If you’re pressed for time watch the 60 second quick fire video summary of the top Cyber and InfoSec stories from the last week:

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Businesses believe the pandemic will change the security landscape forever

After Covid-19, nothing will ever be the same again, at least in terms of how businesses approach cyber security. This is according to a new report based on a poll of 6,700 infosec professionals around the world.

The report states that 81 percent expect long-term changes to the way their business operates, mostly because of remote working.

With this in mind, examining how remote employees approach cyber security will become paramount if an organisation is to maintain a strong security posture.

A third of respondents said they worry employees may feel more relaxed about cyber security than when they are working out of the office. Employees may also be less likely to follow protocol at home, particularly when it comes to identifying and flagging suspicious activity.

Further, almost a third (31 percent) fear employees might unintentionally leak sensitive data or fall prey to a phishing scam and a quarter are afraid staff might fall victim to malware attacks.

Of the largest risks associated with remote working, respondents singled out “using untrusted networks” as the most significant. Other people accessing employees' company devices, the use of personal messaging services for work, and the unintentional sharing of company data are also high on the list of risks.

Read more: https://www.itproportal.com/news/businesses-believe-the-pandemic-will-change-the-security-landscape-forever/

Ransomware operators lurk on your network after their attack

When a company suffers a ransomware attack, many victims feel that the attackers quickly deploy the ransomware and leave so they won't get caught. Unfortunately, the reality is much different as threat actors are not so quick to give up a resource that they worked so hard to control.

Instead, ransomware attacks are conducted over time, ranging from a day to even a month, starting with a ransomware operator breaching a network.

This breach is through exposed remote desktop services, vulnerabilities in VPN software, or via remote access given by malware such as TrickBot, Dridex, and QakBot.

Once they gain access, they use tools such as Mimikatz, PowerShell Empire, PSExec, and others to gather login credentials and spread laterally throughout the network.

As they gain access to computers on the network, they use these credentials to steal unencrypted files from backup devices and servers before deploying the ransomware attack.

Once the ransomware is deployed, many victims believe that while their network is still compromised, they think the ransomware operators are now gone from the system.

This belief is far from the truth, as illustrated by a recent attack by the Maze Ransomware operators.

Read the full article here: https://www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/

Prolific Hacker Made Millions Selling Network Access

A notorious Russian cyber-criminal made over $1.5m in just the past three years selling access to corporate networks around the world, according to a new report.

The study profiles the work of “Fxmsp” on underground forums where he published his first ad selling access to business networks in 2017.

Over the following years he would compromise banks, hotels, utilities, retailers, tech companies and organisations in many more verticals.

In just three years he claimed to have compromised over 130 targets in 44 countries, including four Fortune 500 firms. Some 9% of his victims were governments.

The report calculated the $1.5m figure purely from publicised sales, although 20% of those Fxmsp compromised were made through private sales, meaning the hacker’s trawl is likely to be even bigger.

Fxmsp even hired a sales manager in early 2018.

Read more here: https://www.infosecurity-magazine.com/news/infamous-hacker-millions-selling/

Rogue Postbank employees steal master encryption key; make off with $3.2 million

South Africa's Postbank has been forced to replace 12 million bank cards after a calamitous security breach that saw the bank's master encryption key printed off in plain, unencrypted language.

According to internal documents acquired by the Sunday Times of South Africa, the 36-digit code security key “allows anyone who has it to gain unfettered access to the bank’s systems, and allows them to read and rewrite account balances, and change information and data on any of the bank’s 12-million cards".

The master key was apparently printed out on plain paper in a data centre in Pretoria in 2018, enabling the fraudsters to make over 25,000 fraudulent transactions, mostly from cards used by people receiving social benefits from the government.

The crime, which is being pinned on a number of rogue bank employees, went unnoticed for months. More than $3.2 million was stolen in the raid.

The cost to the bank of replacing all the compromised cards is expected to reach $58 million.

