Security News > 2020 > October

In a new campaign analyzed by Radware, cybercriminals threaten organizations with Distributed Denial of Service attacks unless they acquiesce to their ransom demands. Published on Wednesday, a security alert entitled "2020 Ransom DDoS Campaign Update" describes how Radware and the FBI have been warning organizations about a global ransom DDoS campaign targeting financial companies and other businesses around the world.

San Francisco, CA-based FOSSA - an open source management firm - has raised $23.2 million in a Series B funding round from Bain Capital Ventures, Canvas Ventures and Costanoa Ventures; bringing the total raised to $35 million. The company has simultaneously launched FOSSA Security Management, a product designed to help organizations secure their software supply chain - that is, the uncontrolled inclusion and use of open source software within their own software development.

Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym. Law enforcement estimations say that QQAAZZ laundered, or at least attempted to launder, tens of millions stolen from cybercrime victims starting with 2016.

Starting next week, Zoom users - both those who are on one of the paid plans and those who use it for free - will be able to try out the solution's new end-to-end encryption option. Must join from the Zoom desktop client, mobile app, or Zoom Rooms.

Hackers accessed personal information of guests, employees and crew for three cruise line brands and the casino operations of Carnival Corp. in a ransomware attack the company suffered on Aug. 15, officials have confirmed. Carnival Cruise Line, Holland America Line and Seabourn were the brands affected by the attack, which Carnival is still investigating, the company said in an update on the situation this week.

Video conferencing platform Zoom next week will start rolling out end-to-end encryption in technical preview. "We're excited to announce that starting next week, Zoom's end-to-end encryption offering will be available as a technical preview, which means we're proactively soliciting feedback from users for the first 30 days," the company said earlier this week.

The company revealed in an S-1 form filed with the U.S. Securities and Exchange Commission that it's offering a total of 37 million shares, including roughly 6 million from stockholders. It expects the IPO price to range between $19 and $22 per share, which could earn McAfee up to $682 million and stockholders another $132 million, for a total of $814 million.

The United States Cyber Command warns that users should apply the latest patches for Microsoft software to ensure they won't fall victim to exploitation attempts. The most important of these issues, US Cyber Command points out, is CVE-2020-16898, a critical bug in the Windows TCP/IP stack that can be triggered remotely to potentially achieve remote code execution on the victim machine.

German prosecutors said Wednesday that authorities have searched 15 premises linked to spyware maker FinFisher as part of a probe into allegations the Munich-based company broke export laws by selling its products to authoritarian governments. Munich prosecutors opened an investigation into the company last year following complaints from human rights groups, which alleged FinFisher had supplied Turkey with software that could be used to spy on dissidents in the country.

The new configuration file pushed on Sept. 22 told all systems infected with Trickbot that their new malware control server had the address 127.0.0.1, which is a "Localhost" address that is not reachable over the public Internet, according to an analysis by cyber intelligence firm Intel 471. U.S. Cyber Command's campaign against the Trickbot botnet, an army of at least 1 million hijacked computers run by Russian-speaking criminals, is not expected to permanently dismantle the network, said four U.S. officials, who spoke on the condition of anonymity because of the matter's sensitivity.