CYBERSECURITY NEWS V. 4.24 – phishing against GitHub, new Lampion Trojan, improved Emotet
Maze Ransomware hits Cognizant
Cognizant, a large IT services company with almost 300,000 employees and over $15 billion in revenue, has suffered from a significant cyber attack. In its official statement, the company confirmed that a Maze ransomware attack resulted in a security incident involving their internal systems and causing service disruptions for some of their clients. Recently, ransomware operators employed a tactic of stealing data before encrypting it, which makes the Cognizant incident a possible data breach.
Siemens patch day
Siemens has released six new security advisories in April. Three of them are related to SegmentSmack vulnerability with CVE-2018-5390. The vulnerability affects the Linux kernel and could be exploited to launch remote denial-of-service attacks by sending crafted packets to the targeted system. Siemens has released firmware updates for some of the affected devices, and other products will be updated as soon as possible.
Intel Platform Update
With the April monthly update, Intel addresses nine security vulnerabilities of high and medium severity. The disclosed vulnerabilities could allow unauthenticated users to trigger denial of service and escalate their privileges through local access on unpatched systems. There are six advisories issued by Intel with detailed lists of all affected products and recommendations for software, firmware, and platforms at risk.
Lampion Trojan
A new banking trojan identified in December 2019 continues to spread. It steals information related to banking portals. It uses trusted victim devices as access points, which makes it hard for security teams to detect it. Lampion has spread through phishing email campaigns pretending to contain a debt warning but in fact a malicious file available for download. The best way to mitigate the threat is to avoid downloading the files of unknown origin.
VMware against CVE-2020-3952
VMware has recently released a patch to address a severe vulnerability in its VMware Directory Service. It has the highest possible CVSS score of 10.0 and affects any vCenter Server v6.7 upgraded from the previous version. CVE-2020-3952 could allow an attacker to add an administrator account to the vCenter Directory using three simple unauthenticated LDAP commands with nothing more than network access to the vCenter Directory Service. To reduce the risks of vulnerability exploitation, it is recommended to patch the vCenter Server or install the latest version (7.0), which would result in a secure vSphere deployment.
Old Equifax data breach, new lawsuit
Equifax Inc is once again accused of failing to address a known vulnerability, which resulted in the data breach and allowed hackers to access the personal information of its customers. Massachusetts Attorney General announced an $18.2 million settlement to resolve the lawsuit. According to the attorney general office, almost three million residents of Massachusetts were affected by the Equifax data breach, which took place in 2017.
Emotet, fresh and improved
Emotet, one of the most dangerous modern malware botnets, has got an update and improved modules to conceal its presence on infected networks and machines. Originally developed as a banking Trojan, Emotet has already been rewritten several times in the past years and repurposed as a malware loader. It could deliver modules that steal passwords from local apps and spread to other machines on the network. With the most recent update, some of its modules were redesigned and the botnet was enhanced with anti-malware evasion features.
Sawfish phishing campaign targets GitHub users
A new phishing campaign named Sawfish was launched to try and gain access to GitHub user accounts. The initial set of phishing messages would claim that a repository or settings in a GitHub account were changed or that unauthorized activity was detected. Clicking the link in the message would lead to a phishing site imitating the GitHub login page to steal any credentials entered.