Read more here: https://www.finextra.com/newsarticle/36059/rogue-postbank-employees-steal-master-encryption-key-make-off-with-32-million

Massive Distributed Denial of Service (DDoS) attack launched against European bank

This week, security firm Akamai mitigated what it claims to be the “largest ever packet per second (pps) DDoS attack”, launched against an unnamed European bank.

The attack reportedly generated 809 million packets per second (Mpps) - a new high for pps-focused attacks, and well over double the size of the previous record attack identified by the Akamai platform.

What also makes this DDoS attack unique is the “massive increase” in the quantity of source IP addresses observed. During the attack, Akamai identified more than 600 times average number of source IP addresses per minute, suggesting the attack was highly distributed in nature.

Further, most of the traffic came from previously unknown IP addresses (96.2 percent), which could indicate the assault was driven by an emerging botnet. Given that most of the source IP addresses could be identified within large ISPs via AS lookups, Akamai believes most of the devices used were compromised end user machines.

The speed at which the attack reached its peak was also remarkable. The company claims it grew from normal traffic levels to 418 Gbps in seconds, and took roughly two minutes to hit 809 Mpps. The attack lasted for a total of 10 minutes and was fully mitigated.

Read more here: https://www.itproportal.com/news/massive-ddos-attack-launched-against-european-bank/

'Unstoppable' Malware Uses Bitcoin To Retrieve Secret Messages - Report

Glupteba, a sneaky malware that can be controlled from afar includes a range of components to cover its tracks, and it updates itself using encrypted messages hidden in the Bitcoin blockchain.

The Glupteba bot is a malware campaign that creates backdoors with full access to contaminated devices, which are added to its growing botnet. The analysis describes it as a “highly self-defending malware” with “enhancing features that enable the malware to evade detection.”

The most interesting aspect of Glupteba is that it uses the Bitcoin blockchain as a communication channel for receiving updated configuration information, given that bitcoin transactions can also include a comment of up to 80 characters.

Glupteba uses this messaging space for encrypted messages. These messages contain secrets, such as command-and-control server names, thus cleverly hiding them in the public blockchain - in plane sight.

Read more: https://cryptonews.com/news/unstoppable-malware-uses-bitcoin-to-retrieve-secret-messages-6947.htm

Woman who deliberately deleted firm’s Dropbox is sentenced

58-year-old Danielle Bulley may not look like your typical cyber criminal, but the act of revenge she committed against a company had just as much impact as a conventional hacker breaking into a business’s servers and causing havoc.

Bulley has been successfully prosecuted under the UK’s Computer Misuse Act after deleting thousands of important files from a company that went on to collapse.

She was a director of a business called Property Press that produced a weekly property newspaper focused on south east Devon. Things turned sour, and Bulley resigned her position at the firm in 2018 before the company went into liquidation. However, fellow director Alan Marriott started a new business venture – without Bulley’s involvement – using the assets of the old firm.

Things clearly didn’t sit well with Bulley after her departure from the business, and several months after her resignation she managed to gain unauthorised access to the new company’s Dropbox account.

More than 5,000 documents were permanently erased, and the company claimed that the damage to business was so great that it could no longer operate, with people losing their jobs and a loss of almost £100,000.

The Police warned other companies of the threat which can be posed by former employees:

Ex-employees can pose a serious risk to a business because they are familiar with the company’s IT infrastructure and procedures. This can make it easier for them to carry out cyber crimes against their former organisation.

If someone is leaving your company, especially if they are quitting your firm under something of a cloud, you would be wise to check that they don’t know your business’s passwords or have retained access to sensitive information.

Passwords should be changed, and additional authentication methods should be in place to prevent unauthorised access. Dropbox, for instance, provides a two-step verification feature which all users would be wise to enable.

