Security News > 2020 > June

Adobe on Tuesday announced the release of security updates for its Flash Player, Framemaker and Experience Manager products. In Flash Player, for which Adobe plans on providing security updates only until the end of the year, the company patched a critical use-after-free bug that can allow an attacker to execute arbitrary code in the context of the current user.

Citizen Lab started its investigation into the 'Dark Basin' group in 2017 after it was contacted by a journalist targeted with phishing pages that were served via the self-hosted open-source Phurl URL shortener. "Dark Basin left copies of their phishing kit source code available openly online, as well as log files" that "Recorded every interaction with the credential phishing website, including testing activity carried out by Dark Basin operators," Citizen Lab said.

Japanese car maker Honda has been hit by ransomware that disrupted its production of vehicles and also affected internal communications, according to reports. Some Honda factories around the world were forced to suspend production, though output from Turkey, India, USA and Brazil locations remain on hold at the time of writing.

Adobe released patches for four critical flaws in Flash Player and in its Framemaker document processor as part of its regularly scheduled updates. In Tuesday's June Adobe security updates, critical flaws tied to three CVEs were patched in Adobe Framemaker, which is Adobe's application designed for writing and editing large or complex documents.

Dubbed FlowCloud, the remote access Trojan was used by the same threat actor that used the LookBack malware in campaigns targeting U.S. utilities providers last year. "Both the FlowCloud and LookBack campaigns targeted utility providers in the United States. Both used training and certification-themed lures. And both used threat actor-controlled domains for delivery. In some cases, both FlowCloud and LookBack campaigns targeted not only the same companies but also the same recipients," Proofpoint explains.

Vectra Integrates Cognito with Microsoft Defender ATP and Azure Sentinel to Form a SOC Visibility Triad. San Jose, Calif-based threat detection firm Vectra has integrated its network threat detection and response Cognito platform with Microsoft Defender and Microsoft Azure Sentinel to deliver Gartner's concept of the SOC Visibility Triad. Gartner introduced the idea of the SOC Visibility Triad in March 2019. The new native integration between Vectra's Cognito and Microsoft's Defender and Sentinel is designed to provide the SOC with full oversight of the state of the infrastructure, and better ability to respond to suspicious events.

Privacy-focused browser maker Brave has responded to complaints about affiliate links by apologising for a coding error but also stating that adding affiliate links to search queries is standard practice. The browser was never guilty of the more serious accusation of injecting affiliate links into the HTML rendered for a page, said Brave.

A hack-for-hire group, called Dark Basin, has been outed after targeting thousands of individuals and organizations worldwide - including advocacy groups and journalists, elected and senior government officials, and hedge funds - over the course of seven years. "Citizen Lab has notified hundreds of targeted individuals and institutions and, where possible, provided them with assistance in tracking and identifying the campaign," according to a report on Dark Basin released by Citizen Lab researchers on Tuesday.

jSonar, a company that provides database security solutions, on Tuesday announced that it raised $50 million from Goldman Sachs. jSonar provides a comprehensive platform designed to help organizations secure their database systems and ensure compliance across cloud and on-premises environments.

Sadly unlawful cryptomining is still a thing, and SophosLabs has just published a report that follows the evolution and operation of the cybercrime gang behind a botnet known as Kingminer. Servers have two desirable properties for cryptomining abuse, namely that they're always on, so any unauthorised mining runs 24/7, and they're usually much more powerful than the average laptop, so the crooks can dial in decent earnings without taking over the server so completely that they get noticed.