Security News > 2020 > October

On Thursday Johannes Ullrich, Dean of Research at the SANS Technology Institute, spotted a massive spike in traffic on research "Honeypot" systems as somebody tried to identify public-facing WebLogic servers that weren't patched against CVE-2020-14882. If you find a vulnerable server in your network: Assume it has been compromised.

One policy expert says cybersecurity measures should be an expected item that comes with every purchase, like the safety measures in your car. TechRepublic's Karen Roby talked with Fred Cate of Indiana University about cybersecurity and the importance of cybersecurity policy in government.

The boozy names might sound like the kind of thing conjured up in a frat-house common room, but malware families Kegtap, Singlemalt and Winekey are being used to gain initial network access in potentially lethal ransomware attacks on healthcare organizations in the midst of a global pandemic, researchers said in newly released findings. Kegtap, Singlemalt and Winekey act as first-stage loaders, which establish a foothold on a device before fetching malware for the next stage of the attack.

As America counts down to the November 3 elections, things are tense for political campaigns. The Republican Party of Wisconsin, a key battleground state which President Trump won in 2016 by less than 1 per cent, has admitted that it lost $2.3m earlier this month to business email deception - where phishing emails harvest credentials and use these to submit fake or altered invoices for services rendered.

Professor and cybersecurity policy expert says it should be something that is already in place with each purchase or subscription.

Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF. Cybercriminals are hijacking legitimate email accounts from more than a dozen universities - including Purdue University, University of Oxford in the U.K. and Stanford University - and using the accounts to bypass detection and trick victims into handing over their email credentials or installing malware. The highest number of phishing emails detected came from compromised Purdue University accounts, stolen in campaigns from Jan. to Sept. Behind Purdue University was Oxford, Hunter College and Worcester Polytechnic Institute.

A campaign to sue Facebook over lax privacy policies that allowed Cambridge Analytica to slurp almost a million people's personal data from the social networking website hopes to become a representative action in the High Court, its instigators said today. The campaign said in a statement: "In 2013 and 2014, thousands of people participated in the thisisyourdigitallife app on Facebook. Facebook allowed this app to harvest the data of the app users' friends without their friends' permission or knowledge, including Alvin Carpio, the representative claimant. By taking data without consent, it is alleged that Facebook failed to meet their legal obligations under the Data Protection Act 1998.".

The REvil ransomware gang claims it will rake in $100 million by year's end. That's according to a REvil group leader in a rare Q&A with the YouTube Channel for tech blog "Russian OSINT." During the live interview, the REvil hacker warned of a "Big attack cominglinked to a very large video game developer."

Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network are the latest victims of the Ryuk ransomware attack spree covering the healthcare industry across the U.S. Yesterday, the U.S. government hosted an emergency call with stakeholders in the healthcare industry to alert them to an "Increased and imminent cybercrime threat to U.S. hospitals and healthcare providers." Later in the day, CISA issued a joint advisory publicly warning that U.S. hospitals and healthcare providers are actively targeted in cyberattacks deploying the Ryuk ransomware.

The Emotet gang have typically used their own botnets in a very service-oriented way: as a pay-as-you-go malware delivery network for other cybercriminals. A common malware chain might involve an Emotet infection to act as a malware delivery beachhead, followed by the Trickbot malware to scrape through your system and go after details such as on-line banking credentials, followed by an attack by ransomare such as Ryuk.