Cybersecurity Weekly: Windows SMB Flaw, Intel vulnerability, mobile banking risk

June 15, 2020 by Sam Fay

A new critical vulnerability affects Windows SMB protocol. Intel CPUs are vulnerable to new SGAxe and CrossTalk side-channel attacks. The FBI says a sudden increase in mobile banking is heightening risks for users. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. A new critical vulnerability affects Windows SMB protocol

Last week, cybersecurity researchers uncovered a new critical vulnerability affecting the Server Message Block protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed wormable bug, the flaw can be exploited to achieve remote code execution attacks.
Read more »


2. Intel CPUs vulnerable to new SGAxe and CrossTalk side-channel attacks

Cybersecurity researchers discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU’s trusted execution environments. One of the flaws is an evolution of the previously uncovered CacheOut attack that allows an attacker to retrieve the contents from the CPU’s L1 Cache.
Read more »


3. FBI says sudden increase in mobile banking is heightening risks for users

A recent surge in the use of mobile banking apps in the US prompted the FBI to warn smartphone users to be on the lookout for increased mobile malware and fake apps. In a recent public service announcement, the FBI’s ICCC indicated a 50% increase in mobile banking since the beginning of the year.
Read more »


4. Honda forced to temporarily suspend global production after cyberattack

Honda staff across the world were unable to access their laptops following a cyberattack that forced the company to temporarily suspend production. While the majority of its production was back online later in the week, production plants in Brazil, India, Turkey and the US took longer to re-open.
Read more »


5. A bug in Facebook Messenger for Windows could’ve helped malware gain persistence

Cybersecurity researchers disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows. The vulnerability could allow attackers to leverage the app to potentially execute malicious files already present on a compromised system in an attempt to help malware gain persistent and extended access.
Read more »


6. Fortune 500 insurance firm Genworth discloses data breach

Fortune 500 insurance holding company Genworth Financial disclosed a data breach after an unauthorized party gained access to insurance agents’ online accounts using compromised login credentials. The attackers were able to access online documents that contained client information, including names, financial information, social security numbers and signatures.
Read more »


7. City of Knoxville shuts down network after ransomware attack

The City of Knoxville was forced to shut down its entire computer network following a ransomware attack that targeted the city’s offices. Computers on Knoxville’s network were encrypted overnight, with the attack being noticed by employees of the city’s fire department around 4:30 AM, June 11.

Read more »


8. Hackers leverage Saltbox flaw to breach LineageOS, Ghost and DigiCert servers

Just days after cyber security researchers brought attention to two critical vulnerabilities in the SaltStack configuration framework, hackers exploited the flaws to breach the servers of LineageOS, Ghost and DigiCert. Researchers warned that any competent hacker could create 100% reliable exploits related to the issues in 24 hours or less.
Read more »


9. Power company Enel Group suffers Snake Ransomware attack

European energy company giant Enel Group suffered a ransomware attack a few days ago that impacted its internal network. Detected on June 7, the incident is the work of EKANS ransomware operators, the group that also targeted Honda earlier this week. All connectivity was safely restored early Monday morning.
Read more »


10. IT company hired to hack politicians, investors, journalists worldwide

A team of cybersecurity researchers today outed a little-known IT firm that has been operating as a global hacker-for-hire service or hacking-as-a-service platform. Based in Delhi, BellTroX InfoTech allegedly targeted thousands of high-profile individuals and hundreds of organizations across six continents in the last seven years.
Read more »

Posted: June 15, 2020
Sam Fay
View Profile