Cybersecurity Weekly: Ransomware hits schools, vulnerability toolkit, state-sponsored hackers

September 15, 2020 by Sam Fay

Virginia’s largest school system was hit with ransomware. The U.K. government releases a toolkit to easily disclose vulnerabilities. International hackers are targeting Exchange, Citrix and F5 flaws. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Virginia’s largest school system hit with ransomware

The Fairfax County Public School District is investigating a cyberattack on its technology systems. Maze has claimed responsibility for the incident. The administration confirmed the ransomware attack in a memo and said the incident did not disrupt its distance learning program, which started last week.
Read more »


2. U.K. government releases toolkit to easily disclose vulnerabilities

The National Cyber Security Center in the U.K. released a guideline to help companies implement or improve a vulnerability disclosure process. The Vulnerability Disclosure Toolkit underlines the need for organizations of all sizes to pave the road for an open posture toward responsible bug reporting.
Read more »


3. International hackers targeting Exchange, Citrix, F5 flaws
The US government issued an advisory on China-sponsored hackers attacking government agencies through vulnerabilities in Microsoft Exchange, Citrix, Pulse, and F5 devices and servers. MSS-affiliated actors have targeted various industries across the United States and other countries over the past few weeks.
Read more »


4. Magento stores hit by largest automated hacking attack since 2015

Over the weekend, a credit card skimming prevention firm detected 1,904 Magento stores that were compromised over the last four days. The attack started when ten stores were infected with a credit card skimming script not previously seen in other attacks.
Read more »


5. Staples discloses data breach exposing customer info

Staples informed some of its customers that data related to their orders has been accessed without authorization. The company has not disclosed the incident publicly and alerted affected customers individually over email. The event occurred earlier this month around September 2 and consisted of unauthorized access to a system belonging to Staples.
Read more »


6. Ransomware Hits US District Court in Louisiana

The Fourth District Court of Louisiana has been hit with ransomware, and the attackers have published court data on the Dark Web to prove their capabilities. The attack, attributed to and claimed by the Conti malware group, has knocked the court’s website offline. Conti uses the Trickbot malware distribution network to deliver the ransomware payload.
Read more »


7. New Linux malware steals call details from VoIP softswitch systems

Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed CDRThief that targets VoIP softswitches in an attempt to steal phone call metadata. The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records.
Read more »


8. Unpatched Bluetooth flaw lets hackers easily target nearby devices

Last week, Bluetooth SIG issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. Dubbed BLURtooth, the flaw allows attackers to connect to a targeted nearby device by overwriting the authenticated key or reducing the encryption key strength.
Read more »


9. Hackers stole $5.4 million from Eterbase cryptocurrency exchange

Last week, European cryptocurrency exchange Eterbase disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars. Eterbase has now entered maintenance mode until the security issue is resolved.
Read more »


10. New Raccoon attack could let attackers break SSL/TLS encryption

Security researchers detailed a new timing vulnerability in the TLS protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed Raccoon Attack, the server-side attack can extract the shared secret key used for secure communications between two parties.
Read more »

Posted: September 15, 2020
Sam Fay
View Profile