From Security Weekly WikiJump to navigationJump to search
- The Windows XP Source Code Was Allegedly Leaked Online Largely previously released code. Make sure your XP/2003 systems are protected.
- CISA Says Federal Agency Compromised by Malicious Cyber Actor Cyber Hygiene has to be fundamental. MFA remote access!
- Government Software Provider Tyler Technologies Confirms Ransomware Attack Tyler is still putting itself back together, verify any connections from their services to yours.
- Microsoft Boots Apps Used by China-Sponsored Hackers Out of Azure Azure has an app store, like iTunes and Android. As such vetting of apps and removal of unacceptable apps needs to be SOP.
- Chrome Vulnerabilities Expose Users to Attacks Via Malicious Extensions Chrome 85 update addresses several high-severity vulnerabilities, including three "insufficient policy enforcement in extensions" vulnerabilities (CVE-2020-15961, CVE-2020-15963, and CVE-2020-15966).
- REvil Ransomware Deposits $1 Million in Hacker Recruitment Drive Sodinokibi ransomware operators have deposited 99 BTC (~$1.1 million USD) on a Russian-language hacker forum to recruit affiliates to distribute their ransomware.
- UHS Hospitals Hit by Reported Country-Wide Ryuk Ransomware Attack Possibly one of the largest ransomware attacks to date. Hospitals in many states offline, redirecting emergency traffic.
- Nevada School District Refuses to Submit to Ransomware Blackmail, Hacker Publishes Student Data The current MO is exfiltrate then ransom, so unless you're watching for exfiltration, you'll miss the early warning. The likely target is PII.
- Flightradar24 Hit by Third Cyber-Attack in Two Days
- Cisco Fixes Actively Exploited Issues in IOS XR Network OS Cisco has released fixes for two memory exhaustion denial-of-service (DoS) vulnerabilities (CVE-2020-3566) affecting the IOS XR Network OS running on NCS 540 and 560, NCS 5500, 8000, ASR 9000 series. Low risk, apply the patch.
- China-Linked 'BlackTech' Hackers Start Targeting U.S. This APT also known as Palmerworm and TEMP.Overboard, historically focuses on Taiwan, has been seen using dual-use tools (e.g., Putty, PSExec, SNScan, and WinRAR) and new custom malware that includes the Consock, Waship, Dalwit, and Nomri backdoors.