hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with […]
News for discussion
Popular web sites using port scans
The Bleeping Computer cybersecurity blog revealed that some popular websites are using port scans. For example, eBay uses a script to detect remote access applications on visitors’ computers, which may be an anti-fraud measure. Different websites initiate scans in varying situations, from merely visiting the main page to logging in. While being a security mechanism, port scans can be viewed as a privacy risk by some.
Is there something to worry about? hexway comment:
By conducting this kind of scans, site owners try to find remote control software on users’ computers. Such software can be a sign of a computer being compromised. Thus, companies try to prevent fraudulent activity. While not being illegal, these scans irritate users instead of giving them a sense of security. Although, the majority of users do not even notice them. Those who are concerned about their “web hygiene” would not be affected either: anti-tracking tools and browser content blockers will stop this kind of website behavior. So, these scans do not hurt anyone and make us a little more secure.
Massive public cloud botnet shut down
Cybersecurity researchers revealed a new botnet that affected thousands of users and spread malware through pirate gaming portals. The threat actors used Alibaba Cloud storage and Baidu Tieba platform to host malicious files. The bait was a launcher for pirated games and downloaded the malicious library file cs.dll. The security response teams of Baidu and Alibaba managed to inform the infected users about the risks and shut down malware downloads.
New threats and more victims of ransomware
PonyFinal is human-operated ransomware that targets corporate networks with high precision. It has been in the wild for several months now, and its operators can breach accounts on a victim system and infect other devices across the network. To avoid the risk of infection, Microsoft Security Intelligence suggests organizations to focus on how PonyFinal is delivered. Pentesting could help prevent weak password brute-forcing.
NetWalker ransomware hit new victims, and Michigan State University is among them. The hackers managed to exfiltrate sensitive personal information from the university network. The ransomware is spread through phishing emails and infects Windows networks. Security audits and security checklists help companies to improve their security and raise awareness regarding social engineering.
Apple security updates and fixes
A zero-day exploited by the unc0ver jailbreak for iPhones running iOS 13.5 and prior has been fixed (CVE-2020-9859). Found in the iOS kernel, the bug allowed kernel-level code execution. It’s patched for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and 7th-gen iPod touch. Previously, Apple fixed a severe flaw in its "Sign in with Apple" feature, which allowed attackers to take over victims' accounts in third-party applications.
Apple also released scheduled security updates for its products. 44 vulnerabilities affecting macOS Catalina 10.15.5 were patched. Mojave and High Sierra got security updates as well. 10 vulnerabilities were fixed in Safari 13.1.1. In iCloud for Windows, issues including arbitrary code execution, denial of service, and cross-site scripting were addressed.
Two major data breaches
NTT has shared that over 600 of its customers could be victims of a recent data breach. The company detected unauthorized access to its Active Directory server; the details of the attack are still being investigated. NTT is fully aware of the necessity of cybersecurity risk assessment and regularly publishes its findings on modern hacking techniques.
Another recent data breach concerns Amtrak’s Guest Rewards members. The company states that no financial data, credit card info, or SSNs were leaked, and the security team managed to shut down suspicious activity shortly after detection. The passwords of the potentially affected Guest Rewards accounts were reset. The incident was contained with the help of a third-party cybersecurity consulting services provider. Regular security analysis and IT security audits can significantly increase customer data protection.