Daily NCSC-FI news followup 2020-10-09

We Hacked Apple for 3 Months: Here’s What We Found

samcurry.net/hacking-apple/ There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. As of now, October 8th, we have received 32 payments totaling $288, 500 for various vulnerabilities. However, it appears that Apple does payments in batches and will likely pay for more of the issues in the following months.

Ryuk’s Return

thedfirreport.com/2020/10/08/ryuks-return/ The Ryuk group went from an email to domain wide ransomware in 29 hours and asked for over $6 million to unlock our systems. They used tools such as Cobalt Strike, AdFind, WMI, vsftpd, PowerShell, PowerView, and Rubeus to accomplish their objective.

German tech giant Software AG down after ransomware attack

www.zdnet.com/article/german-tech-giant-software-ag-down-after-ransomware-attack/ Exclusive: The Clop ransomware gang is demanding more than $20 million from German tech firm Software AG. Software AG is Germany’s second-largest company with more than 10, 000 enterprise customers across 70 countries. Some of the company’s most recognizable customers include Fujitsu, Telefonica, Vodafone, DHL, and Airbus.

Sophisticated Android Ransomware Executes with the Home Button

threatpost.com/android-ransomware-home-button/160001/ A fresh variant of a sophisticated Android ransomware known as MalLocker locks up mobile devices — surfacing its ransom note when a user hits the Home button. Lisäksi:


Facebook Debuts Bug-Bounty ‘Loyalty Program’

threatpost.com/facebook-bug-bounty-loyalty-program/159993/ Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of submitted bug reports which will dictate new bonus percentages. For instance, Bronze tier members will receive a 5 percent bonus on top of each bounty they receive — while Diamond tier members will earn a 20 percent bonus. Diamond-level researchers also gain access to various events, including live hacking events, Facebook’s F8 conference and DEFCON.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.