Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a new module for the infamous trojan known as TrickBot that has been deployed. Also, read about Google’s $5 billion class-action lawsuit over claims that it has been collecting people’s browsing information when using the incognito browsing mode.
A phishing attack is using VPN impersonation to trick people into revealing their Microsoft Office 365 credentials.
Recent ransomware threats leveled at President Trump, Lady Gaga and Madonna have raised awareness of the need to not only better secure data but also devoting more resources to determine what data has been exposed on the Dark Web.
Recent spikes in cyber-attacks have provoked heated reaction from governments around the world. Nation-state hackers are targeting medical facilities, government agencies and critical infrastructure in their attempts to disrupt business operation, gain intelligence and inflict revenue losses.
60% of people working from home due to COVID-19 believe they are more susceptible to cyber attack as they are online more
A newly uncovered form of ransomware is going after Windows and Linux systems in what appears to be a targeted campaign, according to ZDNet. Named Tycoon after references in the code, this ransomware has been active since December 2019, and looks to be the work of cyber criminals who are highly selective in their targeting. The malware uses an uncommon deployment technique, which helps it stay hidden on compromised networks. The main targets of Tycoon are organisations in the education and software industries.
The coronavirus pandemic has dealt a major blow to the global economy. Restrictive measures have forced many companies to suspend operations, and workers to take time off at their own expense. Attempting to mitigate the effects of the pandemic, governments worldwide are taking steps to support businesses and citizens through tax breaks, compensation schemes, stimulus checks, and the like.
Organisations advocating for racial justice and civil liberties, including Black Lives Matter (BLM), the American Civil Liberties Union (ACLU) and the National Association for the Advancement of Colored People (NAACP), are coming under frequent and sustained cyber-attack by undisclosed groups, according to statistics gathered by network protection service Cloudflare. As protests prompted by the murder of George Floyd, an unarmed black man, at the hands of Minneapolis police officers on 25 May 2020 spread around the US and the world, Cloudflare said it had seen increasing levels of cyber attacks against organisations fighting racism – numbering in the tens of billions – compared with the corresponding week in April.
Email holds the keys to the kingdom. All your password resets go through email, and abandoning an old domain name makes it easy for attackers to re-register the old domain and get your stuff.
Attackers have been pounding employee inboxes at companies that still use private branch eXchange (PBX) telephone systems for communication, delivering phishing that bypasses email defences. The messages pretended to be voicemail notifications from PBX integrations and featured custom subject lines to pass a superficial legitimacy test.
Widespread violent protests across the US over the past week have been followed by attempted DDoS attacks on several rights groups, according to Cloudflare. The web security firm analyzed malicious HTTP requests it blocked across the weekend of April 25/26 versus a month later (May 30/31). Minneapolis resident George Floyd was killed on May 25, sparking a wave of violence and protests across the US over the succeeding days.
2019 was an extremely successful year for ransomware, rife with attacks and many high-profile victims. Of all the cyberthreats, ransomware was proven to be the most devastating.
On May 20, 2020, the National Vulnerability Database (NVD) published a new CVE—CVE-2020-9484. The vulnerability associated with CVE-2020-9484 allows any anonymous attacker with internet access to submit a malicious request to a Tomcat Server that has PersistentManager enabled using FileStore. This is not the default setup, but it can be configured by administrators in this way. Red Timmy Security wrote in detail about the vulnerability and exploit.
—–BEGIN PGP SIGNED MESSAGE—–
Ubuntu Security Notice USN-4382-1
June 04, 2020