Security News > 2020 > October

The United States Cyber Command this week released new malware samples associated with the activity of Russian threat actors Turla and Zebrocy. On Thursday, USCYBERCOM shared on VirusTotal new samples of the ComRAT Trojan, which is believed to be one of the oldest malware families employed by the Russia-linked threat actor.

DHS CISA and the FBI today shared more info on how an Iranian state-sponsored hacking group was able to harvest voter registration info from U.S. state websites, including election sites. The attempts to download voter info from election websites took place between September 29 and October 17, 2020, according to the advisory.

Threatpost breaks down the scariest stories of the week ended Oct. 30 haunting the security industry -- including bugs that just won't die.

The Wroba mobile banking trojan has made a major pivot, targeting people in the U.S. for the first time. Where Android users are served up the full Wroba download, according to researchers, the executable doesn't work on iPhone.

The US government, in full pre-presidential election high alert, has issued a warning about an evolved strain of backdoor malware from a Russian offensive cyber unit. The Zebrocy backdoor, warned the CISA infosec agency, has evolved - and while the agency didn't explicitly link it to Russia, previous research from the private sector made it abundantly clear who the malware's operators are.

Google Project Zero security researchers have identified another Windows vulnerability that has been actively exploited in attacks. "The Windows Kernel Cryptography Driver exposes a DeviceCNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation," Jurczyk explains.

This week, Amazon announced AWS Nitro Enclaves, a new feature of EC2 that will allow customers to securely process highly sensitive data and protect it when it must be unencrypted at the point of use by providing an isolated environment for data processing. "With this isolation, the AWS Nitro Enclave owner can start and stop, or assign resources to an Enclave, but even the owner cannot see what is being processed inside of AWS Nitro Enclaves. AWS also announced the launch of AWS Certificate Manager for Nitro Enclaves, a new Enclave application that makes it easy for customers to protect and manage Secure Sockets Layer/Transport Layer Security certificates for their web servers running on Amazon EC2.".

Google announced on Thursday that Google One customers can now use a new virtual private network service that will provide them an extra layer of protection when they go online. The new VPN by Google One is available to customers who have subscribed to a 2 TB plan or higher.

The Federal Bureau of Investigation shared indicators of compromise associated with the Iranian state-sponsored threat group behind last week's Proud Boys voter intimidation emails that targeted Democratic voters. The threatening spoofed emails used the "Vote for Trump or Else" subject and warned voters registered as Democrats that they must vote for President Trump and change their party to Republican unless they want the Proud Boys far-right group to come after them.

Mineral Technologies Inc discloses a ransomware attack in SEC filings Minerals Technologies Inc. today announced that on October 22, 2020, it detected a ransomware attack impacting certain of its information technology systems. Office furniture giant Steelcase has suffered a ransomware attack that forced them to shut down their network to contain the attack's spread. New Mars ransomware.