The Weekly Roundup (2020-November-14)
2020 – November 09
The group Luxottica (who owns LensCrafters, Target Optical, and EyeMed) just recently disclosed a data breach that occurred on August 5, 2020. The breach came from their online appointment scheduling system.
Security Researcher discovered the “xhunt campaign”, that uses a PowerShell-based scripts (TriFive and Snugy), that provides backdoor access to Exchange server. This campaign has been active since July 2018 targeting the government of Kuwait.
2020 – November 10
Hackers recently attacked the main data center of the University of Vermont (UVM) Health network, the cyberattack impacted the chemotherapy, mammogram and screening appointment system.
Malicious fake ads has recently been seen as Microsoft Teams updates used ransomware operators. The fake ads are used to infect the systems that uses backdoors that deploys Cobalt Strike. The fake ads lure users into installing these fake updates, which then poisons search results.
Attackers have been deploying Cobalt Strike tool that allows remote access to Oracle Weblogic Servers. The vulnerability is tracked as CVE-2020-14882.
2020 – November 11
Facebook ads has recently been discovered that has been started by Ragnar Locker ransomware gang, that has been used to extort victims. The gang store 2TB of data from the Campari Group network, they proceeded by encrypting the network and demanding a ransom of $15 million dollars.
Security Researchers have discovered new side-channel vulnerabilities named Platypus, which enables the attackers to steal sensitive data from Intel CPUs. (CVE-2020-8695, CVE-2020-8696, and CVE-2020-8698)
Platypus is short for:
Power Leakage Attacks: Targeting Your Protected User Secrets, targets the RAPL (Running Average Power Limit) interface of Intel processors
2020 – November 12
Hackers recently attacked a medical billing and reimbursement company based in Iowa. They suffered a ransomware attack between 2020-Feb-12 and 2020-Mar-4. The personally identifiable information accessed was names, dates of birth, Medicaid identification numbers, and billing information.
The Muhstik botnet has recently upgraded to also target vulnerabilities related to Oracle Weblogic server and Drupal.
High severity vulnerabilities related to Cisco’s IOS XR software, which allows remote hackers to disable Cisco Aggregation Services Routers (ASR). With a CVSS score of 8.6/10, the vulnerability can be exploited by sending specifically crafted layer 2 and layer 3 data to vulnerable devices. Cisco has patches with Cisco IOS XR Software releases 6.7.2 or 7.1.2 and later.
2020 – November 13
Security Researchers from University of California and Tsinghua University has discovered series of critical security flaws that could lead to a revival of DNS cache poisoning attacks. The attacks allows an off-path attacker to inject malicious DNS records into DNS cache. This vulnerability is being tracked as CVE-2020-25705.