Read more: https://hotforsecurity.bitdefender.com/blog/woman-who-deliberately-deleted-firms-dropbox-is-sentenced-23552.html

EasyJet Lawsuit Over Data Breach Attracts 10,000 Passengers

EasyJet Plc faces a lawsuit over a data breach disclosed last month that potentially exposed private details of 9 million passengers.

More than 10,000 people have joined the suit since it was filed last month, according to the law firm handling the lawsuit. Victims are entitled to as much as £2,000 in compensation, meaning the case could be worth as much as £18 billion.

EasyJet said last month that the email addresses and travel data of about 9 million customers were taken by hackers in one of the biggest privacy breaches to hit the airline industry. The credit card details of roughly 2,200 people was also accessed.

“This is a monumental data breach and a terrible failure of responsibility that has a serious impact on EasyJet’s customers, who are coming forward in their thousands,” the law firm said in a statement. “This is personal information that we trust companies with, and customers should expect that every effort is made to protect their privacy.”

Read more here: https://www.bloomberg.com/news/articles/2020-06-24/easyjet-lawsuit-over-data-breach-attracts-10-000-passengers

Twitter apologises for business data breach

Twitter has emailed its business clients to tell them that personal information may have been compromised.

Unbeknownst to users, billing information of some clients was stored in the browser's cache, it said.

In an email to its clients, Twitter said it was "possible" others could have accessed personal information.

The personal data includes email addresses, phone numbers and the last four digits of clients' credit card numbers.

The tech company says that there is no evidence that clients' billing information was compromised.

Read more here: https://www.bbc.co.uk/news/technology-53150157

Huge Data Dump of Police Files Dubbed “Blue Leaks” Leaked Online

Nearly 270 gigabytes worth of sensitive files including FBI, “fusion center” and police department data from across the US dubbed “Blue Leaks” has been stolen and leaked online on June 19 by a collective called DDoSecrets.

Fusion centres are hubs for threat and intelligence sharing. The concept was created after September 11, in a bid by the Department of Homeland Security to improve cooperation between state, local, and territorial law enforcement

The National Fusion Centre Association (NFCA) says that the data was taken after a security breach at web development firm Netsential in Houston, Texas. It includes 490 documents pertaining to the UK. Computer Business Review was not immediately able to open these to assess the contents.

DDoSecrets stated that the Blue Leaks archive spans “ten years of data from over 200 police departments, fusion centres and other law enforcement training and support resources […] among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more”.

Read more here: https://www.cbronline.com/news/blue-leaks-data-dump

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

If you’re pressed for time watch the 60 second quick fire video summary of the top cyber and infosec stories from the last week:

Half of employees admit they are cutting corners when working from home

Half of employees are cutting corners with regards to cyber security while working from home – and could be putting their organisation at risk of cyber attacks or data breaches as a result.

The coronavirus pandemic has forced both employers and employees to quickly adjust to remote working – and, often without the watchful eyes of IT and information security teams, workers are taking more risks online and with data than they would at the office.

Analysis by researchers reveals that 52% of employees believe they can get away with riskier behaviour when working from home, such as sharing confidential files via email instead of more trusted mechanisms.

Some of the top reasons employees aren't completely following the same safe data practices as usual include working from their own device, rather than a company issued one, as well as feeling as if they can take additional risks because they're not being watched by IT and security.

In some cases, employees aren't purposefully ignoring security practices, but distractions while working from home are having an impact on how people operate.

Meanwhile, some employees say they're being forced to cut security corners because they're under pressure to get work done quickly.

Half of those surveyed said they've had to find workarounds for security policies in order to efficiently do the work they're required to do – suggesting that in some cases, security policies are too much of a barrier for employees working from home to adapt to.

Read more here: https://www.zdnet.com/article/cybersecurity-half-of-employees-admit-they-are-cutting-corners-when-working-from-home/

C-Level Executives the Weakest Link in Organisations’ Mobile Security

C-suite executives are the people most susceptible to mobile-based cyber-attacks in businesses, according to a new study. The report found that while these executives are highly targeted by cyber-criminals in attacks on organisations, they are also more likely than anyone else to have a relaxed attitude to mobile security.

