IT Security Newsletter - 12/16/2020
Senators press Treasury to speak about breach, planned response to hackers
Two key Senate Democrats extensively questioned the U.S. Treasury Department on Tuesday about its reported data breach, a subject it has been less forthcoming about than the other federal agencies swept into the compromise of SolarWinds software. The senators, Sherrod Brown of Ohio and Ron Wyden of Oregon, also want to know whether Treasury plans to sanction the attackers and if it has begun evaluating the overall damage to the economy of the cyber-espionage campaign. READ MORE...
Ransomware attack causing billing delays for Missouri city
The City of Independence, Missouri, suffered a ransomware attack last week that continues to disrupt the city's services. At the beginning of the month, Independence suffered a ransomware attack that forced them to shut down their IT system as they recovered from the attack. "The City of Independence recently experienced an event that resulted in technical difficulties and disruption to multiple services. It appears that these disruptions are the result of a ransomware event [...]". READ MORE...
Gitpaste-12 Worm Widens Set of Exploits in New Attacks
The Gitpaste-12 worm has returned in new attacks targeting web applications, IP cameras and routers, this time with an expanded set of exploits for initially compromising devices. First discovered in a round of late-October attacks that targeted Linux-based servers and internet-of-things (IoT) devices, the botnet utilizes GitHub and Pastebin for housing malicious component code, has at least 12 different attack modules and includes a cryptominer that targets the Monero cryptocurrency. READ MORE...
Ransomware gangs automate payload delivery with SystemBC malware
SystemBC, a commodity malware sold on underground marketplaces, is being used by ransomware-as-a-service (RaaS) operations to hide malicious traffic and automate ransomware payload delivery on the networks of compromised victims. The malware, first spotted in 2018 and used in several 2019 campaigns as a "virtual private network", has allowed ransomware gangs and their affiliates to deploy a persistent backdoor on the targets' systems in the form of a Tor SOCKS5 proxy. READ MORE...
Agent Tesla Keylogger Gets Data Theft and Targeting Update
Six-year-old keylogger malware called Agent Tesla has been updated again, this time with expanded targeting and improved data exfiltration features. Agent Tesla first came into the scene in 2014, specializing in keylogging (designed to record keystrokes made by a user in order to exfiltrate data like credentials and more) and data-stealing. Since then keylogger has only gained momentum - showing up in more attacks in the first half of 2020 compared to the infamous TrickBot or Emotet malware. READ MORE...
Threat profile: Egregor ransomware is making a name for itself
Egregor ransomware is a relatively new ransomware (first spotted in September 2020) that seems intent on making its way to the top right now. Egregor is considered a variant of Ransom.Sekhmet based on similarities in obfuscation, API-calls, and the ransom note. As we've reported in the past, affiliates that were using Maze ransomware started moving over to Egregor even before the Maze gang officially announced they were calling it quits. Egregor has already targeted some well-known victims. READ MORE...
UK proposes new powers for comms regulator to legally unleash avenging hordes on security-breached telcos
Britain's Telecommunications Security Bill will allow anyone to sue their telco if they suffer "loss or damage" as a result of a system breach - but only if they get Ofcom's permission. The far-ranging proposal is in the new bill, which was introduced to Parliament back in November amid lots of government boasts of a crackdown on Huawei and other Chinese telco equipment makers. Yet buried in the details away from the China-bashing stuff is a potentially heavy stick. READ MORE...
Vulnerabilities in Medtronic Product Can Allow Hackers to Control Cardiac Devices
Vulnerabilities discovered in Medtronic's MyCareLink Smart 25000 Patient Reader product could be exploited to take control of a paired cardiac device. Designed to obtain information from a patient's implanted cardiac device, the MCL Smart Patient Reader then sends the data to the Medtronic CareLink network, to facilitate care management, through the patient's mobile device. Three vulnerabilities discovered by researchers at IoT security firm Sternum in the MCL Smart Model 25000. READ MORE...
EU, Britain to Toughen Rules, Fines for Tech Giants
Big tech companies face hefty fines in the European Union and Britain if they treat rivals unfairly or fail to protect users on their platforms, in proposed regulations unveiled Tuesday by officials in Brussels and London. The EU outlined the long-awaited, sweeping overhaul of its digital rulebook while the British government released its own plans to step up policing of harmful material online, signaling the next phase of technology regulation in Europe. READ MORE...
- ...in 1770, classical composer and pianist Ludwig van Beethoven is born in Bonn, Germany.
- ...in 1773, the Sons of Liberty stage the "Boston Tea Party", a protest against British taxation of the American colonies without representation in Parliament.
- ...in 1775, English novelist Jane Austen ("Sense and Sensibility", "Pride and Prejudice") is born in Hampshire, England.
- ...in 1949, Swedish aerospace company Saab builds its first automobile at its production facility in Trollhattan.