Cybersecurity Weekly: Healthcare fends off attacks, Apache flaws, out-of-band Windows patches

July 7, 2020 by Sam Fay

Healthcare organizations are successfully fending off attacks throughout the pandemic. Critical Apache Guacamole flaws put remote desktops at risk of hacking. Microsoft releases Windows update to patch two critical flaws. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Even during pandemic, healthcare orgs successfully fending off attacks

Despite an increased toll on their computer systems amid Covid-19, healthcare organizations throughout the world generally are doing a good job of mitigating inbound attack attempts. The report cites a doubling of data exfiltration behaviors to external destinations such as cloud services, and healthcare’s increased reliance on remote work and collaboration.
Read more »


2. Critical Apache Guacamole flaws put remote desktops at risk of hacking

New research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, a popular Linux remote desktop application. The reported flaws could potentially let bad actors achieve full control over the Guacamole server, as well as intercept and control all other connected sessions.
Read more »


3. Microsoft releases Windows update to patch two critical flaws

Last week, Microsoft quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting millions of Windows 10 and Windows Server users. Both flaws reside in the Windows Codecs Library, an easy attack vector to social engineer victims into running malicious media files downloaded from the Internet.
Read more »


4. Ransomware attack on insurance MSP Xchanging affects clients

Global IT services and solutions provider DXC Technology announced over the weekend a ransomware attack on systems from its Xchanging subsidiary. The company reported the incident on July 5, expressing confidence that it did not spread outside the Xchanging network. For the moment, the investigation did not reveal any indication of data being affected.
Read more »


5. A new ransomware targeting macOS users through pirated apps

Last week, cybersecurity researchers discovered a new type of ransomware targeting macOS users that spreads via pirated apps. The ransomware variant — dubbed EvilQuest — is packaged along with legitimate apps, which upon installation, disguises itself as Apple’s CrashReporter or Google Software Update.
Read more »


6. StrongPity hackers target Syria and Turkey with retooled spyware

Last week, researchers uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes. The advanced persistent threat behind the operation, called StrongPity, retooled with new tactics to control compromised machines.
Read more »


7. Hundreds arrested after encrypted messaging network takeover

A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks. It is also swiftly evolving to position itself as a backdoor for downloading future, more damaging malware.
Read more »


8. Hundreds arrested after encrypted messaging network takeover

European law enforcement agencies arrested hundreds of suspects in several European countries after infiltrating the EncroChat encrypted mobile communication network used by organized crime groups. The operation was a joint effort of French and Dutch law enforcement agencies and judicial authorities who were able to dismantle EncroChat.
Read more »


9. GoldenSpy backdoor installed by tax software gets remotely removed

As soon as security researchers uncovered the activity of GoldenSpy backdoor, the actor behind it delivered an uninstall tool to remove all traces of the malware. GoldenSpy stayed hidden in software that a Chinese bank required its company customers to install for paying local taxes.
Read more »


10. BMW customer database for sale on dark web

A database of 384,319 BMW car owners in the U.K. is for sale on an underground forum by the KelvinSecurity Team hacking group. The hacking group, which last week tried to sell databases related to other U.S. business, made the BMW data available, including initials and last names, emails, addresses, vehicle numbers and dealer names, among other information.
Read more »

Posted: July 7, 2020
Sam Fay
View Profile