Thursday, October 29, 2020
Internet Storm Center Infocon Status



Attacks exploiting Netlogon vulnerability (CVE-2020-1472)

Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not...
The Register

Google Safari Workaround case inspires campaign to sue Facebook in UK’s High Court over Cambridge Analytica app

'Facebook You Owe Us' wants to run a not-quite-class-action-style lawsuit A campaign to sue Facebook over lax privacy policies that allowed Cambridge Analytica to slurp almost a million people's personal data from the social networking website hopes to become...

Hackers are on the hunt for Oracle servers vulnerable to potent exploit

Enlarge (credit: Victorgrigas) Hackers are scanning the Internet for machines that have yet to patch a recently disclosed flaw that force Oracle’s WebLogic server to execute malicious code, a researcher warned Wednesday night. Johannes Ullrich, dean of research at...

Hackers Make Off With Millions From Wisconsin Republicans

According to the Wisconsin Republican Party, thieves used altered invoices to make off with $2.3 million in election funds.

Ransomware Group Targets Hospitals At Height Of Pandemic

The malware attacks also include data theft and the disruption of healthcare services, and appear to be timed to take advantage of the disruptions caused by the Covid-19 pandemic.

TikTok Owner ByteDance Selling Smart Lamp With Camera For School Kids

File this one in the didn’t-expect-that department.

How to install the FreeIPA identity and authorization solution on CentOS 8

Jack Wallen walks you through the process of installing an identity and authorization platform on CentOS 8.

I've Joined the 1Password Board of Advisers

Presently sponsored by: Make pwned passwords a thing of the past with and pwncheckAlmost a decade ago now, I wrote what would become one of my most career-defining blog posts: The Only Secure Password is the One You...

Ransomware Wave Targets US Hospitals: What We Know So Far

A joint advisory from the CSIA, FBI, and HHS warns of an "increased and imminent" threat to US hospitals and healthcare providers.

Community College Continues to Investigate Cyberattack

A data breach at a North Carolina community college may have affected many of its current and former students. read more
The Register

Ryuk this for a game of soldiers: Ransomware-flingers actively targeting hospitals in the US, cyber agencies warn

And infosec firms say it's only got worse over this year Ryuk ransomware is being aggressively deployed to target US healthcare institutions, government cyber organisations in the US have warned.…
The CyberWire Podcast

Familiar threat actors are back in the news. Big Tech’s testimony on Capitol Hill had less to do with Section 230 than many had foreseen.

Some familiar threat actors--both nation-states and criminal gangs--return to the news: Venomous Bear, Charming Kitten, Wizard Spider, and Maze. Mike Benjamin from Lumen looks at the Mozi malware family. Our guest...

MAR-10310246-1.v1 – ZEBROCY Backdoor

Original release date: October 29, 2020Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse...

How Healthcare Organizations Can Combat Ransomware

The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.

All Tricks And No Treat: Preparing For IT Chaos In 2021

If we've learned anything from this challenging year, it's to prepare for the worst. It's likely that 2021 will be full of unexpected challenges, from cybersecurity threats to data breaches, and businesses must put together emergency recovery plans immediately.

Why Defense, Not Offense, Will Determine Global Cyber Powers

Darktrace director of strategic threat Marcus Fowlers explains what to expect from nation-state attackers in the months to come -- and why kindergarten classes are a good model for solid cybersecurity.

$150 Million To Bankrupt: Fraud Startup Tells Court It Had Just $25,000 Left After CEO Arrest

Las Vegas-based NS8, which filed for chapter 11 bankruptcy protection Tuesday, is now preparing to go after money it says was allegedly stolen by its former CEO, Adam Rogas.

University Dodges A Bullet As Fake Covid-19 Survey Leads To Ransomware Attack

As the Covid-19 pandemic rages on, so too do coronavirus-themed cyberattacks.

Microsoft Warns of Continued Exploitation of CVE-2020-1472

Original release date: October 29, 2020Microsoft has released a blog post on cyber threat actors exploiting CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers...

Cybercriminals Aim BEC Attacks at Education Industry

Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic.

As Global Summits Go Virtual To Beat Pandemic, Iran’s hackers Spy Weakness In Email communications

Just because your global conference has gone virtual to beat the pandemic doesn’t mean it isn’t just as big a target for nation state hackers as physical events where everybody turns up at the door with an ID.

Triple Data Breach Earns Insurer $1m Fine

Triple Data Breach Earns Insurer $1m Fine An American insurance company has been fined $1m over three data breaches that occurred over a six-month period in 2017. Aetna agreed to the fine and to the adoption of a corrective action plan to settle potential violations of...

Buer Loader “malware-as-a-service” joins Emotet for ransomware delivery

A relative newcomer in the "malware-as-a-service" scene is starting to attract the big-money ransomware criminals.
The Register

Looking for good news on COVID-19? That’s exactly what cyber attackers want you to do

Let us show you how to outsmart them Webcast  If you think cybercriminals and hackers are without a shred of empathy or human understanding, you’d be wrong.…

Analysis: Forcepoint Can Still Succeed, but It Needs Committed Ownership

Raytheon intends to sell Forcepoint to PE firm Francisco Partners. Despite a solid product portfolio and bold strategy, Forcepoint's future is now even more uncertain.


I've Joined the 1Password Board of Advisers

Presently sponsored by: Make pwned passwords a thing of the past with and pwncheckAlmost a decade ago now, I wrote what would become one of my most career-defining blog posts: The Only Secure Password is the One You...
Graham Cluley

Become a security intelligence expert, with these free tools from Recorded Future

Many thanks to the great folks at Recorded Future, who have sponsored my writing for the past week. If 2020 taught the security industry anything, it is this: There has never been a better time to be a cybercriminal....
Bruce Schneier

Tracking Users on Waze

A security researcher discovered a wulnerability in Waze that breaks the anonymity of users: I found out that I can visit Waze from any web browser at so I decided to check how are those driver icons implemented. What...
Graham Cluley

Smashing Security podcast #202: The Wu-Tang Clan are Among Us

Voting machines are under the microscope, scammers are posing as rap stars, and American politician AOC isn't the only one who's been getting into the Among Us game. All this and much more is discussed in the latest edition of...
Brian Krebs

FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals

On Monday, Oct. 27, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical...