The Weekly Roundup (2020-November-14)
2020 – November 09
Breaches Reported
The group Luxottica (who owns LensCrafters, Target Optical, and EyeMed) just recently disclosed a data breach that occurred on August 5, 2020. The breach came from their online appointment scheduling system.
Malware Reported
Security Researcher discovered the “xhunt campaign”, that uses a PowerShell-based scripts (TriFive and Snugy), that provides backdoor access to Exchange server. This campaign has been active since July 2018 targeting the government of Kuwait.
2020 – November 10
Breaches Reported
Hackers recently attacked the main data center of the University of Vermont (UVM) Health network, the cyberattack impacted the chemotherapy, mammogram and screening appointment system.
Malware Reported
Malicious fake ads has recently been seen as Microsoft Teams updates used ransomware operators. The fake ads are used to infect the systems that uses backdoors that deploys Cobalt Strike. The fake ads lure users into installing these fake updates, which then poisons search results.
Vulnerabilities Reported
Attackers have been deploying Cobalt Strike tool that allows remote access to Oracle Weblogic Servers. The vulnerability is tracked as CVE-2020-14882.
2020 – November 11
Breaches Reported
Facebook ads has recently been discovered that has been started by Ragnar Locker ransomware gang, that has been used to extort victims. The gang store 2TB of data from the Campari Group network, they proceeded by encrypting the network and demanding a ransom of $15 million dollars.
Vulnerabilities Reported
Security Researchers have discovered new side-channel vulnerabilities named Platypus, which enables the attackers to steal sensitive data from Intel CPUs. (CVE-2020-8695, CVE-2020-8696, and CVE-2020-8698)
Platypus is short for:
Power Leakage Attacks: Targeting Your Protected User Secrets, targets the RAPL (Running Average Power Limit) interface of Intel processors2020 – November 12
Breaches Reported
Hackers recently attacked a medical billing and reimbursement company based in Iowa. They suffered a ransomware attack between 2020-Feb-12 and 2020-Mar-4. The personally identifiable information accessed was names, dates of birth, Medicaid identification numbers, and billing information.
Malware Reported
The Muhstik botnet has recently upgraded to also target vulnerabilities related to Oracle Weblogic server and Drupal.
Vulnerabilities Reported
High severity vulnerabilities related to Cisco’s IOS XR software, which allows remote hackers to disable Cisco Aggregation Services Routers (ASR). With a CVSS score of 8.6/10, the vulnerability can be exploited by sending specifically crafted layer 2 and layer 3 data to vulnerable devices. Cisco has patches with Cisco IOS XR Software releases 6.7.2 or 7.1.2 and later.
2020 – November 13
Vulnerabilities Reported
Security Researchers from University of California and Tsinghua University has discovered series of critical security flaws that could lead to a revival of DNS cache poisoning attacks. The attacks allows an off-path attacker to inject malicious DNS records into DNS cache. This vulnerability is being tracked as CVE-2020-25705.
Recent Posts
Posts by Month
- November 2024 (1)
- October 2024 (1)
- August 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- October 2023 (1)
- February 2023 (1)
- November 2021 (2)
- October 2021 (1)
- December 2020 (2)
- November 2020 (2)
- October 2020 (4)
- September 2020 (1)
- August 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2018 (1)
- March 2018 (5)
- February 2018 (3)
- January 2018 (5)
- December 2017 (3)
- November 2017 (3)
- October 2017 (6)
- May 2017 (1)
- January 2016 (3)
- November 2015 (1)
- October 2015 (1)