Cybersecurity News V. 3.26 – ransomware activity, “re”Mirai, passwords in danger
Sodinokibi ransomware operators start selling data
Data previously stolen from Brooks International is available for purchase on hacking forums. Brooks International had refused to pay the ransom for unlocking the systems encrypted by Sodinokibi ransomware. Hackers released over 12 GB of stolen data, including credit card statements, user names and passwords, tax information, and lots of other details. It is not the first time when data stolen by Sodinokibi operators went public. The recent victims of ransomware include Synoptek, a California-based managed services provider, and Travelex, the UK-based foreign exchange giant.
Cell networks overload affects millions in UK
Millions of workers in the UK who started working from home faced a significant disruption of cellular networks. Four leading mobile carriers – O2, Three, Vodafone, and EE – had outages. This came as a result of network overload caused by millions working from home. No hacker attacks were involved, but the mobile companies arranged a joint meeting to avoid such issues in the future and enforce proper security against outbreaks.
Unsafe password managers
Several popular password managers may contain security vulnerabilities that could lead to successful exploitation. While the research revealed some new vulnerabilities, the testing against six previously disclosed vulnerabilities also showed that some of the password managers were still susceptible to URL mismatch, and vulnerable to Ignoring Subdomains and HTTP(S) Autofill exploits.
Adobe security patches
Adobe finally releases security patches to address 13 vulnerabilities, with nine of them rated as “critical” and four as “important.” Some of the weaknesses could lead to information disclosure or privilege escalation, while others allow attackers to create malicious PDF files and execute commands on the affected computers. Adobe recommends upgrading Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat 2015, and Acrobat Reader 2015 to the latest versions.
New tricks of the old Mirai
The latest version of Mirai, dubbed ‘Mukashi,’ targets Zyxel NAS devices. The botnet, which was discovered last month, could allow threat actors to compromise and control devices remotely. The new version of Mirai exploits a recently found critical vulnerability assigned with CVE-2020-9054. Even though Zyxel has already released necessary firmware patches, there are still many Zyxel NAS products running firmware versions up to 5.21 and are potentially vulnerable to compromise.
Pwn2Own hacking contest results
The spring edition of the hacking contest Pwn2Own 2020 has ended. Six teams managed to hack into apps and operating systems like Windows, macOS, Ubuntu, Safari, Adobe Reader, and Oracle VirtualBox. All bugs exploited during the contest were reported to the affected companies.
Bluffton Township Fire District’s computer servers on fire
The fire department staff discovered that hackers had encrypted records, files, and email communications. Attackers assured that the data could be safely returned after paying the ransom. There is no evidence that personal records on the servers were accessed in the hack. The department’s ability to respond to emergencies remained unaffected.