In the analysis, research from 300 enterprise IT decision makers across Benelux, France, Germany, the UK and the US was combined with findings from 50 C-level executives from the UK and the US. It revealed that many C-level executives find mobile security protocols frustrating, with 68% feeling IT security compromises their personal privacy, 62% stating it limits the usability of their device and 58% finding it too complex to understand.

As a result of these issues, 76% of C-suite executives had asked to bypass one or more of their organisation’s security protocols last year. This included requests to: gain network access to an unsupported device (47%), bypass multi-factor authentication (45%) and obtain access to business data on an unsupported app (37%).

These findings are concerning because all of these C-suite exemptions drastically increase the risk of a data breach. Accessing business data on a personal device or app takes data outside of the protected environment, leaving critical business information exposed for malicious users to take advantage of. Meanwhile, multi-factor identification – designed to protect businesses from the leading cause of data breaches, stolen credentials – is being side-stepped by C-suite execs.

To exacerbate this issue, IT decision makers included in the study overwhelmingly stated that C-suite is the group most likely to both be targeted by (78%), and fall victim to (71%), phishing attacks.

These findings highlight a point of tension between business leaders and IT departments. IT views the C-suite as the weak link when it comes to cyber security, while execs often see themselves as above security protocols.

Read more: https://www.infosecurity-magazine.com/news/executives-weakest-link-mobile/

Majority of companies suffered a cloud data breach in the past 18 months

Nearly 80% of companies have experienced at least one cloud data breach in the past 18 months, and 43% reported 10 or more breaches, a new survey reveals.

According to the 300 CISOs that participated in the survey, security misconfiguration (67%), lack of adequate visibility into access settings and activities (64%) and identity and access management (IAM) permission errors (61%) were their top concerns associated with cloud production environments.

Meanwhile, 80% reported they are unable to identify excessive access to sensitive data in IaaS/PaaS environments. Only hacking ranked higher than misconfiguration errors as a source of data breaches.

Even though most of the companies surveyed are already using IAM, data loss prevention, data classification and privileged account management products, more than half claimed these were not adequate for protecting cloud environments.

Read the original article here: https://www.helpnetsecurity.com/2020/06/03/cloud-data-breach/

NSA and NCSC publicly warn of attacks by Kremlin hackers – so take this critical Exim flaw seriously

The NSA has raised the alarm over what it says is Russia's active exploitation of a remote-code execution flaw in Exim for which a patch exists.

The American surveillance agency said last week that the Kremlin's military intelligence hackers are actively targeting some systems vulnerable to CVE-2019-10149, a security hole in the widely used Exim mail transfer agent (MTA) that was fixed last June.

Because Exim is widely used on millions of Linux and Unix servers for mail, bugs in the MTA are by nature public-facing and pose an attractive target for hackers of all nations.

Read more here: https://www.theregister.com/2020/05/29/nsa_warns_of_gru/

Cisco's warning: Critical flaw in IOS routers allows 'complete system compromise’

Cisco has disclosed four critical security flaws affecting router equipment that uses its IOS XE and IOS software.

The four critical flaws are part of Cisco's June 3 semi-annual advisory bundle for IOS XE and IOS networking software, which includes 23 advisories describing 25 vulnerabilities.

Read more: https://www.zdnet.com/article/ciscos-warning-critical-flaw-in-ios-routers-allows-complete-system-compromise/

Malware-laced CVs steal banking credentials from users' PCs

If you work for a financial institution that happens to be hiring, be extra careful when downloading and opening CVs - many could be carrying a password-stealing banking malware.

This is according to a new report which identified the new malware distribution campaign in the wild.

