Cybersecurity News & Analysis | SC Media | Info Security News

Security News

Unpatched Amazon Echo and Kindle devices prone to KRACK attacks

Amazon.com Echo and Kindle devices were discovered last year to contain WPA/WPA2 protocol vulnerabilities that could potentially allow malicious actors to uncover keychains used to encrypt Wi-Fi traffic. The vulnerabilities, CVE-2017-13077 and CVE-2017-13078, are prone to Key Reinstallation Attacks (aka KRACK attacks), and were disclosed back in 2017 by a pair of Belgian researchers. In essence, they…

CozyDuke APT group believed to have targeted White House and State Department

APT 29/The Dukes back in business

The threat group APT 29 has apparently returned to action with ESET uncovering three new malware families it is attributing to the cybergang. Apt 29/The Dukes is best known as being the primary suspect behind the Democratic National Committee breach during the runup to the 2016 U.S. presidential election, but the group had remained quiet…

Cisco fixes critical Aironet Access Points flaw, addresses 29 more bugs

Cisco today released 28 security advisories, in the process addressing a total of 30 vulnerabilities, including a critical unauthorized access bug found in the company’s Cisco Aironet Access Points (APs) software. Officially designated CVE-2019-15260, the flaw potentially can be exploited to view sensitive information, interfere with configuration options and disable the AP, in order to create…

Hacker behind Montgomery County school data breach identified

A Montgomery County, Md., high school student earlier this month hacked into the Naviance college prep system and downloaded and shared the PII from about 1,400 fellow students. The initial investigation using information provided by Naviance led the school district to initially suspect two students. On October 7 the Montgomery County Police Department was brought…

VMware advisory warns users to patch critical issue in product

VMware patches critical bug in Harbor Container Registry for PCF

VMware yesterday issued a security advisory acknowledging a critical “broken access control” vulnerability found in VMware Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry (PCF). According to the advisory, malicious actors with administrative access to a project could potentially exploit the flaw in order to “create a robot account inside of an adjacent…

Open AWS buckets expose more than 200K CVs at two online recruitment firms

Unsecured AWS servers belonging to two online recruitment firms – U.S.-based Authentic Jobs and Sonic Jobs in the U.K. – have exposed more than 250,000 CVs of job candidates. Authentic Jobs, used by the likes of the New York Times and EY, took the biggest hit with 221,130 CVs exposed to the public, according to…

SHIELD Act passes committee

The Committee on House Administration passed the Stopping Harmful Interference in Elections for a Lasting Democracy (SHIELD) Act intended to close loopholes in foreign spending in U.S. elections as well as improve disclosure and transparency rules. “The SHIELD Act closes gaps in the law that allow foreign nationals and foreign governments to launder money into…

njRat

TA505 debuts Get2 downloader and SDBbot RAT in new phishing campaigns

The cybercriminal group TA505 has developed a new downloader tool and remote access trojan (RAT), both of which were observed in a sequence of phishing campaigns that began this past September. The downloader, named Get2, has been used in campaigns to deliver a variety of secondary payloads, including the FlawedGrace and FlawedAmmyy RATs and Snatch…

Baltimore belatedly buys cyberinsurance

In what could be the poster child case for closing the barn door after the horse has left, the Baltimore City Council has approved the purchase of cyber insurance, six months after the municipality suffered a damaging ransomware attack. The Baltimore Sun reported the city conducted a bidding process and selected two plans. “The first…

Graboid cryptomining worm leverages Docker Engine containers to spread

Researchers have found what they are calling the first crpytojacking worm to spread to and from compromised containers in the Docker Engine. Named Graboid as an homage to the monster worm in the 1990 movie Tremors, the malware mines Monero cryptocurrency from infected machines and randomly spreads to other vulnerable hosts. Indeed, the malware contains a list…

Next post in Malware