This Week in Security News: Google Faces Privacy Lawsuit Over Tracking Users in Incognito Mode and TrickBot Adds Enterprise-grade Module to Malware Arsenal

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a new module for the infamous trojan known as TrickBot that has been deployed. Also, read about Google’s $5 billion class-action lawsuit over claims that it has been collecting people’s browsing information when using the incognito browsing mode.

New Ransomware Targets Windows And Linux PCs With A ‘Unique’ Attack

A newly uncovered form of ransomware is going after Windows and Linux systems in what appears to be a targeted campaign, according to ZDNet. Named Tycoon after references in the code, this ransomware has been active since December 2019, and looks to be the work of cyber criminals who are highly selective in their targeting. The malware uses an uncommon deployment technique, which helps it stay hidden on compromised networks. The main targets of Tycoon are organisations in the education and software industries.

Easy money pandemic: Welfare as bait

The coronavirus pandemic has dealt a major blow to the global economy. Restrictive measures have forced many companies to suspend operations, and workers to take time off at their own expense. Attempting to mitigate the effects of the pandemic, governments worldwide are taking steps to support businesses and citizens through tax breaks, compensation schemes, stimulus checks, and the like.

Experts Reaction On Black Lives Matter Activists Targeted By Cyber Attacks

Organisations advocating for racial justice and civil liberties, including Black Lives Matter (BLM), the American Civil Liberties Union (ACLU) and the National Association for the Advancement of Colored People (NAACP), are coming under frequent and sustained cyber-attack by undisclosed groups, according to statistics gathered by network protection service Cloudflare. As protests prompted by the murder of George Floyd, an unarmed black man, at the hands of Minneapolis police officers on 25 May 2020 spread around the US and the world, Cloudflare said it had seen increasing levels of cyber attacks against organisations fighting racism – numbering in the tens of billions – compared with the corresponding week in April.

Voice Message Phishing Email hits 100,000 companies

Attackers have been pounding employee inboxes at companies that still use private branch eXchange (PBX) telephone systems for communication, delivering phishing that bypasses email defences. The messages pretended to be voicemail notifications from PBX integrations and featured custom subject lines to pass a superficial legitimacy test.

Black Lives Matter Groups Face Cyberattacks

Widespread violent protests across the US over the past week have been followed by attempted DDoS attacks on several rights groups, according to Cloudflare. The web security firm analyzed malicious HTTP requests it blocked across the weekend of April 25/26 versus a month later (May 30/31). Minneapolis resident George Floyd was killed on May 25, sparking a wave of violence and protests across the US over the succeeding days.

Remote Code Execution Deserialization Vulnerability Blocked by Contrast

On May 20, 2020, the National Vulnerability Database (NVD) published a new CVE—CVE-2020-9484. The vulnerability associated with CVE-2020-9484 allows any anonymous attacker with internet access to submit a malicious request to a Tomcat Server that has PersistentManager enabled using FileStore. This is not the default setup, but it can be configured by administrators in this way. Red Timmy Security wrote in detail about the vulnerability and exploit.