According to the report, criminals are sending out emails with the subject lines “applying for a job” and “regarding job”, containing an Excel attachment with a malicious macro. Once the file is opened, the victim is prompted to “enable content”, which triggers the download of ZLoader malware.

ZLoader is capable of stealing credentials from the infected PC, as well as passwords and cookies stored in the target’s browser. With the stolen intel, the attacker could also use the victim’s device to make illicit financial transactions.

Read more: https://www.itproportal.com/news/malware-laced-cvs-steal-banking-credentials-from-users-pcs/

Hackers are targeting your smartphone as way into the company network, mobile phishing up a third in a few months

The number of phishing attacks targeting smartphones as the entry point for attempting to compromise enterprise networks has risen by more than a third over the course of just a few months.

Analysis by cyber security company Lookout found that there's been a 37% increase in mobile phishing attacks worldwide between the last three months of 2019 and the first few months of 2020 alone.

Phishing emails have long been a problem for desktop and laptop users, but the increased use of mobile devices – especially as more people are working remotely – has created an additional attack vector for cyber criminals who are targeting both Android and IOS phones.

Attacks targeting desktop email applications can leave tell-tale signs that something might not be quite right, such as being able to preview links and attachments, or see email addresses and URLs that might look suspicious.

However, this is harder to spot on mobile email, social media and messaging applications because the way they're designed for smaller screens.

Read more here: https://www.zdnet.com/article/cybersecurity-warning-hackers-are-targeting-your-smartphone-as-way-into-the-company-network/

Tens of thousands of malicious Android apps flooding user devices

Tens of thousands of dangerous Android apps are putting mobile users at heightened risk of fraud and cyber attack, a report has claimed.

A mobile security firm identified over 29,000 malicious Android apps in active use during Q1 2020, double the number logged in the same quarter last year (just over 14,500).

The investigation also showed that almost all (90%) of the ten most malicious apps were - or are still - present on the official Google Play Store. This suggests that hackers consistently found ways to dance their way through Google’s vetting system.

In line with this trend, this time period also saw a 55% rise in fraudulent transactions on Android platforms, as well as a spike in the number of malware-infected devices.

Read more here: https://www.techradar.com/news/tens-of-thousands-of-malicious-android-apps-flooding-google-play-store

George Floyd: Anonymous hackers re-emerge amid US unrest

As the United States deals with widespread civil unrest across dozens of cities, "hacktivist" group Anonymous has returned from the shadows.

The hacker collective was once a regular fixture in the news, targeting those it accused of injustice with cyber-attacks.

After years of relative quiet, it appears to have re-emerged in the wake of violent protests in Minneapolis over the death of George Floyd, promising to expose the "many crimes" of the city's police to the world.

However, it's not easy to pin down what, if anything, is genuinely the mysterious group's work.

The "hacktivist" collective has no face, and no leadership. Its tagline is simply "we are legion", referring to its allegedly large numbers of individuals.

Without any central command structure, anyone can claim to be a part of the group.

This also means that members can have wildly different priorities, and there is no single agenda.

But generally, they are activists, taking aim at those they accuse of misusing power. They do so in very public ways, such as hijacking websites or forcing them offline.

Their symbol is a Guy Fawkes mask, made famous by Alan Moore's graphic novel V for Vendetta, in which an anarchist revolutionary dons the mask to topple a corrupt fascist government.

Read the original article: https://www.bbc.co.uk/news/technology-52879000

EasyJet Cyber Attack Likely the Work of Chinese Hackers

The recent high-profile cyber attack that struck British budget airline easyJet may have been carried out by Chinese hackers, new research and multiple sources have suggested.

The cyber attack, which saw the email addresses and travel details of millions of passengers being robbed—as well as the credit card details of some 2,000—was reportedly conducted by the very same group of Chinese hackers responsible for other attacks on a number of airlines in recent months.

