Mexico's Pemex Oil Suffers Ransomware Attack, $4.9 Million Demanded
Mexico's state-owned oil company, Pemex, has suffered a DoppelPaymer ransomware attack that demanded $4.9 million USD in order to decrypt their files. On Sunday, November 10th, Pemex was hit with a ransomware attack that the company states affected less than 5% of their computers. Workers reported, though, that internal memos told them not to initially turn on their computers, but were up and running again later in the day on Monday.
November 2019 Patch Tuesday: Actively exploited IE zero-day fixed
November 2019 Patch Tuesday comes with patches for an IE zero-day exploited by attackers in the wild and four Hyper-V escapes. Microsoft has delivered fixes for 74 vulnerabilities in various products, 13 of which are deemed to be critical. Adobe has plugged critical and important security holes in Illustrator CC (vector graphics editor), Media Encoder, Animate CC (animation software) and Bridge CC (asset manager).
US-CERT warns of critical flaws in Medtronic equipment
The United States Computer Emergency Readiness Team (US-CERT) has issued another warning about security flaws in medical equipment made by Medtronic. The problem this time is in the Valleylab FT10 (V4.0.0 and below) and Valleylab FX8 (v1.1.0 and below), electrosurgical generators used by surgeons for procedures such as cauterisation during operations.
‘Ransomware as a service’ threat targeting enterprise servers
An unusual ransomware strain, closely linked with forms used by known threat groups, is being used in targeted attacks against enterprise production servers. The malware has been dubbed PureLocker, because it's been written in the PureBasic programming language, and is fitted with several features that lend well to evasion. The cyber criminals behind PureLocker are also deploying a Linux variant to attack its targets' Linux infrastructure.
TrickBot trojan named the most dangerous threat to healthcare
The infamous Emotet and TrickBot trojans have been named as the two most popular attacks on healthcare organisations in 2019. Emotet detections surged at the beginning of 2019 but a huge wave of TrickBot threats in the second half of the year has placed it as the number one threat to healthcare organisations today. The number of threats presented by trojans, hijackers and riskware each grew by over 80% in 2019 compared to last year, according to Malwarebytes.
Latest Intel CPUs Affected by New TSX Speculative Attack
A new speculative vulnerability called ZombieLoad 2, or TSX Asynchronous Abort, has been disclosed today that targets the Transactional Synchronization Extensions (TSX) feature in Intel processors. Using this vulnerability, local attackers or malware can steal sensitive data from the operating system kernel or other processes. Performance in modern CPUs is increased through speculative execution, a feature that runs instructions in advance of knowing if they are needed or not.
