Security News
75% of all 56 U.S. states and territories leading up to the presidential election, showed signs of a vulnerable IT infrastructure, a SecurityScorecard report reveals. Since most state websites offer access to voter and election information, these findings may indicate unforeseen issues leading up to, and following, the US election.
This week we also learned that the ThunderX ransomware was part of Ako Ransomware, who renamed their operation Ranzy Locker. City of Mt. Pleasant falls victim to remote ransomware attack The City of Mt. Pleasant has fallen victim to a ransomware attack, that is according to city officials.
The US Department of Justice, together with government representatives from six other countries, has recently re-ignited the perennial Battle to Break Encryption. Modern encryption schemes don't just encrypt network traffic with your long-term encryption keys, but add in what are known as ephemeral keys into the mix - one-time encryption secrets for each communication session that are discarded after use.
Britain's National Crime Agency arrested six men in London on suspicion of laundering "Tens of millions" for the Trickbot and Dridex banking malware gangs, the not-quite-police agency declared today. The six, a mixture of British and Eastern European citizens, were arrested around a year ago, said the NCA as EU police agency Europol jointly boasted of a further 14 arrests in the political bloc, the US and Australia.
American financial regulators in New York have demanded Twitter be subject to harsher rules following the July hacks of prominent users' accounts - as CEO Jack Dorsey furiously backpedals after his website censored a news article from a US newspaper. The New York State Department of Financial Services demanded that Twitter be subject to more "Cybersecurity protections", controlled and overseen, naturally, by itself.
The United States Cyber Command warns that users should apply the latest patches for Microsoft software to ensure they won't fall victim to exploitation attempts. The most important of these issues, US Cyber Command points out, is CVE-2020-16898, a critical bug in the Windows TCP/IP stack that can be triggered remotely to potentially achieve remote code execution on the victim machine.
The new configuration file pushed on Sept. 22 told all systems infected with Trickbot that their new malware control server had the address 127.0.0.1, which is a "Localhost" address that is not reachable over the public Internet, according to an analysis by cyber intelligence firm Intel 471. U.S. Cyber Command's campaign against the Trickbot botnet, an army of at least 1 million hijacked computers run by Russian-speaking criminals, is not expected to permanently dismantle the network, said four U.S. officials, who spoke on the condition of anonymity because of the matter's sensitivity.
US Cyber Command warns Microsoft customers to immediately patch their systems against the critical and remotely exploitable CVE-2020-16898 vulnerability addressed during this month's Patch Tuesday. "Update your Microsoft software now so your system isn't exploited: CVE-2020-16898 in particular should be patched or mitigated immediately, as vulnerable systems could be compromised remotely," US Cyber Command said in a tweet earlier today,.
An order granted by the US District Court for Eastern Virginia authorised Microsoft and chums to "Disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the Trickbot operators to purchase or lease additional servers." Jean-Ian Boutin, head of threat research, said: "Over the years we've tracked it, Trickbot compromises have been reported in a steady manner, making it one of the largest and longest-lived botnets out there. Trickbot is one of the most prevalent banking malware families, and this malware strain represents a threat for internet users globally."
Government-backed hackers have compromised and gained access to US elections support systems by chaining together VPN vulnerabilities and the recent Windows CVE-2020-1472 security flaw. "Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks," says a joint security advisory published by CISA and the FBI. Despite that, CISA added that it is "Aware of some instances where this activity resulted in unauthorized access to elections support systems."