Security News > 2020 > July

Used within organizations of all sizes for remote connection to assets and for telework, VPNs can deliver the expected level of security if strong cryptography is employed and if admins perform regular assessments to identify and eliminate misconfigurations and vulnerabilities. Thus, the NSA recommends that network administrators avoid default settings and reduce the attack surface of VPN gateways, ensure that only CNSSP 15-compliant cryptographic algorithms are used, remove unused or non-compliant cryptography, and keep both VPN gateways and clients up to date.

Hackers linked to the North Korean government appear to be behind the Magecart attacks on fashion retailer Claire's and other online stores, Netherlands-based e-commerce security company Sansec reported on Monday. Threat actors linked to North Korea have been known to launch - in addition to espionage and destructive campaigns - financially-motivated attacks, including against cryptocurrency exchanges and banks.

A Nigerian national appeared in federal court in Chicago Friday accused of orchestrating an international cyber fraud scheme that federal prosecutors say defrauded U.S. businesses in six states out of tens of millions of dollars. He appeared in court Friday morning to face a charge of conspiracy to commit wire fraud.

Attackers are actively trying to exploit CVE-2020-5902, a critical vulnerability affecting F5 Networks' BIG-IP multi-purpose networking devices, to install coin-miners, IoT malware, or to scrape administrator credentials from the hacked devices. CVE-2020-5902 is a critical remote code execution vulnerability in the configuration interface of BIG-IP devices used by some of the world's biggest companies.

There's a new ransomware for the Mac called ThiefQuest or EvilQuest. It's a good reminder to get your software from trustworthy sources, like developers whose code is "Signed" by Apple to prove its legitimacy, or from Apple's App Store itself.

A subset of Three UK users have received an SMS message warning them about text message-based spam - complete with a shortlink and textual urgings to click it and learn more. "They send an unsolicited out-of-the-blue SMS which asks you to 'click' on a link. When checked out in a sandboxed environment this goes to an insecure http-only page which warns of suspicious text messages and a video telling recipients not to tap on any links. Awesome!".

Williams, a black man living in Michigan, was arrested in January when police used automatic facial recognition to match his old driver's license photo to a store's blurry surveillance footage of a black man allegedly stealing watches. The Detroit Police Department claims that it doesn't make arrests based solely on facial recognition.

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Exploit code for a nasty vulnerability in F5 Networks' BIG-IP application delivery controllers is now doing the rounds, so make sure you're all patched up. Now exploit code is being merged into the Metasploit framework for anyone to use, and proof-of-concept code to extract files or execute arbitrary commands, which neatly fits into a tweet, is being shared all over the web.... F5 Big-IP CVE-2020-5902 LFI and RCE. LFI https:///tmui/login.

Hackers have already started exploiting a recently patched vulnerability affecting F5 Networks' BIG-IP application delivery controller. F5 informed customers last week that a BIG-IP configuration utility named Traffic Management User Interface is impacted by a critical remote code execution vulnerability whose exploitation can result in "Complete system compromise."