Security News > 2020 > October

A threat actor linked to China has used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea, Kaspersky reported on Monday. Kaspersky researchers analyzed the malware and the malicious activity after stumbling upon several suspicious UEFI firmware images.

The Department of Justice has nabbed two alleged leaders of a global, notorious video-game piracy group called Team Xecuter. Console manufacturers and game developers implement various technical measures - from specific game cartridge designs to cryptographic keys on the software - to prevent the use of unauthorized firmware that could be used to play pirated video games.

Checkmarx announced a new GitHub Action to bring comprehensive, automated static and open source security testing to developers. Checkmarx's new GitHub Action integrates the company's application security testing solutions - Checkmarx SAST and Checkmarx SCA - directly with GitHub code scanning, giving developers more flexibility and power to work with their preferred tools of choice to secure proprietary and open source code.

Google on Friday announced the Android Partner Vulnerability Initiative, an effort aimed at improving patching of security issues specific to Android OEMs. Through the new initiative, the tech giant also expects to improve transparency around vulnerabilities identified by Google's own researchers, but which impact device models coming from the company's Android partners. Google already provides security researchers with various programs through which they can report security issues, such as the Android Security Rewards Program, which is for reporting vulnerabilities in Android code, and the Google Play Security Rewards Program, for reporting bugs in popular third-party Android apps.

Industrial automation giant Rockwell Automation on Friday announced the acquisition of Oylo, a cybersecurity company based in Spain. Founded in 2017, Oylo has been offering solutions for industrial control systems and IoT security, business continuity and resilience, and critical infrastructure and critical business process protection.

Google has announced two new security initiatives: one is aimed at helping bug hunters improve the security of various browsers' JavaScript engines, the other at helping Android OEMs improve the security of the mobile devices they ship. "JavaScript engine security continues to be critical for user safety, as demonstrated by recent in-the-wild zero-day exploits abusing vulnerabilities in v8, the JavaScript engine behind Chrome. Unfortunately, fuzzing JavaScript engines to uncover these vulnerabilities is generally quite expensive due to their high complexity and relatively slow processing of input," noted Project Zero's Samuel Groß.

A North American merchant's point-of-sale terminals were infected with a mix of POS malware earlier this year, Visa reports. In May and June 2020, the company analyzed malware variants used in independent attacks on two North American merchants, one of which employed a TinyPOS variant, while the other involved a mix of malware families such as MMon, PwnPOS, and RtPOS. As part of the first attack, phishing emails were sent to a North American hospitality merchant's employees to compromise user accounts, including an administrator account, and legitimate administrative tools were used to access the cardholder data environment within the network.

As yet unidentifed hackers have managed to steal employee salary payments at several Swiss universities, officials said Sunday. "According to our information, several top schools in Switzerland have been affected," Martina Weiss, director general of the rectors group of Switzerland's public universities, told AFP. The hackers used information obtained by phishing - tricking a person into passing on their personal details - for their attacks on at least three universities, including the University of Basel.

The problem is that even with the built-in security controls, organizations still experience security breaches due to misconfigurations in their SaaS applications. Cloud Access Security Brokers address security issues in SaaS applications.

Over a year has passed since Nmap had last been updated, but this weekend Gordon "Fyodor" Lyon announced Nmap 7.90. First and foremost, Nmap 7.90 comes with Npcap 1.0.0, the first completely stable version of the raw packet capturing/sending driver for Windows.