Russian hacker group targets 100s of industrial enterprises, Ping Identity acquires Symphonic Software, and more

Originally published at:

Round Up of Major Breaches and Scams

Russian Hacker Group Continues Stealing Money From Industrial Enterprises

A Russian-speaking threat actor has been targeting hundreds of industrial enterprises for more than two years, Kaspersky’s security researchers report. Focused on companies in Russia, the ongoing attacks are highly targeted, leveraging phishing emails for malware deployment. In some cases, legitimate documents that were stolen in previous attacks are leveraged for social engineering. Another characteristic of these attacks is the use of remote administration utilities, including Remote Manipulator System/Remote Utilities (RMS) and TeamViewer.

Ping Identity Acquires Symphonic Software to Boost Enterprise Security

Intelligent identity solutions provider Ping Identity has acquired authorization solutions provider Symphonic Software to help enterprises prevent cyber risks and enhance their cybersecurity posture. The acquisition integrates Symphonic’s authorization platform with Ping’s data privacy and consent products, allowing enterprises to centralize administration and enforcement to critical resources.

Round Up of Major Malware and Ransomware Incidents

Israeli companies targeted with new Pay2Key ransomware

Several companies and large corporations from Israel have been breached and had their systems encrypted using a new strain of ransomware named Pay2Key, in what appears to be a targeted attack against Israeli networks. The first attacks were seen in late October but have now grown in numbers while also remaining contained to Israel. “As days go by, more of the reported ransomware attacks turn out to be related to the new Pay2Key ransomware,” Israeli cyber-security firm Check Point said in a security alert published today.

Ransomware Groups Posting Stolen Data Even After Payment

Ransomware gangs are increasingly likely to break their promise not to leak stolen data once a victim has paid them, Coveware has warned. The security vendor claimed in its analysis of Q3 2020 that data exfiltration is now a part of almost half of all ransomware attacks — used to drive monetization among victim organizations that have backed up. However, the tactic has now reached a tipping point, with groups such as Sodinokibi, Maze, Netwalker, Mespinoza and Conti starting to publish data even after payment, and/or demand a second ransom be paid to prevent publication, Coveware claimed.

Round Up of Major Vulnerabilities and Patches

Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched

Cisco has disclosed a zero-day vulnerability – for which there is not yet a patch – in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software. While Cisco said it is not aware of any exploits in the wild for the vulnerability, it said Proof-of-Concept (PoC) exploit code has been released, opening up risks of cybercriminals potentially leveraging the flaw. The flaw (CVE-2020-3556) is an arbitrary code execution vulnerability with a CVSS score of 7.3 out of 10, making it high severity.

183 Brit local authorities operate 80,000 CCTV cams between them, says surveillance watchdog

“There are over 6,000 systems and 80,000 cameras in operation across 183 LAs!” So exclaimed the UK’s outgoing Surveillance Camera Commissioner as he detailed just how many council CCTV cameras there are across the nation. In a public plea asking councils to take compliance with surveillance laws seriously, Tony Porter lifted the lid on the scale and depth of CCTV camera deployment across Great Britain.

1 Like