Security News > 2020 > October

eSentire unveiled eSentire Cloud Automation Security Assistant, the company's automated detection and response solution for Microsoft Security products. CASA offers customers a single place within Microsoft Teams to actively manage alerts, engage eSentire experts on demand, and launch automated threat configurations for Microsoft Cloud Application Security, Microsoft 365, Microsoft Defender for Endpoint, Microsoft Azure, and Microsoft Graph Security API. CASA, delivered on the eSentire Atlas Extended Detection and Response platform, aggregates and enriches alerts to prioritize what matters and provides customers with the information needed to make security decisions, all within their existing Microsoft Teams app.

The operators of Darkside ransomware have donated some of the money they made extorting victims to nonprofits Children International and The Water Project. "As we said in the first press release - we are targeting only large profitable corporations. We think it's fair that some of the money they've paid will go to charity. No matter how bad you think our work is, we are pleased to know that we helped change someone's life." - Darkside ransomware operators.

The United Kingdom on Monday exposed and condemned cyberattacks that the Russian military intelligence service GRU allegedly launched against organizations involved in the 2020 Olympic and Paralympic Games that were set to take place in Tokyo this summer, but were postponed due to the COVID-19 pandemic. On Monday, the United States announced charges against six officers of the GRU, which is also said to have orchestrated the cyberattacks on the PyeongChang Winter Olympics with the Olympic Destroyer malware.

The Hewlett Foundation just announced its top five ideas in its Cybersecurity Visuals Challenge. The problem Hewlett is trying to solve is the dearth of good visuals for cybersecurity.

The Sandworm Team hacking group is part of Unit 74455 of the Russian Main Intelligence Directorate, the US Department of Justice claimed as it unsealed an indictment against six hackers and alleged members on Monday. "These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: Ukraine; Georgia; elections in France; efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation's flag, as a consequence of Russian government-sponsored doping effort," the DoJ alleges.

The U.S. National Security Agency warns that Chinese state-sponsored hackers exploit 25 different vulnerabilities in attacks against U.S. organizations and interests. As part of these attacks, the NSA has seen twenty-five publicly disclosed vulnerabilities exploited to gain access to networks, deploy malicious mobile apps, and spread laterally through a system while attackers steal sensitive data.

Irish privacy regulators have opened two investigations into Instagram over the social media site's handling of young people's personal data. Data scientist David Stier said last year that his analysis found users, including those under 18, who switched their account types to business accounts also had their contact information displayed on their profile.

A security researcher has discovered a vulnerability in Google's Waze app that can allow hackers to identify people using the popular navigation app and track them by their location. Gasper reported the latest Waze bug to Google last December and was rewarded a bug bounty of $1,337 from Google's Vulnerability Reward Program in January 2020, disclosing the flaw publicly in August.

Adobe last week patched a total of nine vulnerabilities in its Magento e-commerce platform, including two critical issues. The vulnerabilities rated critical have been described as a "File upload allow list bypass" that can lead to arbitrary code execution, and an SQL injection flaw that can provide an attacker read or write access to the targeted store's database.

A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware - dubbed "GravityRAT" - now masquerades as legitimate Android and macOS apps to capture device data, contact lists, e-mail addresses, and call and text logs and transmit them to an attacker-controlled server.