• Multiple 2K Social Media Accounts Hacked And Posting Offensive Material
    It appears that multiple 2K-related social media accounts were hacked on Friday night. The Twitter account of Ronnie 2K aka Ronnie Singh the Digital Brand Manager for the NBA 2K series, and the official 2K Facebook page were the targets as hackers posted offensive material on the accounts. Racial slurs, and other unfortunate posts littered the timelines of the accounts’ millions of followers. The 2K Twitter and the WWE 2K Twitter account posted the following message in acknowledgment of the situation. Ronnie 2K’s account later posted a similar message: Many have experienced their social media accounts being hacked, but this is a bit different.Read More
  • CAH Holdings Issues Notice of Data Security Incident
    BIRMINGHAM, Ala., Nov. 15, 2019 /PRNewswire/ -- CAH Holdings Inc. (CAH) recently learned of a data security incident involving some employee email accounts that may have impacted a limited amount of personally identifiable information and protected health information (PHI). To assist with the investigation, CAH hired independent computer forensic experts to determine what occurred, and what information may be at risk. The forensic investigation determined that an unauthorized actor gained access to some of its corporate email accounts. CAH reviewed the contents of the email accounts, and determined that limited information related to names, medical treatment history and diagnoses, and health benefits was contained in the accounts. Although we are not aware of any misuse of any information, as an added precaution, we are offering, at no cost to the individual, credit monitoring and identity theft protection through ID Experts®. "The privacy and protection of our customers' information is a matter we take very seriously, and we are committed to taking steps to prevent this type of incident from occurring in the future."Read More
  • Nunavut government computer systems coming back online after cyber attack
    Nearly two weeks after the government of Nunavut was hit with a ransomware strike, its computer systems are starting to come back online. (CBC)The Nunavut government is slowly returning to normal nearly two weeks after its computer systems were paralyzed by a cyber attack. All Nunavut government computers were paralyzed on Nov. 2 when a ransomware virus entered the system. This ransom note appeared on government of Nunavut computers when users attempted to open any files. (Name withheld by request) Government didn't pay ransom The government says it refused to pay the ransom and offices were forced to rely on fax machines, paper forms and telephone calls while the system was repaired.Read More
  • New NextCry Ransomware Encrypts Data on NextCloud Linux Servers
    Its name is NextCry as it was discovered on a Linux machine running Nextcloud server. Zero detection xact64, a Nextcloud user, posted on the BleepingComputer forum some details about the malware in an attempt to find a way to decrypt personal files. Although his system was backed up, the synchronization process had started to update files on a laptop with their encrypted version on the server. Looking at the malware binary, Michael Gillespie said that the threat seems new and pointed out the NextCry ransomware uses Base64 to encode the files. Nexcloud servers targeted The ransom note is in a file named “READ_FOR_DECRYPT” stating that the data is encrypted with the AES algorithm with a 256-bit key. Nextcloud’s recommendation for administrators is to upgrade their PHP packages and NGINX configuration file to the latest version.Read More
  • Stealthy Malware Flies Under AV Radar with Advanced Obfuscation
    A threat campaign active since January customizes long-used droppers to infect victim machines and lift credentials and other data from browsers, according to Cisco Talos. Cisco Talos said the wave of ongoing campaigns use custom droppers to plant information-hijacking malware such as Agent Tesla and Loki-bot into common application processes. “The adversaries use custom droppers, which inject the final malware into common processes on the victim machine,” wrote Holger Unterbrink, a researcher with Cisco Talos, a blog post about the new research. “Once infected, the malware can steal information from many popular pieces of software, including the Google Chrome, Safari and Firefox web browsers.” Unterbrink said the adversaries use injection techniques that have been employed for many years, but with new, custom capabilities that are making them difficult for anti-virus (AV) protections to detect, Unterbrink wrote. Multistage Attack Chain The dropper campaigns researchers observed work in several stages that use “obfuscation chains” to elude modern AV protections, Unterbrink said.Read More
  • US Govt Recommends Vendor System Configs To Block Malware Attacks
