Security daily (13-10-2020)

US advisory meant to clarify ransomware payments only spotlights widespread uncertainty

If a Treasury Department advisory threatening financial penalties against anyone paying ransomware hackers was intended to send a clear message, it may have done the exact opposite. The Oct. 1 advisory from the Office of Foreign Assets Control warned that paying or helping to pay ransoms to anyone on its cyber sanctions list could incur civil penalties. Across some of the industries mentioned in the advisory — like cybersecurity incident response firms and insurance providers — reactions have ranged from confusion to silence, from yawns to raised eyebrows, from praise to fear of a blizzard of potentially unintended consequences. The worst case scenarios involve ransomware victims in the health sector having to make a life-or-death decision on whether to pay to unlock their systems while at risk of incurring Treasury’s wrath, or situations where victims try even harder to keep attacks quiet to avoid OFAC fines, which sometimes total millions […] The post US advisory meant to clarify ransomware payments only spotlights widespread uncertainty appeared first on CyberScoop. (CyberScoop)

Norway says Russian hackers carried out breach at parliament

Russian state-sponsored hackers were behind a breach of the Norwegian parliament in August in which attackers stole data from lawmakers’ email accounts, Norwegian officials alleged on Tuesday. “This is a very serious incident, affecting our most important democratic institution,” Norway Foreign Affairs Minister Ine Eriksen Søreide said in a statement. “Based on the information the government has, it is our view that Russia is responsible for these activities.” The incident, and the suggestion of foreign political interference, has been a topic of significant concern for Norwegian national security officials. Among the victims of the breach were members of the opposition Labour Party and the Centre Party, according to local media reports. The Russian Embassy in Washington, D.C., did not immediately respond to a request for comment on Tuesday on the accusation. The Russian Embassy in Oslo balked at the allegations, calling them “unacceptable” and “destructive for bilateral relations.” Norway is a member […] The post Norway says Russian hackers carried out breach at parliament appeared first on CyberScoop. (CyberScoop)

As voters cast their ballots, courts nationwide issue election security edicts

Legal battles with election security implications raged across the country over the holiday weekend, even with early voting well underway at historic levels in many states. In no state did those two things coincide more than in Georgia. Peach State voters amassed in lines marked by reports of 10-hour waits on Tuesday, following two key court rulings. Northern District of Georgia Judge Amy Totenberg on Sunday denied a bid to scuttle touch screen voting machines over cybersecurity vulnerabilities. On Monday, she also denied a request to require a specific number of emergency ballots to be on hand at Georgia polling sites. The ruling Sunday represented a setback for election integrity advocates who contend that Georgia’s machines have not been secure enough, and still aren’t. Totenberg ruled last year that Georgia must phase out its existing paperless voting machines, citing doubts about cybersecurity safeguards for direct-recording election equipment tabulations that couldn’t be audited without a paper record. […] The post As voters cast their ballots, courts nationwide issue election security edicts appeared first on CyberScoop. (CyberScoop)

Creepy covert camera “feature” found in popular smartwatch for kids

This popular smartwatch aimed at kids had a backdoor that received covert encrypted commands via SMS. (Naked Security)

Microsoft October 2020 Patch Tuesday Fixes 87 Vulnerabilities

(News ≈ Packet Storm)

London's Hackney Council Hit By Hack Attack

(News ≈ Packet Storm)

Authentication Bug Opens Android Smart-TV Box To Data Theft

(News ≈ Packet Storm)

Five Eyes Renews Calls For Backdoors In Security Products

(News ≈ Packet Storm)

Redirects to YouTube Defacement Channel

During a recent investigation, we found an infected website was redirecting to YouTube after its main index.php file had been modified to include the following line of HTML: <meta http-equiv='refresh' content='2;url=https://youtu.be/fsqzjDAO2Ug'> This technique works because it’s possible to use HTML within .php files — as long as the HTML is outside the PHP code tags. In this case, the HTML is the only code that exists, so there are no PHP tags to avoid. Continue reading Redirects to YouTube Defacement Channel at Sucuri Blog. (Sucuri Blog)

Microsoft and Other Tech Companies Take Down TrickBot Botnet

Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure. The joint collaboration, which involved Microsoft's Digital Crimes Unit, Lumen's Black Lotus Labs, ESET, Financial Services Information Sharing and Analysis Center (FS-ISAC), (The Hacker News)

October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug

There were 11 critical bugs and six that were unpatched but publicly known in this month's regularly scheduled Microsoft updates. (Threatpost)

Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes

Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020. (Threatpost)


/security-daily/ 14-10-2020 23:44:23