Security News > 2020 > July

In May, police in France, assisted by the Netherlands' cops, infiltrated EncroChat's core network - and in mid-June the operator pulled the plug, having realised the game was up. The takedown of the network has been a poorly disguised secret, with Northern Irish suspects reportedly being arrested last week after data from EncroChat's servers was shared around European police forces.

Microsoft has emitted a pair of security patches to address flaws in Windows 10 that can be potentially exploited by miscreants to hijack PCs. A victim simply needs to be tricked into opening a file containing a specially crafted image on a vulnerable system. In the case of CVE-2020-1457, a successful exploit would lead directly to arbitrary code execution on the victim's computer for the attacker, while Microsoft said CVE-2020-1425 would let the aggressor "Obtain information to further compromise the user's system" though it is also described as a remote-code-execution flaw.

The mandate to implement new public and private cloud networks, extend WAN connectivity to branch offices, support new IoT and privately-owned end-user devices, and develop aggressive application advancement strategies can often conflict directly with the need to secure the entire expanding network. Internal segmentation strategies-solutions that go well beyond simple VLANs-play a critical role in ensuring that agile connectivity strategies such as SD-WAN can be safely integrated into a traditional network.

Presumably, the fact that the blackmail message was uploaded to your database - proving that the crooks had write access - is meant to convince you that the crooks definitely also had read access and therefore did indeed steal all your data. One thing missing from the blackmail message above is the sort of pressure you'd expect in a ransomware attack, namely that you're paying to get your data back because the crooks have wiped or scrambled it.

The Valak information stealer is being distributed in ongoing campaigns aimed at enterprises in North America, South America, Europe and likely other regions as well, Cisco Talos reports. What makes Valak stand out in the crowd is the use of stolen email threads for distribution, which increases the likelihood of the victim opening the delivered attachments.

Users who don't understand how to encrypt their emails won't do it. There's another danger for companies whose users do try to grapple with the internal email encryption system: rising support costs.

The threat actor behind the Sodinokibi ransomware is demanding a $14 million ransom from Brazilian-based electrical energy company Light S.A. The company has confirmed that it was hit with a cyberattack without providing specific information on the type of compromise, but AppGate's security researchers, who have obtained a sample of the malware believed to have been used in the attack, are confident that the incident involves the Sodinokibi ransomware. The same web page reveals information about the attackers, clearly mentioning the name Sodinokibi, and attempts to persuade the victim to pay the ransom by promising full decryption of the affected data.

Trojans, backdoors and droppers, oh my: These are the top three malware types being analyzed by threat intelligence teams, according to statistics out on Thursday. According to anonymized statistics from requests to the Kaspersky Threat Intelligence Portal, almost three quarters of the analyzed malicious files fell into those three categories.

Apache Guacamole, a popular infrastructure for enabling remote working, is vulnerable to a slew of security bugs related to the Remote Desktop Protocol, researchers have warned. "Once in control of the gateway, an attacker can eavesdrop on all incoming sessions, record all the credentials used, and even start new sessions to control the rest of the computers within the organization," explained Eyal Itkin, researcher from Check Point, in a posting on Thursday.

The social media giant said that it recently discovered that 5,000 developers received data from Facebook users - long after their access to that data should have expired. In 2018, on the heels of the Cambridge Analytica privacy incident, Facebook debuted stricter controls over data collection by third-party app developers.