Cybersecurity Weekly: Phishing attack sniffed out, facial recognition ban, more ransomware

September 13, 2019 by Sam Fay

Philadelphia law firms fend off phishing attacks involving fake clients. California follows San Francisco by passing a statewide bill to ban police use of facial recognition. Ransomware cripples multiple organizations, including Rockford, IL, public schools and Entercom Communications. All this, and more, in this week’s edition of Cybersecurity Weekly.

1. Philadelphia law firms fend off phishing schemes involving fake clients

Last week, Philadelphia personal injury firm Ostroff Injury Law received a fraudulent message about an alleged dog bite victim looking to quickly settle claims. The reason they were able to sniff out the hoax was because the firm had received a similar inquiry involving a dog bite — only that case nearly made it to the point of disbursing more than $100,000 in settlement funds.
Read more »

2. California passes bill to ban police use of facial recognition

In a 22-15 vote, the California Senate passed a bill that bans the use of law enforcement body cams that use facial recognition. The bill states that officers will be “prohibited from installing, activating or using any biometric surveillance system in connection with an officer camera or data collected by an officer camera.” If signed by Gov. Newsom, the law would go into effect on January 1.
Read more »

3. New SIM card flaw lets hackers hijack any phone just by sending SMS

Cybersecurity researchers revealed the existence of a new critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS. A private government contracting company has been actively exploiting this vulnerability for the last two years to conduct targeted surveillance on mobile phone users.
Read more »

4. Ransomware cripples internet and phone lines at Rockford Public Schools District

A ransomware attack on Rockford Public Schools downed school systems, including phone lines, for several days, the district announced in a letter to staff and parents. RPS won’t say what ransomware strain was used in the attack, nor will it say how much the attackers demanded in ransom, whether the district paid or how the attack occurred.
Read more »

5. Entercom radio network deals with ransomware-like incident

Entercom Communications was hit with a cyber attack that looks very much like a ransomware incident. The issue occurred sometime in early September and affected all of the company’s offices across the country. Despite the network-wide disruption, Entercom apparently made the decision not to pay the attacker, choosing to recover systems on its own.
Read more »

6. New malware uses Windows BITS service to stealthily exfiltrate data

Dubbed Win32/StealthFalcon, the new malware communicates and sends collected data to its remote command-and-control servers using Windows Background Intelligent Transfer Service. BITS is commonly used by software updaters, including downloading files from the Microsoft servers or peers to install updates on Windows 10, messengers and other background applications.
Read more »

7. Wikipedia and World of Warcraft Classic targeted by DDoS attacks

According to the Wikimedia Foundation, Wikipedia was hit with a malicious attack that made the site inaccessible from several countries for intermittent periods. And Wikipedia wasn’t the only high-profile victim of a DDoS attack last weekend. Players of World of Warcraft Classic had difficulties connecting to the game’s servers after they too were impacted by a DDoS attack.
Read more »

8. Major Groupon, Ticketmaster fraud scheme exposed by insecure database

Utilizing stolen credit cards, cybercriminals opened millions of fake accounts and used them to buy tickets on various ticket vendor sites, and then resell them to others online. The scheme has been ongoing since 2016, until the fraudsters made a fatal flaw — leaving the emails open to the public on the unsecured database. This database was found to contain a total of over 17 million emails.
Read more »

9. New York payroll company vanishes with $35 Million

MyPayrollHR, a now defunct cloud-based payroll processing firm, abruptly ceased operations in early September after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, has left nearly $35 million worth of payroll and tax payments in legal limbo.
Read more »

10. Metasploit Project publishes exploit for Bluekeep bug

Last week, coders publicly released a working exploit for the dangerous Bluekeep bug found in Microsoft’s Remote Desktop Protocol. Designated as CVE-2019-0708, BlueKeep is a remote Windows kernel vulnerability that could be used to create wormable attacks similar to the WannaCry ransomware incident of May 2017.
Read more »

Posted: September 13, 2019
Sam Fay
View Profile