IT Security Newsletter - 9/6/19
$5.3M Ransomware Demand: Massachusetts City Says No Thanks
After a ransomware attack slapped a hefty payout demand of $5.3 million on New Bedford, Mass., the city announced that it is instead opting to pick up the pieces and restore what it can from backups itself. If the city had opted to pay, the payout would have been the largest known ransom payout for an attack yet. New Bedford is a city outside of Boston with a population of about 95,072 (making it the sixth-largest city in Massachusetts). The city was first infected on July 5, which it previously blamed on an unspecified virus.
Students Rejoice: School District Closed by Ransomware Attack
The summer school holiday has not ended for students in Flagstaff, Arizona, as a ransomware attack hitting the School District computers forces the decision to cancel classes for today. The schedule for tomorrow is uncertain. All schools are impacted by the incident and there are no after-school activities. The district learned of a "cybersecurity issue" on Wednesday morning.
FunkyBot Malware Intercepts Android Texts, 2FA Codes
An Android malware dubbed “FunkyBot” has started making the scene in Japan, operated by the same attackers responsible for the FakeSpy malware. It intercepts SMS messages sent to and from infected devices. According to FortiGuard Labs, the malware (named after logging strings found in the persistence mechanism of the payload) masquerades as a legitimate Android application.
Facebook, Microsoft Challenge Industry to Detect, Prevent ‘Deepfakes’
Facebook, Microsoft and a number of universities have joined forces to sponsor a contest promoting research and development to combat deepfakes, or videos altered through artificial intelligence (AI) to mislead viewers. The two tech giants have created the Deepfake Detection Challenge (DFDC), which aims to spur the industry to create technology that can detect and prevent deepfakes, according to a Facebook blog post attributed to company CTO Mike Schroepfer.
40% of IT Pros Would Outlaw Ransomware Payments
Research has revealed that 40% of IT security professionals think paying to retrieve data targeted by ransomware should be made illegal. The findings come from a survey of 145 security pros who visited AT&T's booth at this year's Black Hat USA in Las Vegas. Despite 60% of respondents saying that they wanted to have the option to pay ransomware without falling foul of the law, only 11% said that they would willingly splash their cash if targeted.
Critical Exim TLS Flaw Lets Attackers Remotely Execute Commands as Root
The Exim mail transfer agent (MTA) software is impacted by a critical severity vulnerability present in versions 4.80 up to and including 4.92.1. The bug allows local or unauthenticated remote attackers to execute programs with root privileges on servers that accept TLS connections. The flaw tracked as CVE-2019-15846 is "exploitable by sending an SNI ending in a backslash-null sequence during the initial TLS handshake" which leads to RCE with root privileges on the mail server.
Zero-day privilege escalation disclosed for Android
Researchers have disclosed a zero-day vulnerability in the Android operating system that gives a major boost to attackers who already have a toe-hold on an affected device. The privilege-escalation flaw is located in the V4L2 driver, which Android and other Linux-based OSes use to capture real-time video. The vulnerability results from a "lack of validating the existence of an object prior to performing operations on the object," researchers with Trend Micro's Zero Day Initiative said in a blog post published Wednesday.
Amazon AWS Outage Shows Data in the Cloud is Not Always Safe
A recent power outage outage at an Amazon AWS data facility and the resulting data loss for some customers shows that storing data in the cloud does not mean you do not also need a backup. This came to light after a tweet from author/programmer Andy Hunt went viral as he reminded people that hardware failure can happen anywhere and that hosting data in the cloud does not automatically make it safe.