Cybersecurity News V. 2.27 – data leaks, stalkerware app, hack them all: satellites, hotels, DISA
Pipeline operations could be at risk
The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to prevent further attacks on critical infrastructure. It came as a response to a ransomware attack on an unnamed gas compression facility. Initially, access to the organization’s IT network was obtained via a spearphishing link; the malware then spread to the operational technology network. The ransomware encrypted data on the systems and made it impossible to handle real-time operational data from OT devices. The facility was forced to shut down to deal with the consequences. The CISA alert gives vast information on threat actor techniques and encourages organizations to apply necessary mitigations.
Asian gambling companies targeted by cyberspies
A previously unknown threat actor launched an espionage campaign against gambling and betting companies in Southeast Asia. They used two previously unknown backdoors which are both based on DLL side-loading. Dropbox was used to deliver payloads and as the C&C channel. In addition to backdoors, some known malware families like PlugX and HyperBro were used with custom post-exploitation tools.
MGM Resorts guests personal data exposed
Almost 10,6 million personal data records of hotel guests were posted on a hacker forum. The data itself had been leaked last year from a cloud server of MGM Resorts hotels. The company’s representatives claimed that no sensitive information like passwords or payment card details was compromised. Nevertheless, the posted list of MGM guests includes names, emails, dates of birth, phone numbers, and home addresses. There are contact details of high-profile guests, including high-level executives, government employees, and celebrities.
Adobe security patches for Media Encoder and After Effects
Adobe released security updates to fix two critical vulnerabilities. Both vulnerabilities belong to the out-of-bounds write category. The first is CVE-2020-3764 affecting Adobe Media Encoder versions 14.0 or earlier for Microsoft Windows. The other is CVE-2020-3765, which affects Adobe After Effects versions 16.1.2 and earlier for Microsoft Windows.
US Defense Information Systems Agency discloses data breach
US Defense Information Systems Agency (DISA) was compromised in a data breach, which potentially affected personal records of almost 200,000 employees. There is no additional information on the data breach itself and no evidence of the compromised data being misused. Nevertheless, the agency sent letters to people who were potentially affected. The compromised data could include social security numbers. It is yet unclear if the incident involved an attack or was simply an exposure.
Spyware in disguise
There are different types of spyware that can be secretly installed on victim devices to do all kinds of stuff: track real-time location, access messengers, social networks, media files, and record phone calls. This data can be leaked to the internet. KidGuard, an app for monitoring child safety, was shown to be stalkerware.
Hack a satellite and stay fashionable
The number of commercial satellites continues to grow. For instance, SpaceX has 242 active satellites and plans to launch more than 42,000 in the future. Other companies join the race as well and have ambitious plans to launch thousands of satellites into space. The main purpose is to provide a stable internet connection all over the globe. But this can pose new threats, as there are no cybersecurity standards and regulations in this area. Lowcost satellites could be weaponized.