Daily NCSC-FI news followup 2019-09-21

VMware Releases Security Updates for Multiple Products

www.us-cert.gov/ncas/current-activity/2019/09/20/vmware-releases-security-updates-multiple-products See also:

www.vmware.com/security/advisories/VMSA-2019-0014.html

Meet Stop Ransomware: The Most Active Ransomware Nobody Talks About

www.bleepingcomputer.com/news/security/meet-stop-ransomware-the-most-active-ransomware-nobody-talks-about/ To give you some perspective, the ransomware identification service ID Ransomware gets approximately 2,500 ransomware submissions a day. Of those, between 60-70 % are STOP ransomware submissions.

Windows 7 Voting Systems to Get Free Security Updates Through 2020 Elections

www.bleepingcomputer.com/news/microsoft/windows-7-voting-systems-to-get-free-security-updates-through-2020-elections/ Microsoft announced today that they will be providing free extended security updates for Windows 7 machines that are part of a federally certified voting system.. With the Windows 7 end of support quickly approaching on January 14th, 2020, some voting systems that will be used for the 2020 elections continue to run on Windows 7.. Microsoft will not only provide this to the USA 2020 elections, but also to other democratic countries that have elections in 2020 and reach out to Microsoft to say they are interested.

Bulgarian phishing gang member who lived with his parents jailed for part in £40m fraud ring

www.theregister.co.uk/2019/09/20/bulgarian_svetoslav_donchev_jailed_9_years_phishing_fraud/ A Bulgarian phishing criminal who created fake versions of legitimate companies’ websites as part of a £40m fraud has been jailed.

Ransomware Strikes 49 School Districts & Colleges in 2019

www.darkreading.com/threat-intelligence/ransomware-strikes-49-school-districts-and-colleges-in-2019/d/d-id/1335872 The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.. Education is a hot target for ransomware: Nearly 50 school districts and colleges have been hit in 2019 so far, and more than 500 individual K-12 schools have potentially been compromised.. Cloud security firm Armor has been tracking publicly disclosed ransomware attacks since January 2019. Of the 182 total victim organizations this year, 49 have been educational institutions. This makes education the second-largest pool of victims by industry, following municipalities at 70 victims, and ahead of third-place healthcare, which reported 27 victims.

Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks

threatpost.com/forcepoint-vpn-client-is-vulnerable-to-privilege-escalation-attacks/148544/ A vulnerability has been discovered in the Forcepoint VPN Client software for Windows. The flaw could enable an attacker with an existing foothold on a system to achieve an escalation of privilege, persistence and in some cases defense evasion.. The vulnerability (CVE-2019-6145) stems from an un-patch issue in the Forcepoint VPN Client software. This software provides a secure virtual private network connection between end-user Windows computers and a Forcepoints VPN gateway.. See also:

www.bleepingcomputer.com/news/security/forcepoint-fixes-privilege-escalation-bug-in-windows-vpn-client/

WannaCry ransomware is still infecting PCs – and some victims are still trying to pay the ransom

www.zdnet.com/article/wannacry-ransomware-is-still-infecting-pcs-and-some-victims-are-still-trying-to-pay-the-ransom/ Over two years on from the initial outbreak, WannaCry ransomware is still infecting victims and some people are still paying the ransom in a futile effort to retrieve their encrypted data.

www.zdnet.com/article/magecart-strikes-again-hotel-booking-websites-come-under-fire/ A fresh wave of Magecart-linked attacks is taking place with the hotel booking websites becoming the latest victims. . Earlier this week, cybersecurity firm Trend Micro said that in early September, two hotel booking websites — owned by separate chains — were being injected with a JavaScript-based card-skimmer.

The ultimate guide to finding and killing spyware and stalkerware on your smartphone

www.zdnet.com/article/the-ultimate-guide-to-finding-and-killing-spyware-and-stalkerware/ There are ways to prevent a government agency, country, or cybercriminals from peeking into our digital lives. Virtual private networks (VPNs), end-to-end encryption and using browsers that do not track user activity are all common methods.. Sometimes, however, surveillance is more difficult to detect — and closer to home.

Payment Card Breach Hits 8 Cities Using Vulnerable Bill Portal

threatpost.com/payment-card-breach-hits-8-cities-using-vulnerable-bill-portal/148521/ The hack targets a flaw in Click2Gov software, which is used in self-service bill-paying portals used by utilities and community development organizations for things such as paying parking tickets online. The flaw was first discovered in December 2018 after continual breaches of it led to the compromise of at least 294,929 payment cards across the country.

Two years later, hackers are still breaching local government payment portals

www.zdnet.com/article/two-years-later-hackers-are-still-breaching-local-government-payment-portals/ Two years after hackers first started targeting local government payment portals, attacks are still going on, with eight cities having had their Click2Gov payment portals compromised in the last month alone, security researchers from Gemini Advisory have revealed in a report shared with ZDNet today.. These new hacks have allowed hackers to get their hands on over 20,000 payment card details belonging to US citizens, which are now being traded on the dark web, the cyber-security firm said.

Worlds most destructive botnet returns with stolen passwords and email in tow

arstechnica.com/information-technology/2019/09/worlds-most-destructive-botnet-returns-with-stolen-passwords-and-email-in-tow/ Emotet started out as a means for spreading a bank-fraud trojan, but over the years it morphed into a platform-for-hire that also spreads the increasingly powerful TrickBot trojan and Ryuk ransomware, both of which burrow deep into infected networks to maximize the damage they do. A post published on Tuesday by researchers from Cisco’s Talos security team helps explain how Emotet continues to threaten so many of its targets.. See also:

blog.talosintelligence.com/2019/09/emotet-is-back-after-summer-break.html and

www.bleepingcomputer.com/news/security/emotet-trojan-evolves-since-being-reawakend-here-is-what-we-know/

Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website

blog.trendmicro.com/trendlabs-security-intelligence/mac-malware-that-spoofs-trading-app-steals-user-information-uploads-it-to-website/ We found two variants of the malware family. The first one contains a pair of shell scripts and connects to a remote site to decrypt its encrypted codes while the second sample, despite using a simpler routine involving a single shell script, actually incorporates a persistence mechanism.. Given the changes weve seen from the malware variants initial iteration to its current one, we notice a trend in which the malware authors have simplified its routine and added further capabilities. Its possible that the people behind it are looking for ways to make it more efficient perhaps even adding evasion mechanisms in the future.

How to Take Control of Your Privileged Accounts

securityintelligence.com/posts/how-to-take-control-of-your-privileged-accounts/ Privileged access management (PAM) also referred to as privileged account management is the top cybersecurity project for chief information security officers (CISOs), according to Gartner. Why?. Because privileged access carries significant risk, and all organizations deal with privileged, administrative or other sensitive accounts. These accounts are primary targets for attackers and need to be managed separately and with specific considerations.. Although the risks associated with privileged accounts are known, few organizations truly understand just how exposed they are. Implementing a PAM solution is a no-brainer, but these tools work best when the full depth and breadth of the systems they are supposed to protect are known.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.