Round Up of Major Breaches and Scams
Trading ground to a halt for around three hours early Monday in Amsterdam, Brussels, Dublin, Lisbon and Paris, and the French market closed late, before issuing a statement that most trades made after 5:30 local time (1530 GMT) would be annulled. “It was not a cyber attack,” a Euronext spokesman insisted. “It was a technical problem that has been resolved at the middleware level, one of the systems that ensures the persistance of data,” he told AFP.
President Vladimir Putin’s spokesman Dmitry Peskov described US charges against six Russian intelligence officers as “rampant Russophobia which, of course, have nothing to do with reality.” The US Justice Department, which announced the charges against the GRU agents Monday, also said Russian intelligence was behind the “NotPetya” malware attack that infected computers of businesses worldwide, causing nearly $1 billion in losses to three US companies alone.
One of the most prolific cyber-espionage groups linked to Iran has used old tricks — and perhaps a new hacking tool — in dozens of attempts to breach government and telecommunications operators in the Middle East in recent months, security researchers said Wednesday. The hacking attempts have hit organizations in Iraq, Kuwait, Turkey and the United Arab Emirates, according to researchers at security provider Symantec.
Round Up of Major Malware and Ransomware Incidents
Earlier this year, we analyzed the inner workings of LockBit, a ransomware family that emerged a year ago and quickly became another player in the targeted extortion business alongside Maze and REvil. LockBit has been quickly maturing, as we observed in April, using some novel ways to escalate privileges by bypassing Windows User Account Control (UAC). A series of recent attacks detected by Sophos provided us with the opportunity to dive deeper into LockBit’s tools, techniques and practices.
A public transport agency operating in Montréal announced that a ransomware attack had affected its website and other systems. In its statement, STM noted that individuals could still contact customer service. It did clarify that its representatives weren’t able to access the agency’s computer system at the time of writing, however, and were therefore unable to provide information about bus routes and schedules.
Round Up of Major Vulnerabilities and Patches
An advisory published by the NSA on Tuesday lists 25 vulnerabilities that have been exploited or targeted by threat actors believed to be sponsored by Beijing. The list includes several vulnerabilities that were not known to have been targeted, including CVE-2020-3118, which impacts Cisco products. CVE-2020-3118 is one of the five vulnerabilities in the Cisco Discovery Protocol (CDP) implementation of IOS XR software that were disclosed in February by IoT security firm Armis.
Launched alongside a new report into coordinated vulnerability disclosure, the Consumer Internet of Things Vulnerability Disclosure Platform (VulnerableThings.com) is catered to both security researchers and manufacturers, seeking to ensure coordinated vulnerability disclosure management and reporting. The platform provides automated communications and vulnerability management, and helps organizations get the support they need throughout the entire vulnerability reporting and response process.
The actively exploited vulnerability is tracked as CVE-2020-15999 and it has been described as a heap buffer overflow bug affecting FreeType, a popular software library for rendering fonts. In addition to Chrome and Chrome OS, FreeType is used in Linux and UNIX distributions, Android, iOS, ReactOS, and Ghostscript, which means the font engine is present on over a billion devices, according to its developers.