Cyber Security Roundup for November 2019

In recent years political motivated cyber-attacks during elections has become an expected norm, so it was no real surprise when the Labour Party reported it was hit with two DDoS cyber-attacks in the run up to the UK general election, which was well publicised by the media. However, what wasn’t well publicised was both the Conservative Party and Liberal Democrats Party were also hit with cyber attacks. These weren’t nation-state orchestrated cyberattacks either, black hat hacking group Lizard Squad, well known for their high profile DDoS attacks, are believed to be the culprits.

The launch of Disney Plus didn’t go exactly to plan, without hours of the streaming service going live, compromised Disney Plus user accounts credentials were being sold on the black market for as little as £2.30 a pop. Disney suggested hackers had obtained customer credentials from previously leaked identical credentials, as used by their customers on other compromised or insecure websites, and from keylogging malware. It’s worth noting Disney Plus doesn’t use Multi-Factor Authentication (MFA), implementing MFA to protect their customer’s accounts would have prevented the vast majority of Disney Plus account compromises in my view.

Trend Micro reported an insider stolen around 100,000 customer accounts details, with the data used by cyber con artists to make convincing scam phone calls impersonating their company to a number of their customers. In a statement, Trend Micro said it determined the attack was an inside job, an employee used fraudulent methods to access its customer support databases, retrieved the data and then sold it on. “Our open investigation has confirmed that this was not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls,” the company said. The employee behind it was identified and fired, Trend Micro said it is working with law enforcement in an on-going investigation.

Security researchers found 4 billion records from 1.2 billion people on an unsecured Elasticsearch server. The personal information includes names, home and mobile phone numbers and email addresses and what may be information scraped from LinkedIn, Facebook and other social media sources.

T-Mobile reported a data breach of some their prepaid account customers. A T-Mobile spokesman said “Our cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account. We promptly reported this to authorities”.

A French hospital was hit hard by a ransomware attack which has caused “very long delays in care“. According to a spokesman, medical staff at Rouen University Hospital Centre (CHU) abandon PCs as ransomware had made them unusable, instead, staff returned to the “old-fashioned method of paper and pencil”. No details about the strain of the ransomware have been released.

Microsoft released patches for 74 vulnerabilities in November, including 13 which are rated as critical. One of which was for a vulnerability with Internet Explorer (CVE-2019-1429), an ActiveX vulnerability known to be actively exploited by visiting malicious websites.

It was a busy month for blog articles and threat intelligence news, all are linked below.
NEWS

VULNERABILITIES AND SECURITY UPDATES

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

HUAWEI NEWS AND THREAT INTELLIGENCE

*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by SecurityExpert. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/47K6Oe8YY7k/cyber-security-roundup-for-november-2019.html