Does all this COVID-19 related ruling by Executive Order give you the Constitutional willies? Well, the Legislative Branch is doing its best to keep pace in the race to see which branch of the government can violate our rights the most. The government can keep on surveilling your online life without a warrant. An amendment to ban it failed by just one vote in the Senate. Only the House can end this intrusion into our private lives.
Bugs can last a long time… even if you thought you removed them years ago.
After a flurry of zero-day vulnerabilities in recent editions, May’s Patch Tuesday finally gives Windows users a month off having to fix ‘big’ exploited or public flaws. The catch is it’s still one of the biggest patch rounds Microsoft has ever released, featuring 111 CVE-level bug fixes (the record being March’s 115 fixes), nearly half of which are in Windows itself.
The 20-ton object, part of a Chinese rocket, is one of the largest ever to fall uncontrolled from space. My comment: What- bio-war isn’t bad enough? Now the Chinese attack us from space?
As part of Unit 42’s efforts to proactively monitor threats circulating in the wild, I recently came across new Hoaxcalls and Mirai botnet campaigns targeting a post-authentication Remote Code Execution vulnerability in Symantec Secure Web Gateway 220.127.116.11, which is a product that became end-of-life (EOL) in 2015 and end-of-support-life (EOSL) in 2019. There is no evidence to support any other firmware versions are vulnerable at this point in time and these findings have been shared with Symantec. They confirmed the currently exploited vulnerability is no longer present in Symantec Web Gateway 5.2.8. Symantec also wanted to emphasize the point that this vulnerability does not impact Secure Web Gateway solutions, including ProxySG and Web Security Services.
Starting in April this year, 360 Baize Lab intercepted a large number of attack samples from an unknown hacker organization. The hacker organization sent a phishing email to the victim by forging a police station investigation letter, COVID-19 detection notice, etc. , Through the backdoor virus to control the victim’s machine, steal valuable sensitive data related to the target. The PDB path of the virus samples used by the organization points to a user named “Vendetta”, and we will later also name the hacker organization Vendetta.
A long list of powerful stars and media companies are nervous right now, wondering if their legal dealings might soon be spilled onto the web for the world to see. And if a hacker group’s claims are true, there seems to be only one way around it: the celebrity lawyers must pay a ransom. You might call it the ultimate Hollywood hush-money payment. The law firm is based in New York, with a client list that extends from Broadway to Beverly Hills. Cybercriminals hit Grubman, Shire, Meiselas & Sacks in early April with a strain of ransomware called REvil, a key feature of which is its ability to exfiltrate data to use as extortion—as in, pay up or we’ll publish your stuff. In fact, entertainment publication Variety says the hackers have already started by leaking a page from one of Madonna’s contracts—one piece of 756 MB worth… Read more
Talk about kicking a company when it’s down. First, the coronavirus pandemic cuts into profits. Then, a ransomware attack adds tens of millions in financial damage to your company, followed by a hit on your roll out of work-from-home for the team. This is Cognizant’s story, revealed in its recent earnings call. The world’s largest IT managed services firm confirmed in mid-April it was hit with Maze… Read more
The Norwegian Investment Fund has been swindled out of 10 million dollars by fraudsters who pulled off a social engineering attack that the Norfund called “an advanced data breach” but what is commonly known as a Business Email Compromise, aka CEO fraud.
Norfund is the world’s largest sovereign wealth fund—created from saved North Sea Oil revenues and currently worth over a trillion dollars— admitted that a hacker was able to manipulate the organization into routing a loan intended for a Cambodian microfinance organization into an account controlled by cyber criminals.
As a result, in March, 100m Kroner was lost. The investment fund says the money appears to have been diverted from the organization in Cambodia to Mexico. Local and international police have been brought in to investigate the matter. There are not yet a lot of details about this attack, which may have been a simple compromised email account, perhaps several pwned workstations fully under control of the bad guys, or a fully compromised network. Read more…