Security News > 2020 > September

As you can probably tell from the name, it involves Windows - everyone else talks about logging in, but on Windows you've always very definitely logged on - and it is an authentication bypass, because it lets you get away with using a zero-length password. On a Windows network, the secret component is the domain password of the computer you're connecting from.

Google is taking the step of prohibiting "Stalkerware" in Google Play, along with apps that could be used in political-influence campaigns. Google also specified that any consent-based tracking-related apps distributed on the Play Store must comply with certain parameters.

APT41 is known for nation-state-backed cyber-espionage activity as well as financial cybercrime. "Their activity traces back to 2012, when individual members of APT41 conducted primarily financially motivated operations focused on the video-game industry, before expanding into traditional espionage, most likely directed by the state. APT41's ability to successfully blend their criminal and espionage operations is remarkable."

Several information disclosure and cross-site scripting vulnerabilities, including one rated critical, have been patched this week in the Drupal content management system. The most serious of the flaws is CVE-2020-13668, a critical XSS issue affecting Drupal 8 and 9.

GCHQ offshoot the National Cyber Security Centre has warned Further and Higher Education institutions in the UK to be on their guard against ransomware attacks as the new academic year gets under way. NCSC sent advice to places of learning "Containing a number of steps they can take to keep cyber criminals out of their networks, following a recent spike in ransomware attacks," it said in an advisory note published this morning.

As students head back to the classroom, the spate of ransomware attacks against schools is continuing. The latest is a strike against a California school district that closed down remote learning for 6,000 elementary school students, according to city officials.

Lately, ransomware operators have been upping their game by teaming up with fellow criminals as a type of organized cybercrime. To sell the compromised files, many ransomware groups create special data leak sites that publish the names of victims along with the stolen data.

German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment. As a consequence, systems gradually crashed and the hospital wasn't able to access data; emergency patients were taken elsewhere and operations postponed.

While it may be a trendy term, in cybersecurity, intelligence pivoting is pivotal to detection and response. In my previous article I discussed the concept of intelligence pivoting with a simplified example of looking at external threat intelligence to see if a particular IP address is associated with a specific adversary.

Google this week announced improved malware protection capabilities for all users who are enrolled in its Advanced Protection Program. Aimed at providing high-risk users such as politicians and their staff, business executives, journalists, and activists with an additional layer of protection for their accounts, the Advanced Protection Program was launched in October 2017.