IT Security Newsletter

IT Security Newsletter - 1/27/2020

Written by Cadre | Mon, Jan 27, 2020

Tampa Bay Times struck by ransomware, joining a growing club of hacked media outlets

The Tampa Bay Times became the latest major U.S. news organization to be infected with ransomware Thursday when the virus known as Ryuk forced the newspaper to activate incident response plans. The company reported on Jan. 23 that the ransomware had infiltrated its systems, though exactly how the attack occurred remains unclear. Hackers did not compromise any data, such as payment or customer information, the Times reported, and the paper expected to recover by restoring its system from backup files.

Instagram CEO’s homes were targetted by SWATters

The US has no central system for recording SWATting attacks, but there is growing evidence the problem is going from bad to worse. According to The New York Times, the latest victim was Instagram CEO Adam Mosseri, whose houses in New York and San Francisco were surrounded in early November by heavily armed SWAT (Special Weapons and Tactics) teams after hoax phone calls claimed hostages were being held there.

City of Potsdam Servers Offline Following Cyberattack

The City of Potsdam severed the administration servers' Internet connection following a cyberattack that took place earlier this week. Potsdam is the largest city and the capital of the German federal state of Brandenburg, bordering the German capital, Berlin. The systems of the Brandenburg capital are still offline after the unauthorized access to the Potsdam administration's servers was noticed on Tuesday and their Internet connection was shut down on Wednesday evening to prevent data exfiltration.

PoC Exploits Created for Recently Patched 'BlueGate' Windows Server Flaws

Proof-of-concept (PoC) exploits have been released for two recently patched Remote Desktop Gateway vulnerabilities that can be exploited for remote code execution. Remote Desktop Gateway (RD Gateway) is a Windows Server component previously known as Terminal Services Gateway. The use of RD Gateway, which provides RDP routing, should reduce the attack surface as organizations don’t have to directly expose their RDP servers to the internet.

Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings

Cisco Systems has fixed a high-severity vulnerability in its popular Webex video conferencing platform, which could let strangers barge in on password-protected meetings – no authentication necessary. A remote attacker would not need to be authenticated to exploit the flaw, according to Cisco. All an attacker would need is the meeting ID and a Webex mobile application for either iOS or Android.

Krebs on Security: Does Your Domain Have a Registry Lock?

If you’re running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company’s domain name and doing whatever they wish with it. Even so, most major Web site owners aren’t taking full advantage of the security tools available to protect their domains from being hijacked. Here’s the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers.