Security News > 2020 > July

The NSA's Cybersecurity Directorate - that's the part that's supposed to work on defense - has released two documents on securing virtual private networks. Some of it is basic, but it contains good information.

The Brazilian cybercriminals behind four banking Trojans collectively dubbed "Tetrade" have decided to expand their business and started targeting victims internationally, Kaspersky's security researchers reveal. The four banking Trojan families - Guildma, Javali, Melcoz and Grandoreiro - have been active for years, but started emerging in attacks in North America, Europe, and Latin America only last year.

As experts in measuring and monitoring third-party risk, RiskRecon and the data scientists from Cyentia Institute recently published a new report that leveraged unique scan data from millions of web servers around the world, via the RiskRecon platform, to see where the rollout of TLS 1.2 is going smoothly and where it is meeting resistance. Together with its precursor SSL, TLS has long been in the crosshairs of both attackers and security researchers who understand that a weak or non-existent deployment of the protocol makes it trivial enough to carry out man-in-the-middle and other attacks against the vulnerable target.

Researchers have discovered several potentially serious vulnerabilities affecting monitoring, cooling and power distribution products made by Germany-based Rittal. According to Austria-based cybersecurity company SEC Consult, Rittal's CMC III industrial and IT monitoring system, LCP CW cooling system, and the entire portfolio of power distribution units are impacted by six types of vulnerabilities.

Cisco has launched an investigation after researchers at F-Secure analyzed two counterfeit Cisco switches that appeared to exploit a previously unknown vulnerability. F-Secure's analysis of the fake Cisco switches focused on the security implications of using such fake devices, particularly if the manufacturer attempted to plant any backdoors.

Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers. According to Mikhail Klyuchnikov, a security researcher at Positive Technologies who discovered the flaw and reported it to F5 Networks, the issue resides in a configuration utility called Traffic Management User Interface for BIG-IP application delivery controller.

The United States hailed Britain's decision Tuesday to order the phased removal of China's Huawei telecoms giant from its 5G network, following months of pressure from Washington. "We welcome news that the United Kingdom plans to ban Huawei from future 5G networks and phase out untrusted Huawei equipment from existing networks," Secretary of State Mike Pompeo said in a statement.

A Cambridge post-graduate student has recreated the "Cyclometer", the decryption device devised by Polish mathematicians that informed Alan Turing's later code-breaking efforts. Turing famously devised the "Bombe", a machine that was capable of decrypting messages encoded by Nazi Germany's fiendish Enigma machines.

Citrix has taken the unusual step of rebutting dark web discourse that alleges its networks have been compromised. A Wednesday post penned by CISO Fermin J Serna says the company is aware of a "Threat intelligence report circulated concerning claims made on the dark web by a threat actor alleging compromise of the Citrix network, exfiltration of data, and attempts to escalate privileges to launch a ransomware attack."

A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more. Crafting Malicious DNS Responses Stating that the objective was to identify a vulnerability that would let an unauthenticated attacker compromise a Windows Domain environment, Check Point researchers said they focused on Windows DNS, specifically taking a closer look at how a DNS server parses an incoming query or a response for a forwarded query.