hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts
News for discussion
More than just ransomware
A recent leak on the Maze Ransomware website reveals that its operators stay in the networks of their victims to steal files. This means that no one can feel safe enough even after paying a ransom. A full infrastructure audit should be conducted to make sure that the systems are secure. Ransomware operators use complex methods and tools and internal security teams should turn to cybersecurity service providers and security professionals for ransomware protection and forensics.
Ransomware operators always try to get the most from every victim, so we have to expect that they can not only encrypt data but also compromise the company’s network and leave backdoors for future use.
What to do if your company was hit by a ransomware attack? You must prepare for financial losses (both big and small) and realize that most recommendations that are usually given in such situations, like shutting down the network and all computers using it, are very hard to implement.
Even if your company has been safe from ransomware attacks, you have to understand that security software (like AV, firewall, SIEM, UEBA) is not enough. Cybersecurity processes in your company should be implemented gradually and consistently on every level, from network architecture and software security to personnel training.
Patches and updates
Adobe Security patches
Adobe has released a new set of 19 patches for both Windows and macOS versions of Adobe Audition, Adobe Premiere Rush and Pro, Adobe Illustrator 2020, Adobe After Effects, and Adobe Campaign Classic. Most of the fixed vulnerabilities are critical, including arbitrary code execution.
Netgear forced to patch 0-day vulnerability ASAP
A software vulnerability that allows hackers to bypass router authentication was reported to Netgear in January. However, the company failed to patch it. The vulnerability is present in firmware dating back 2007 and affects more than 70 devices. The researchers published their findings to raise awareness about the security of consumer network devices.
Zoom security news
Zoom has finally introduced end-to-end encryption available to all users. The new E2E design is available on GitHub. It is delivered as an add-on and requires phone number verification. E2EE will remain optional since it can limit some functionality. The early beta tests will start in July.
Cyber threats, vulnerabilities, and breaches
Avon has suffered from a cyberattack, which rendered its back-end systems offline. As a result, the company’s reps could not place online orders. The company claims that no credit card details were stolen during the accident. Cybersecurity specialists remind of the necessary backups that must be kept separate from the main systems and cybersecurity services.
Сhrome Store removes spying extensions
Official Google Chrome Web Store has removed more than 70 malicious add-ons after warnings from security researchers. The add-ons were found to be spying on users and stealing their browsing history as well as other data. Google promised to improve internal security analysis but refused to give any information about potential damage and explain why they couldn’t detect malicious extensions on their own. Although they mostly threatened individual users, security analysis shows that corporate networks could also be at risk if no security services are enabled.
One more Office 365 phishing campaign
A recent cybersecurity blog post covered a new fishing campaign that uses Office 365 to lure users to malicious websites. To avoid detection, the threat actors abused an Adobe Campaign redirection mechanism and used the Samsung domain. Adobe has taken all necessary actions to prevent such attacks in the future. It is recommended to perform complex security audits and pentests to ensure security in addition to the implemented automated security solutions.
Oracle BlueKai exposed billions of records
One of the servers of BlueKai, an Oracle division that tracks users around through cookies, was left unprotected. A huge database with tracking data was not even protected by a password. Some of the data could be rather sensible: it contains personal information like names, home addresses, email addresses, and browsing history. Oracle promised to take steps “to avoid a reoccurrence of this issue” but gave no additional information. Forbes has already named this case “one of the largest cybersecurity mistakes of 2020”.
Mac malware from Google Search results
A new Trojan affecting Mac users was discovered. Disguised as Flash Player, it is designed to bypass macOS Catalina security measures. Users are lured into installing an outdated version of the player and get the malware instead. Moreover, it is spread through Google search results by redirections to fake pages. The only advice for Mac users is to verify the source of downloaded files and install software from trusted vendors only.