Read more: https://www.cpomagazine.com/cyber-security/easyjet-cyber-attack-likely-the-work-of-chinese-hackers/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

60ish second video roundup

Cyber-Criminals Impersonating Google to Target Remote Workers

Remote workers have been targeted by up to 65,000 Google-branded cyber-attacks during the first four months of 2020, according to a new report. The study found that Google file sharing and storage websites were used in 65% of nearly 100,000 form-based attacks the security firm detected in this period.

According to the analysis, a number of Google-branded sites, such as storage.googleapis.com, docs.google.com, storage.cloud.google.com and drive.google.com, were used to try and trick victims into sharing login credentials. Google-branded attacks were far in excess of those impersonating Microsoft, with the sites onedrive.live.com, sway.office.com and forms.office.com making up 13% of attacks.

Other form-based sites used by attackers included sendgrid.net (10%), mailchimp.com (4%) and formcrafts.com (2%).

Read the full article here: https://www.infosecurity-magazine.com/news/cyber-criminals-impersonating/

Ransomware Demands Soared 950% in 2019

Ransomware operators had another standout year in 2019, with attacks and ransom demands soaring according to new data.

A new report claimed that, after a relatively quiet 2018, ransomware was back with a vengeance last year, as attack volumes climbed by 40%.

As large enterprises became an increasing focus for attacks, ransom demands also soared: from $8,000 in 2018 to $84,000 last year. That’s a 950% increase.

The “greediest ransomware families with highest pay-off” were apparently Ryuk, DoppelPaymer and REvil, the latter on occasion demanding $800,000.

Read more: https://www.infosecurity-magazine.com/news/ransomware-demands-soared-950-in/

Use of cloud collaboration tools surges and so do attacks

The COVID-19 pandemic has pushed companies to adapt to new government-mandated restrictions on workforce movement around the world. The immediate response has been rapid adoption and integration of cloud services, particularly cloud-based collaboration tools such Microsoft Office 365, Slack and videoconferencing platforms. A new report shows that hackers are responding to this with increased focus on abusing cloud account credentials.

Analysis of cloud usage data that was collected between January and April from over 30 million enterprise indicated a 50% growth in the adoption of cloud services across all industries. Some industries, however, saw a much bigger spike--for example manufacturing with 144% and education with 114%.

The use rate of certain collaboration and videoconferencing tools has been particularly high. Cisco Webex usage has increased by 600%, Zoom by 350%, Microsoft Teams by 300% and Slack by 200%. Again, manufacturing and education ranked at the top.

More here: https://www.csoonline.com/article/3545775/use-of-cloud-collaboration-tools-surges-and-so-do-the-attacks-report-shows.html

Huge rise in hacking attacks on home workers during lockdown

Hackers have launched a wave of cyber-attacks trying to exploit British people working from home, as the coronavirus lockdown forces people to use often unfamiliar computer systems.

The proportion of attacks targeting home workers increased from 12% of malicious email traffic before the UK’s lockdown began in March to more than 60% six weeks later, according to new data.

Attacks specifically aimed at exploiting the chaos wrought by Sars-CoV-2 have been evident since January, when the outbreak started to garner international news headlines.

The attacks have increased in sophistication, specifically targeting coronavirus-related anxieties rather than the more usual attempts at financial fraud or extortion.

In early May “a large malicious email campaign” was detected against UK businesses that told employees they could choose to be furloughed if they signed up to a specific website.

Read more here: https://www.theguardian.com/technology/2020/may/24/hacking-attacks-on-home-workers-see-huge-rise-during-lockdown?CMP=share_btn_tw

EasyJet faces £18 billion class-action lawsuit over data breach

UK budget airline easyJet is facing an £18 billion class-action lawsuit filed on behalf of customers impacted by a recently-disclosed data breach.

Made public on May 19, easyJet said that information belonging to nine million customers may have been exposed in a cyber attack, including over 2,200 credit card records.

