Cyber Security News for 18Apr2020

  1. “Earlier this month, VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service (vmdir) for authentication.  The CVE-2020-3952 vulnerability has received a CVSSv3 score of 10, it resides in the vCenter Server version 6.7 on Windows and virtual appliances.” https://securityaffairs.co/wordpress/101805/security/vmware-vcenter-server-issue-details.html
  2. “A lot of people are waiting for the one, two, and three that need to happen to make everyone relax and return to normal.  The idea is that once we get a SARS-COVID-2 vaccine, or treatment, or combination of the two, people will be ok with once again being around others in public places and at work. I think this is unlikely for a couple of reasons.” https://danielmiessler.com/blog/a-vaccine-wont-return-us-to-normal/
  3. “Companies that run Pulse Secure VPN servers are still at risk of getting hacked, despite patching vulnerable systems, cyber-security agencies from the US and Japan have warned this month. Pulse Secure VPN servers are enterprise-grade VPN gateways that companies use to let workers connect to internal company networks from across the internet.” https://www.blackhatethicalhacking.com/news/dhs-cisa-companies-are-getting-hacked-even-after-patching-pulse-secure-vpns/
  4. “So in this post we want to walk you through the technology we used to solve these issues, as well as some of the hurdles we jumped through to get things running smoothly. The hope is that for anyone else designing a similar lab in the future, we can help to avoid some of the complications that didn’t become apparent until later in the design stage.” https://blog.xpnsec.com/designing-the-adversary-simulation-lab/
  5. “Cisco Talos researchers have uncovered a new Coronavirus-themed campaign employing a previously-undiscovered RAT tracked as PoetRAT. The attacks targeted the Azerbaijan government and utility companies, the malicious code was designed to infect supervisory control and data acquisition (SCADA) systems, broadly used in the energy and manufacturing industries. ”  https://securityaffairs.co/wordpress/101837/hacking/poetrat-trojan-coronavirus.html
  6. “A hacker has leaked this week details of 20 million users of the Aptoide app store, the claims to have breached the store early this months and to be in possession of 39 million Aptoids user records.” https://securityaffairs.co/wordpress/101848/data-breach/aptoide-data-leak.html
  7. “Air transportation’s importance in the economy as critical national infrastructure, combined with its interconnectivity and complexity, makes it an attractive target for cyber criminals. Their target list stretches from air traffic control systems and the aircraft themselves, to the airline companies and airports. All of this is why cyber security was spotlighted by the World Economic Forum (WEF) in January as one of the biggest challenges facing the industry.” https://www.msn.com/en-gb/money/technology/defending-aviation-from-cyber-attack/ar-BB12IqaC
  8. “Hackers have deployed ransomware on the systems of U.S. hospitals and government entities using Active Directory credentials stolen months after exploiting a known pre-auth remote code execution (RCE) vulnerability in their Pulse Secure VPN servers.  Even though the vulnerability tracked as CVE-2019-11510 was patched by Pulse Secure one year ago, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned organizations in January 2020 to patch their Pulse Secure VPN servers against ongoing attacks, after another alert issued in October 2019.” https://www.bleepingcomputer.com/news/security/us-govt-hacker-used-stolen-ad-credentials-to-ransom-hospitals/
  9. “Cognizant, a multibillion-dollar IT services company with clients in the banking and oil and gas industries, said Saturday its computer systems had been disrupted by Maze ransomware, a strain of malicious code that has been used in cyberattacks in the U.S. and Europe in recent months.” https://www.cyberscoop.com/cognizant-maze-ransomware-fortune-500/
  10. “Two-factor authentication is an extra level of security known as multi-factor authentication.  It adds an extra step to the login process.  Instead of only having to enter your username and password to log into a website, with two-factor authentication enabled, you also need to confirm your identity in one additional step. “https://www.blackhatethicalhacking.com/facts/two-factor-authentication-is-not-always-totally-secure/

#security #cybersecurity #itsecurity #privacy #vmware #vcenter #covid19 #pulsesecurevpn #vpn #coronavirus #rat #poetrat #scada #maze #ransomware