, November 30, Microsoft Teams no longer supports Internet Explorer 11. If users log into the web version of Microsoft Teams with IE 11, they will see a message reminding them that the browser is no longer supported and recommending that they use the desktop client instead. The withdrawal of support is one in a series of changes Microsoft is implementing to encourage users to move to their Edge browser. Read more in:

Spamhaus Says 50+ Dormant Domains Springing Back to Life is Suspicious. According to Spamhaus, more than 50 networks sprung back to life after being dormant for some time. The networks, all of which are in the North American region, were revived at the same time; each of the networks was introduced by autonomous system numbers that have also been dormant. Spamhaus has placed most of the suspect networks on its DROP list “until their owners clarify the situation.” Read more in:

TrickBot Botnet Comes Creeping Back. The TrickBot botnet appears to be re-emerging after Microsoft and US Cyber Command efforts to disrupt it earlier this fall. Both organizations targeted the botnet’s command-and-control servers. The newest iteration of TrickBot uses a clever obfuscation technique to sneak the payload past detection tools. Read more in:

US Supreme Court Hears Arguments in CFAA Case. The US Supreme Court is hearing appeal arguments in a case that is likely to determine how broadly or narrowly the Computer Fraud and Abuse Act (CFAA) is interpreted. The case seeks to overturn the conviction of a Georgia police officer who used his legitimate access to a license plate database to search for information at the request of an individual who turned out to be an undercover FBI agent. Read more in:

Microsoft Defender for Identity Can Detect Zerologon Exploits. Microsoft Defender for Identity, a cloud-based security product, is now capable of detecting attacks that exploit the Zerologon. Microsoft says that customers “will be able to identify the device that attempted the impersonation, the domain controller, the targeted asset, [and] whether the impersonation attempts were successful.” Read more in:

Published by Natalie Wong

, as a technical writer for how-to guides, tutorials, fixes for common problem happen on gaming and console, and articles about the latest tech. My gaming alias is Midnight, and I usually play PUBG, CSGO, GTA V and some coop games.