The Weekly Roundup (2020-November-14)

The Weekly Roundup - Updates on Threats, Breaches, and Latest Vulnerabilities

2020 – November 09

Breaches Reported

The group Luxottica (who owns LensCrafters, Target Optical, and EyeMed) just recently disclosed a data breach that occurred on August 5, 2020. The breach came from their online appointment scheduling system.

Malware Reported

Security Researcher discovered the “xhunt campaign”, that uses a PowerShell-based scripts (TriFive and Snugy), that provides backdoor access to Exchange server. This campaign has been active since July 2018 targeting the government of Kuwait.

2020 – November 10

Breaches Reported

Hackers recently attacked the main data center of the University of Vermont (UVM) Health network, the cyberattack impacted the chemotherapy, mammogram and screening appointment system.

Malware Reported

Malicious fake ads has recently been seen as Microsoft Teams updates used ransomware operators. The fake ads are used to infect the systems that uses backdoors that deploys Cobalt Strike. The fake ads lure users into installing these fake updates, which then poisons search results.

Vulnerabilities Reported

Attackers have been deploying Cobalt Strike tool that allows remote access to Oracle Weblogic Servers. The vulnerability is tracked as CVE-2020-14882.

2020 – November 11

Breaches Reported

Facebook ads has recently been discovered that has been started by Ragnar Locker ransomware gang, that has been used to extort victims. The gang store 2TB of data from the Campari Group network, they proceeded by encrypting the network and demanding a ransom of $15 million dollars.

Vulnerabilities Reported

Security Researchers have discovered new side-channel vulnerabilities named Platypus, which enables the attackers to steal sensitive data from Intel CPUs.  (CVE-2020-8695, CVE-2020-8696, and CVE-2020-8698)

Platypus is short for:

Power Leakage Attacks: Targeting Your Protected User Secrets, targets the RAPL (Running Average Power Limit) interface of Intel processors

2020 – November 12

Breaches Reported

Hackers recently attacked a medical billing and reimbursement company based in Iowa. They suffered a ransomware attack between 2020-Feb-12 and 2020-Mar-4. The personally identifiable information accessed was names, dates of birth, Medicaid identification numbers, and billing information.

Malware Reported

The Muhstik botnet has recently upgraded to also target vulnerabilities related to Oracle Weblogic server and Drupal.

Vulnerabilities Reported

High severity vulnerabilities related to Cisco’s IOS XR software, which allows remote hackers to disable Cisco Aggregation Services Routers (ASR). With a CVSS score of 8.6/10, the vulnerability can be exploited by sending specifically crafted layer 2 and layer 3 data to vulnerable devices. Cisco has patches with Cisco IOS XR Software releases 6.7.2 or 7.1.2 and later.

2020 – November 13

Vulnerabilities Reported

Security Researchers from University of California and Tsinghua University has discovered series of critical security flaws that could lead to a revival of DNS cache poisoning attacks. The attacks allows an off-path attacker to inject malicious DNS records into DNS cache. This vulnerability is being tracked as CVE-2020-25705.

You might be interested in …

Leave a Reply

Your email address will not be published.