The May 2020 Cyber Security Roundup

Overview of UK cyber security and information security news, blog articles, reports and threat background information for the previous calendar month, April 2020.

It has also been reported that the activities of UK money market company Travelex have been suspended after its IT systems were severely affected by the acquisition of Sodinokibi earlier this year. It was reported that REvil was behind the attack, stole 5 GB of customer data and then demanded a ransom of $6 million (£4.6 million). In April 2020, the Wall Street Journal reported that Travelex had made a deal by paying $2.3 million (£1.84 million) to cybercriminals. This reaction stimulates future buy-out activities against all other companies and could, in my opinion, lead to an inflation of future cyber-blackmail demands.

Cognizant, a leading U.S. provider of digital solutions and IT consultancy, would have been affected by an acquisition of Maze.  Like the Travelex attack, the maze, formerly known as ChaCha, not only encrypts the victim’s files, but also steals sensitive data from computer systems. This allows the bad guys to threaten to release stolen data if the organization spits out its cyber blackmail demands, so the bad guys loudly wash up and repeat the lucrative attacks.

Microsoft has written an excellent blog about a motley company of ransom seekers. The blog focuses on ransoms that would weigh on safety operations especially in the health sector. It warns Microsoft and urges security teams to search for signs of account theft and lateral movements that warn of attacks.

Researchers are still discovering large confidential datasets in poorly configured cloud services   In April, researchers reported that 14 million ring users were found in an open AWS database with poor configuration, 42 million in the Kinomap fitness program, 95 million in another database with poor configuration and 95 million in Maropost.

Nintendo confirmed that 160,000 user accounts were available, resulting in PII and Nintendo Shop accounts. Game giant Nintendo has stated that since April, user accounts can be accessed via the Nintendo Network ID (NNID), which is mainly used to switch games. The company is not sure how the invasion took place and says that it seems to have been done by personalizing the Nintendo Network ID entry. If you use the same password for your NNID and Nintendo account, your balance and your registered credit/debit card / PayPal card may be used illegally in my Nintendo Shop or in Nintendo eShop. Set different passwords for your NNID account and your Nintendo account. In response to these issues, the company has removed the ability for users to log in to their Nintendo accounts via NNIDs and reset the passwords for NNID and Nintendo accounts, and recommends multi-factor authentication for each account.  Account violations weren’t the only cyberspace-related problems Nintendo faced in April. For example, it has been reported that a bone called Bird Bot was used by a retailer to buy switches from Nintendo before customers could buy them from Nintendo. Reseller bots take advantage of the fact that buyers buy all available meters directly from Nintendo to sell them at higher prices. This allows them to quickly and easily take advantage of the current high demand for switches and the lack of supply.

April has been a busy month of security updates Microsoft released security patches on Tuesday that fix 113 vulnerabilities and an out-of-band patch for the teams discovered by CyberArk researchers. Tuesday’s patch is silent for Adobe, although patches for 21 critical vulnerabilities in Illustrator and Bridge were released at the end of the month.  Oracle has released 397 huge patches for 450 CVE’s in over 100 products, which I think is a new record for a patch release!

Sophos said that she and her clients were attacked when a previously unknown SQL injection vulnerability was exploited in their physical and virtual modules of the XG firewall. The attacking systems are configured with a management interface (HTTPS management service) or a user portal in the WAN area. It has also assigned firewalls that are manually configured to expose firewall services (such as SSL VPN) to a WAN area that shares a port with the administrator or user portal, Sophos said.

Critical security patches have been released for Mozilla Firefox, Chrome (twice), and 8 Cisco products. Numerous VMware patches to enable 10-point (maximum possible) CVSS in vCenter, essential for vRealize Log Insight and essential for ESXi 6.5 and 6.7 cross-site scripting vulnerabilities Finally, on the patch front, Intel decided to stop the release of several products because it was unable to fix the vulnerabilities.

Stay safe, stay home safe and watch out for scams.




*** This is the blog dedicated to the Security Bloggers Network of computer security experts created by SecurityExpert. The original message can be found at: for-may-2020.html

You May Also Like