IT Security Newsletter

IT Security Newsletter - 10/26/2020

Written by Cadre | Mon, Oct 26, 2020

Hackers breach psychotherapy center, use stolen health data to blackmail patients

News of an unusual data breach at a psychotherapy center in Finland broke over the weekend, after affected patients began receiving emails telling them to pay up or risk their personal and health data being publicly released. Therapist session notes of some 300 patients have already been published on a Tor-accessible site on the dark web. Among the victims are Finnish politicians (e.g., Member of Parliament Eeva-Johanna Eloranta) and minors. What is known about the data breach at the psychotherapy center? READ MORE...

Report: Ransomware Disables Georgia County Election Database

A ransomware attack that hobbled a Georgia county government in early October reportedly disabled a database used to verify voter signatures in the authentication of absentee ballots. It is the first reported case of a ransomware attack affecting an election-related system in the 2020 cycle. Federal officials and cybersecurity experts are especially concerned that ransomware attacks - even ones that don't intentionally target election infrastructure - could disrupt voting and damage confidence in the integrity of the Nov. 3 election. READ MORE...

Nando's Hackers Feast on Customer Accounts

Multiple chicken diners said their usernames and passwords were stolen and the accounts used to place high-volume orders. Diners at a popular chicken-dinner chain have seen hundreds of dollars siphoned out of their bank accounts, after cybercriminals were able to access their restaurant ordering credentials. The issue though is that payment-card information is not stored within Nando's accounts, leaving some questions as to how the hacks occurred. The Nando's chain of Peri-Peri chicken eateries is a fixture on most main drags in U.K. READ MORE...

Louisiana Calls Out National Guard to Fight Ransomware Surge

An investigation showed a custom backdoor RAT and the Emotet trojan in the networks of municipal victims of the attacks. The National Guard has been called in to help stop a series of government-focused ransomware attacks in Louisiana, according to a report. Local government offices across the Pelican State have been besieged by ransomware strikes, according to a cybersecurity consultant speaking to Reuters, with "evidence suggesting a sophisticated hacking group was involved." READ MORE...

Hackers behind life-threatening attack on chemical-maker are sanctioned

It's now unlawful for US persons to transact with lab owned by the Russian government. Russian state nationals accused of wielding life-threatening malware specifically designed to tamper with critical safety mechanisms at a petrochemical plant are now under sanction by the US Treasury Department. The attack drew considerable concern because it's the first known time hackers have used malware designed to cause death or injury, a prospect that may have actually happened had it not been for a lucky series of events. READ MORE...

Emotet malware now wants you to upgrade Microsoft Word

Emotet switched to a new template this week that pretends to be a Microsoft Office message stating that Microsoft Word needs to be updated to add a new feature. Emotet is a malware infection that spreads through emails containing Word documents with malicious macros. When opening these documents, their contents will try to trick the user into enabling macros so that the Emotet malware will be downloaded and installed on the computer. Once the malware is installed, Emotet will use the computer to send spam emails. READ MORE...

Apple Notarizes Six New Variants of 'MacOffers' Adware

Apple has inadvertently given the thumbs up to six new malware variants, according to researchers at Mac security solutions provider Intego. Notarization is an approval process through which macOS software is scanned before being delivered to users, to identify possible malicious code before it can do any harm. The process was introduced in macOS 10.15 (Catalina) and results in code that lacks this stamp of trust being automatically blocked. Application developers have the possibility to submit their software to Apple for scanning purposes. READ MORE...

Attackers finding new ways to exploit and bypass Office 365 defenses

Over the six-month period from March to August 2020, over 925,000 malicious emails managed to bypass Office 365 defenses and well-known secure email gateways (SEGs), an Area 1 Security study reveals. How criminals bypass Office 365 defenses: Attackers increasingly use highly sophisticated, targeted campaigns like business email compromise? to evade traditional email defenses, which are based on already-known threats. Attackers also often? ?use Microsoft's own tools and branding to bypass legacy defenses. READ MORE...

DNS attacks increasingly target service providers

The telecommunications and media sector is the most frequent victim of DNS attacks, according to EfficientIP. DNS attacks on service providers. According to the IDC 2020 Global DNS Threat Report, organizations in the sector experienced an average of 11.4 attacks last year, compared to 9.5 attacks across industries. Overall, 83% of service provider organizations experienced a DNS attack. In addition to being well above the overall average of 79%, a successful attack on telecommunications providers can have especially far reaching consequences. READ MORE...

HPE Patches Two Critical, Remotely Exploitable Vulnerabilities

Hewlett Packard Enterprise has released patches for two critical vulnerabilities, one identified in StoreServ Management Console and the other affecting BlueData EPIC Software Platform and Ezmeral Container Platform. The most severe of these issues was identified in HPE StoreServ Management Console (SSMC) 3.7.0.0 and could be exploited to remotely bypass authentication protections. Tracked as CVE-2020-7197, the vulnerability features a CVSS score of 10. SSMC is an off node web-based console that provides support for the management of multiple arrays. READ MORE...

Adapt cybersecurity programs to protect remote work environments

Earlier this year, businesses across the globe transitioned to a remote work environment almost overnight at unprecedented scale and speed. Security teams worked around the clock to empower and protect their newly distributed teams. Protect and support a remote workforce. Cisco's report found the majority of organizations around the world were at best only somewhat prepared in supporting their remote workforce. But, it has accelerated the adoption of technologies that enable employees to work securely from anywhere and on any device. READ MORE...

  • ...in 1774, The first Continental Congress, which protested British measures and called for civil disobedience, concludes in Philadelphia.
  • ...in 1881, the Earp brothers and Doc Holliday have a shootout with the Clantons and McLaurys at the O.K. Corral in Tombstone, Arizona Territory.
  • ...in 1940, The P-51 Mustang makes its maiden flight.
  • ...in 1965, the Queen of England awards the Beatles the prestigious MBE at Buckingham Palace.