The "highly sophisticated" attacker to blame for the security incident managed to access this financial information, as well as email addresses and travel details. EasyJet is still contacting impacted travelers.

The carrier did not explain how or exactly when the data breach took place, beyond that "unauthorized access" has been "closed off."

The National Cyber Security Centre (NCSC) and the UK's Information Commissioner's Office (ICO) have been notified, of which the latter has the power to impose heavy fines under GDPR if an investigation finds the carrier has been lax in data protection and security.

Last year, British Airways faced a "notice of intent" filed by the ICO to fine the airline £183.4 million for failing to protect the data of 500,000 customers in a data breach during 2018.

Read the full article here: https://www.zdnet.com/article/easyjet-faces-18-billion-class-action-lawsuit-over-data-breach/

Data Breach at Bank of America

Bank of America Corporation has disclosed a data breach affecting clients who have applied for the Paycheck Protection Program (PPP).

Client information was exposed on April 22 when the bank uploaded PPP applicants' details onto the US Small Business Administration's test platform. The platform was designed to give lenders the opportunity to test the PPP submissions before the second round of applications kicked off.

The breach was revealed in a filing made by Bank of America with the California Attorney General's Office. As a result of the incident, other SBA-authorized lenders and their vendors were able to view clients' information.

Data exposed in the breach consisted of details relating not only to individual businesses, but also to their owners. Compromised data may have included the business address and tax identification number along with the owner's name, address, Social Security number, phone number, email address, and citizenship status.

More Here: https://www.infosecurity-magazine.com/news/data-breach-at-bank-of-america/

Apple sends out 11 security alerts – get your fixes now!

Apple has just blasted out 11 email advisories detailing its most recent raft of security fixes.

There were 63 distinct CVE-tagged vulnerabilities in the 11 advisory emails.

11 of these vulnerabilities affected software right across Apple’s mobile, Mac and Windows products.

Read more: https://nakedsecurity.sophos.com/2020/05/27/apple-sends-out-11-security-alerts-get-your-fixes-now/

NSA warns of new Sandworm attacks on email servers

The US National Security Agency (NSA) has published a security alert warning of a new wave of cyber attacks against email servers conducted by one of Russia's most advanced cyber-espionage units.

The NSA says that members of Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, have been attacking email servers running the Exim mail transfer agent (MTA).

Also known as "Sandworm," this group has been hacking Exim servers since August 2019 by exploiting a critical vulnerability.

Read more: https://www.zdnet.com/article/nsa-warns-of-new-sandworm-attacks-on-email-servers/

DoubleGun Group Builds Massive Botnet Using Cloud Services

An operation from the China-based cybercrime gang known as DoubleGun Group has been disrupted, which had amassed hundreds of thousands of bots that were controlled via public cloud services, including Alibaba and Baidu Tieba.

Researchers in a recent post said that they noticed DNS activity in its telemetry that traced back to a suspicious domain controlling mass amounts of infected Windows devices. Analysis of the command-and-control (C2) infrastructure of the operation and the malware used to build the botnet showed that the effort could be attributed to a known threat group – DoubleGun, a.k.a. ShuangQiang.

Read more: https://threatpost.com/doublegun-massive-botnet-cloud-services/156075/

Malicious actor holds at least 31 stolen SQL databases for ransom

A malicious cyber actor or hacking collective has reportedly been sweeping the internet for online stores’ unsecured SQL databases, copying their contents, and threatening to publish the information if the rightful owners don’t pay up.

The perpetrator has stolen the copied versions of at least 31 SQL databases, which have been put up for sale on an unnamed website. These databases constitute roughly 1.620 million rows of information, including e-commerce customers’ names, usernames, email addresses, MD5-hashed passwords, birth dates, addresses, genders, account statuses, histories and more

Read more: https://www.scmagazine.com/home/security-news/data-breach/malicious-actor-holds-at-least-31-stolen-sql-databases-for-ransom/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.