Security News > 2020 > December

Carnegie Mellon University PhD student Aqsa Kashaf and her advisors Dr. Vyas Sekar and Dr. Yuvraj Agarwal have analyzed third party service dependencies in modern web services, with a special focus on DNS, CDN, and SSL certificate revocation checking by CA. Their research was meant to determine if incidents like the 2016 Dyn DDoS attack, the 2016 GlobalSign certificate revocation error and the 2019 Amazon Route 53 DDoS attack would lead to similar results in 2020. "6% of the top-100K websites that were critically dependent in 2016, have moved to a private DNS in 2020. On the other hand, 10.7% of the websites which used a private DNS in 2016, have moved to a single third party DNS provider. Between these snapshots, redundancy has remained roughly similar. Overall, critical dependency has increased by 4.7% in 2020. More popular websites have decreased their critical dependency," they noted.

School continues to be out for more than 100,000 students in Baltimore County following a ransomware attack on the district's network. The Baltimore Sun reported Monday that Superintendent Darryl L. Williams said he has no timeline for when school will resume.

November saw a spike in phishing emails spoofing shipping companies such as DHL, Amazon, and FedEx, says Check Point Research. A blog post published Tuesday by cyber threat intelligence provider Check Point Research examines the recent spike in phishing email notifications that impersonate popular shipping companies and offers advice on how to defend yourself against these types of scams.

A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, running a service that launched distributed denial-of-service attacks, and for possessing sexually explicit images of minors. Timothy Dalton Vaughn from Winston-Salem, N.C. was a key member of the Apophis Squad, a gang of young ne'er-do-wells who made bomb threats to more than 2,400 schools and launched DDoS attacks against countless Web sites - including KrebsOnSecurity on multiple occasions.

New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer. NPM is a JavaScript package manager that allows developers and users to download packages and integrate them into their projects.

Brazilian airplane maker Embraer on Monday disclosed a cyberattack that, according to some reports, involved ransomware. Embraer manufactures commercial, executive, military, and agricultural aircraft, and its website says the company is the third largest commercial jets maker, with more than 8,000 airplanes delivered to date.

Just in time for a busy online holiday shopping season, the Magecart gang has come up with a new credit-card skimming technique for hijacking PayPal transactions during checkout. Magecart is an umbrella term encompassing several different threat groups who all use the same attack method: They compromise e-commerce websites to inject card-skimming scripts on checkout pages, stealing unsuspecting customers' payment card details and other information entered into the fields on the page.

A nation-state threat actor was observed using cryptocurrency miners to avoid attracting too much attention and establish persistence in targeted networks, Microsoft reported on Monday. BISMUTH's use of coin miners is consistent with its methods of blending in.

Nowhere is that more clear than in a case heard in the US Supreme Court on Monday, covering a cop - former police sergeant Nathan Van Buren - who was convicted of breaking the Computer Fraud and Abuse Act in 2017 after using his access to a police database of license plate numbers to look up the owner of a specific car for a cash payment. Van Buren's lawyer, Jeffrey Fisher, argued that once someone is authorized to access a database, such a cop authorized to use a plate database, that's pretty much it - you can't be found guilty of fraud under the CFAA. The law, he argued, was intended only to address hacking - and his client didn't hack the computer.

Researchers at the time said that they were able to launch inaudible commands by shining lasers - from as far as 360 feet - at the microphones on various popular voice assistants, including Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant. They broadened their research to show how light can be used to manipulate a wider range of digital assistants - including Amazon Echo 3 - but also sensing systems found in medical devices, autonomous vehicles, industrial systems and even space systems.