Daily Cybersecurity Roundup, September 25, 2020
Source code of legacy verions of a software could help attackers identify unknown vulnerabilities in current products. Lately, a mischievous hacker allegedly uploaded the source code of Microsoft's Windows XP and Windows Server 2003 bundled in a 42.9GB torrent file online, posing a threat for millions of devices running these operating systems. In another vein, the CISA revealed that a hacker breached a U.S. federal agency and exfiltrated confidential data using authentic Office 365 credentials. With this said, read on to find out all that shaped the cybersecurity landscape in the past 24 hours.
The source code for Windows XP, Windows Server 2003, and other Microsoft OS servers was allegedly leaked online in a 42.9GB torrent file on 4chan, an online message board.
The CISA, without naming the victim federal agency, issued an alert regarding an attack wherein the threat actors used legitimate Microsoft Office 365 login credentials to gain initial access to an agency computer remotely.
A flaw in the default configuration of the Fortigate VPN solution could subject 200,000 businesses to man-in-the-middle (MitM) attacks wherein attackers could present a valid SSL certificate and fraudulently take over the connection.
A phishing attack at Scouts Victoria, Australia, impacted the passport, credit card details, and other sensitive data of approximately 900 individuals in a staff email breach.
The China-linked Gadolinium hacker group (aka APT40) was found hosting malicious apps on Azure Active Directory as part of their command and control infrastructure.
According to the Office of the Governor of Washington, the state is being targeted by a widespread, highly sophisticated phishing campaign.
Polish authorities took down one of the most active hacker groups involved in malware distribution, ransomware attacks, SIM swapping, banking fraud, and fake bomb threats.
According to Action Fraud, cybercriminals swindled more than 4 million from elderly people in the U.K in the financial year 2018-19. The data request was made under the Freedom of Information Act (FOIA).
In an exercise called Jack Voltaic 3.0, cybersecurity experts from the U.S. Army and the private sector, along with municipal bodies of Charleston, S.C., and Savannah, Ga., conducted a cyberattack simulation to test their response capabilities.
InferLink Corp. secured $1 million in funds from the DHS through the Small Business Innovation Research program to build a peer-to-peer cybersecurity information sharing tool.