    The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today reminded users and system administrators to properly configure their systems to defend against malware that can exploit improper configurations. "Doing so in addition to maintaining regular patch maintenance, will help give your systems and networks the best security possible." Malware protection guidance Besides encouraging administrators and users to properly configure their computing systems to avoid potential malware attacks, CISA also provides a list of security practices that will help drastically reduce malware risks if followed. The agency's ST18-004 security tip revised in April 2019 recommends installing and maintaining anti-malware solutions, using caution when clicking and opening links and attachments received by email, blocking pop-up advertisements to defend against malvertising, and using accounts with limited user permissions to prevent malware from spreading.Read More
  • East Texas School District Suffers Ransomware Attack
    (TNS) — Port Neches-Groves ISD, which is near Beaumont, Texas, lost access to files on all computer systems Tuesday afternoon after being attacked by ransomware, a type of cyberattack that renders files unusable then demands money for restoring access. Superintendent Mike Gonzales said the attackers were asking for a “sizable amount of money,” and that several local law enforcement agencies and cybersecurity specialists were working to get the computers up and running again. “It is sad that they would do this to a school district,” Gonzales said. Once the malware gets access to a computer or server, it encrypts the user’s files and demands a ransom in exchange for providing a key to decrypt the files. Connor Hagan of the FBI’s Houston office said email phishing campaigns are the most common malware attacks. Gonzales said the district will bounce back, despite the inconvenience from the attack.Read More
  • Undocumented Access Feature Exposes Siemens PLCs to Attacks
    Siemens is working on addressing a vulnerability that can be exploited by a skilled attacker to execute arbitrary code on its SIMATIC S7-1200 programmable logic controller (PLC) by abusing a hardware-based access mode. However, they discovered that an attacker who has physical access to a PLC could abuse it — through a cold boot attack — by sending a special command via the universal asynchronous receiver-transmitter (UART) interface during the first half second of the PLCs booting process, which allows them to dump the firmware from the memory. An attacker can also leverage a combination of diagnostic functionalities to achieve arbitrary code execution in the bootloader stage, before the PLC firmware is loaded. On the other hand, the researchers pointed out that this special access feature could also be leveraged by the owner of a PLC to conduct forensic analysis. Now, using this special access, companies [performing forensic analysis] can have a snapshot of the memory of the PLC at the time of the crash and further investigate if there is an infection on the PLC.”Read More
  • Intel Patched 77 Vulnerabilities in November 2019 Platform Update
    Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory 22 of 24 2.3 – 9.6 Intel® WIFI Drivers and Intel® PROSet/Wireless WiFi Software extension DLL Advisory 3 of 3 8.2 – 8.7 Intel® SGX with Intel® Processor Graphics Update Advisory 1 of 1 6 Intel® Xeon® Scalable Processors Voltage Setting Modulation Advisory 1 of 1 5.8 Severe Intel Graphics Driver LPE affects Windows, Linux devices As part of the security updates issued this week, Intel also addressed vulnerabilities in the Intel Graphics Driver for Windows and Linux that may allow for escalation of privilege, denial of service, and information disclosure.Read More
  • A new sophisticated JavaScript Skimmer dubbed Pipka used in the wild
    Visa Payment Fraud Disruption warns of a new JavaScript skimmer dubbed Pipka that was used by crooks to steal payment data from e-commerce merchant websites. “In September 2019, Visa Payment Fraud Disruption’s (PFD) eCommerce Threat Disruption (eTD) program identified a new JavaScript skimmer that targets payment data entered into payment forms of eCommerce merchant websites. PFD is naming the skimmer Pipka, due to the skimmer’s configured exfiltration point at the time of analysis (as shown below in the Pipka C2s).” reads the advisory published by VISA. “Pipka was identified on a North American merchant website that was previously infected with the JavaScript skimmer Inter, and PFD has since identified at least sixteen additional merchant websites compromised with Pipka.” Similar to Inter, Pipka allows configuring which fields in the target forms it will parse and extract. One sample analyzed by the experts was specifically customized to target two-step checkout pages that collect billing data on one page and payment account data on another.Read More