<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 10/13/2020

Hacking

Law Firm Seyfarth Shaw Hit by Damaging Ransomware Attack

International law firm Seyfarth Shaw LLP has shut down many of its systems after being hit with a ransomware attack. Founded in 1945 in Chicago, Illinois, Seyfarth has over 900 lawyers across 17 offices, providing clients all around the world with advisory, litigation, and transactional legal services. The Am Law 100 firm serves more than 300 of the Fortune 500 companies. Over the weekend, the company fell victim to a ransomware attack that spread aggressively across its network and forced it to shut down its email service. READ MORE...


Hackers hack Hackney: Local government cries 'cyberattack' while UK infosec officials rush to figure out what happened

Hackney Council in East London has declared that it was hit by a "cyberattack" - but both the authority and officials from the National Cyber Security Centre (NCSC) remain tight-lipped about what actually happened. In a statement published on the council website this morning, local mayor Philip Glanville said: "Hackney Council has been the target of a serious cyberattack, which is affecting many of our services and IT systems." Worryingly for the public, neither the council nor the NCSC appears to be in control of said "cyberattack". READ MORE...


Hackers Publish Public School District's Stolen Data Online

Computer hackers who obtained information about a Virginia public school district's students and employees have posted stolen data online, school officials said Friday in an email to parents and staff. The Fairfax County Public Schools didn't specify the nature or volume of the data that was stolen in the ransomware attack last month. Hackers use ransomware software to steal data and threaten to publish or block access to it unless a target pays a ransom. READ MORE...


TrickBot Takedown Disrupts Major Crimeware Apparatus

The TrickBot trojan has been dealt a serious blow thanks to a coordinated action led by Microsoft that disrupted the botnet that spreads it. However, researchers warn that the operators will quickly try to revive their operations. TrickBot is known for spreading other malware, especially ransomware. Microsoft said this week that the United States District Court for the Eastern District of Virginia granted a request for a court order to halt TrickBot's operations, which it carried out in concert with other firms. READ MORE...

Software Updates

Windows 10 upgrades blocked after installing KB4577062

Microsoft says that customers who install the optional KB4577062 update for Windows 10 versions 1903 and 1909 will encounter issues upgrading to newer Windows 10 versions on some devices. KB4577062 was released on September 16, 2020, with the main highlight being that it enables an Internet Explorer 11 notification to inform users about Adobe Flash's end of support in December 2020. As Microsoft says, after installing KB4577062 users will receive compatibility warnings when trying to update the OS to newer versions. READ MORE...

Malware

BazarLoader used to deploy Ryuk ransomware on high-value targets

The TrickBot gang operators are increasingly targeting high-value targets with the new stealthy BazarLoader trojan before deploying the Ryuk ransomware. For years, the TrickBot gang has been using their trojan to compromise enterprise networks by downloading different software modules used for specific behavior such as stealing passwords, spreading to other machines, or even stealing a domain's Active Directory database. As these modules have become heavily analyzed over time, security solutions have become better. READ MORE...

Information Security

Anatomy of Ryuk Attack: 29 Hours From Initial Email to Full Compromise

An attack involving the Ryuk ransomware required 29 hours from an email being sent to the target to full environment compromise and the encryption of systems, according to the DFIR Report, a project that provides threat intelligence from real attacks observed by its honeypots. Initially detailed in 2018, Ryuk was believed to be the work of North Korean hackers at first, due to similarities with the Hermes ransomware, but was then associated with Russian cybercriminals. READ MORE...

Exploits/Vulnerabilities

Acronis Patches Privilege Escalation Flaws in Backup, Security Solutions

Acronis has released patches for its True Image, Cyber Backup, and Cyber Protect products to address vulnerabilities that could lead to elevation of privileges. The flaws could allow unprivileged Windows users to run code with SYSTEM privileges, a vulnerability note from the CERT Coordination Center (CERT/CC) reveals. Tracked as CVE-2020-10138 (CVSS score 8.1), the first of the bugs affects Acronis Cyber Backup 12.5 and Cyber Protect 15 and resides in a privileged service that uses "an OpenSSL component. READ MORE...


Online Infrastructure Security Firm Cyberpion Emerges From Stealth

Online infrastructure security solutions provider Cyberpion on Tuesday emerged from stealth mode after raising $8.25 million in seed funding. Aiming to help organizations gain visibility into and secure their online ecosystem, the Tel Aviv, Israel-based cybersecurity startup provides security teams with a platform that they can leverage to identify and neutralize the risks posed by vulnerabilities in their online assets. Enterprises leverage third-party solutions to improve their market presence and operations. READ MORE...

Science & Culture

Google Responds to Warrants for "About" Searches

One of the things we learned from the Snowden documents is that the NSA conducts "about" searches. That is, searches based on activities and not identifiers. A normal search would be on a name, or IP address, or phone number. An about search would something like "show me anyone that has used this particular name in a communications," or "show me anyone who was at this particular location within this time frame." These searches are legal when conducted for the purpose of foreign surveillance. READ MORE...

On This Date

  • ...in 1775, The Continental Congress authorizes construction of two warships, thus instituting an American naval force.
  • ...in 1941, singer-songwriter Paul Simon ("50 Ways to Leave Your Lover", "Bridge Over Troubled Water") is born in Newark, NJ.
  • ...in 1958, Michael Bond's children's book "A Bear Called Paddington" is first published, introducing the classic title character.
  • ...in 2010, all 33 Chilean miners trapped by a cave-in are rescued, after spending more than 69 days underground.