Cybersecurity Weekly: Medical center cyberattack, Shopify breach, Emotet election phish

October 5, 2020 by Sam Fay

An Ohio medical center was offline following a security incident. Shopify announces a data breach affecting fewer than 200 merchants. The Emotet malware gang takes part in the 2020 U.S. elections. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Ohio medical center offline following a security incident

A cybersecurity incident forced the computer systems of an Ohio medical center offline for multiple days and prompted the clinic to postpone elective procedures for patients. The medical center’s disruption comes as Universal Health Services grapples with a suspected ransomware attack.
Read more »


2. Shopify announces data breach affecting fewer than 200 merchants

Shopify notified the Canadian FBI of a data breach that has affected fewer than 200 merchants. The e-commerce giant says the data breach was a result of two rogue members on a support team who allegedly engaged in a scheme to obtain customer transactional records of certain merchants.
Read more »


3. Emotet malware takes part in the 2020 U.S. elections

Emotet is now taking part in the United States 2020 presidential election with a new spam campaign pretending to be from the Democratic National Convention’s Team Blue initiative. During the holidays or major political events, Emotet is known to send more intricately-themed emails to convince users to open attachments.
Read more »


4. New Android spyware posing as Telegram and Threema apps

A hacking group, which is known for its attacks in the Middle East since 2017, has recently been impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new malware. The mobile malware has been deemed surveillanceware for its ability to spy on the devices of targeted individuals.
Read more »


5. Researchers find a way to fingerprint exploit developers

Last week, cybersecurity researchers detailed a new methodology to identify exploit authors that use their unique characteristics as a fingerprint to track down other exploits developed by them. By deploying this technique, the researchers were able to link 16 Windows local privilege escalation exploits to zero-day sellers Volodya and PlayBit.
Read more »


6. Details of 540,000 sports referees taken in failed ransomware attack

A company that provides software for sports leagues to manage referees and game officials disclosed a security incident that impacted around 540,000 of its registered members, consisting of referees, league officials and school representatives. ArbiterSports, the official software provider for the NCAA, said it fended off a ransomware attack earlier this year.
Read more »


7. Ransomware victims that pay up could incur steep fines

According to an advisory by the U.S. Treasury Department, companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions.
Read more »


8. Critical flaws discovered in industrial remote access systems

Cybersecurity researchers found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data and even steal sensitive business secrets. The flaws were identified in remote maintenance tools used in automotive, energy, oil, gas and metal sectors.
Read more »


9. Cisco patches two high-severity IOS XR flaws under active attacks

Last week, Cisco released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago. Both DoS vulnerabilities resided in Cisco IOS XR Software’s DVMRP feature and existed due to incorrect implementation of queue management for IGMP packets on affected devices.
Read more »


10. Ransomware gangs add DDoS attacks to their extortion arsenal

After negotiations stalled in a recent ransomware attack, a SunCrypt ransomware affiliate DDoSed their victim’s website. When the victim logged back into the ransomware’s Tor payment site, they were greeted by a message stating that SunCrypt was responsible for the DDoS and will continue the attack if negotiations do not continue.

Read more »

Posted: October 5, 2020
Sam Fay
View Profile