Security News > 2020 > October

Dr. Reddy's, the contractor for Russia's "Sputinik V" COVID-19 vaccine and a major generics producer, has had to close plants and isolate its data centers. COVID-19 vaccine manufacturer Dr. Reddy's Laboratories has shut down its plants in Brazil, India, Russia, the U.K. and the U.S. following a cyberattack, according to reports.

The European Union has imposed sanctions on a Russian military malware developer and the commander of Russia's MI6 equivalent, a mere five years after the two targeted Germany's parliament with a cyberattack. The pair, an admiral commanding the GRU spy agency and a malware dev already on international sanctions lists for targeting the MH17 mass murder investigation, are now subject to yet another travel ban.

US-based ski and golf resort operator Boyne Resorts has suffered a cyberattack by the WastedLocker operation that has impacted company-wide reservation systems. Today, BleepingComputer received an anonymous tip from an alleged Boyne Resorts employee who stated that the company suffered an undisclosed ransomware attack last weekend.

Microsoft is working on improving Microsoft Defender for Office 365 with priority protection features for accounts of high-profile employees like executive-level managers that threat actors target most often. Microsoft Defender for Office 365 provides Office 365 enterprise accounts with email threat protection from advanced threats including credential phishing and business email compromise, automatically remediating detected attacks.

Microsoft and MITRE, in collaboration with a dozen other organizations, have developed a framework designed to help identify, respond to, and remediate attacks targeting machine learning systems. The Adversarial ML Threat Matrix, which Microsoft has released in collaboration with MITRE, IBM, NVIDIA, Airbus, Bosch, Deep Instinct, Two Six Labs, Cardiff University, the University of Toronto, PricewaterhouseCoopers, the Software Engineering Institute at Carnegie Mellon University, and the Berryville Institute of Machine Learning, is an industry-focused open framework that aims to address this issue.

Nvidia, which makes gaming-friendly graphics processing units, has issued fixes for two high-severity flaws in the Windows version of its GeForce Experience software. GeForce Experience is a supplemental application to the GeForce GTX graphics card - it keeps users' drivers up-to-date, automatically optimizes their game settings and more.

There is a new report on police decryption capabilities: specifically, mobile device forensic tools. This report documents the widespread adoption of MDFTs by law enforcement in the United States.

The new 'Abaddon' remote access trojan may be the first to use Discord as a full-fledged command and control server that instructs the malware on what tasks to perform on an infected PC. Even worse, a ransomware feature is being developed for the malware. In the past, we have reported on how threat actors use Discord as a stolen data drop or have created malware that modifies the Discord client to have it steal credentials and other information.

Epiphany is a new risk detection and quantification platform that highlights, qualifies and quantifies the risks that occur within the technical structure and users of a network, giving the security team the opportunity to eliminate the risk before an incident. The Epiphany Intelligence Platform from DigitalWare gathers information on the IT infrastructure and its users, and then uses adversarial modeling and countermeasure analysis to locate risks and quantify the likelihood of adversarial success against that risk.

French IT giant Sopra Steria was hit with a cyber attack this week that disrupted the business of the firm and is widely believed to be the work of the threat actors behind Ryuk ransomware. The company, which did $4.4 billion in business last year, divulged nothing of exactly what type of attack it was and what services, systems and data were affected, sources in the French media claim it was Ryuk ransomware that took down the company.