Chrome 87 released with fix for NAT Slipstream attacks, COVID-19 Antigen Firm Hit by Malware Attack, and more

Originally published at:

Round Up of Major Breaches and Scams

Office 365 phishing campaign detects sandboxes to evade detection

Microsoft is tracking an ongoing Office 365 phishing campaign that makes use of several methods to evade automated analysis in attacks against enterprise targets. The campaign uses timely lures relevant to remote work, like password updates, conferencing info, helpdesk tickets, etc.

Over 80,000 ID Cards and Fingerprint Scans Exposed in Cloud Leak

A US-based used electronics retailer TronicsXchange, previously trading as GreenElectronicsExchange (GEEx), has exposed over 2.6 million files, including ID cards and biometric images, after a misconfigured AWS S3 bucket was discovered. A random scan for server vulnerabilities led to the discovery of the wide open S3 bucket on October 12 2020.

Round Up of Major Malware and Ransomware Incidents

Chaes malware strikes customers of Latin America’s largest e-commerce platform

Previously unknown malware has been detected in widespread attacks against e-commerce customers in Latin America. The malware, dubbed Chaes by Cybereason Nocturnus researchers, is being deployed by a threat actor across the LATAM region to steal financial information. Brazilian customers of the area’s largest e-commerce company, MercadoLivre, are the focus of the infostealing malware.

Ransomware attack forces web hosting provider to take servers offline, one of the biggest providers of managed web hosting solutions, has taken down all its servers in order to deal with a ransomware attack, ZDNet has learned today. The attack took place on Monday, November 16, and the ransomware impacted the company’s public-facing web hosting systems, resulting in some customer sites having their data encrypted.

COVID-19 Antigen Firm Hit by Malware Attack

Global biotech firm Miltenyi, which supplies key components necessary for COVID-19 treatment research, has been battling a malware attack. Over the past two weeks, Miltenyi has been battling a malware attack on its IT infrastructure, the company said in a recent disclosure to its customers.

Round Up of Major Vulnerabilities and Patches

Multiple Industrial Control System Vendors Warn of Critical Bugs

Industrial control system firms Real Time Automation and Paradox both warned of critical vulnerabilities on Tuesday that opened systems up to remote attacks by adversaries. Flaws are rated 9.8 out of 10 in severity. The Real Time Automation bug is traced back to a component made by Claroty.

Chrome 87 released with fix for NAT Slipstream attacks, broader FTP deprecation

Google has released today version 87 of its Chrome browser, a release that comes with a security fix for the NAT Slipstream attack technique and a broader deprecation of the FTP protocol. Todays’ release is available for Windows, Mac, Linux, Chrome OS, Android, and iOS.

Cisco Patches Critical Flaw After PoC Exploit Code Release

A day after proof-of-concept (PoC) exploit code was published for a critical flaw in Cisco Security Manager, Cisco has hurried out a patch. The application has a vulnerability that could allow remote, unauthenticated attackers to access sensitive data on affected systems. The flaw (CVE-2020-27130) has a CVSS score of 9.1 out of 10, making it critical.

Firefox 83 boosts security with HTTPS-Only mode, zero-day fix

Mozilla Firefox 83 was released today with a new feature called ‘HTTPS-Only Mode’ that secures your browsing sessions by rewriting URLs to secure HTTPS versions. Windows, Mac, and Linux desktop users can upgrade to Firefox 83 by going to Options -> Help -> About Firefox.

1 Like