2020 Weekly Update 50: Retail, Healthcare, Vulnerabilities and Politics

Photo by Austin Distel on Unsplash

Hiding Malware in Share Buttons

Some creative individuals have found a way of hiding card skimming malware in the sharing buttons used on various websites. A timely reminder to know what 3rd parties you us and what they might be vulnerable to.

• Novel Online Shopping Malware Hides in Social-Media Buttons

Google, Adobe, Valve and Microsoft Patches

Both Google and Microsoft emitted a slew of updates in the last week including fixes for undisclosed vulnerabilities in Chrome, Windows and Microsoft Teams.

• High-Severity Chrome Bugs Allow Browser Hacks
• When is a remote-code-execution bug in Teams not an RCE? When Microsoft says it isn't, flaw finder…
• Amnesia-33 vulnerabilities affect 158 vendors, millions of devices | SC Media
• Adobe Warns Windows, macOS Users of Critical-Severity Flaws
• InfoSec Handlers Diary Blog
• Patch Tuesday, Good Riddance 2020 Edition
• D-Link Routers at Risk for Remote Takeover from Zero-Day Flaw
• Critical Steam Flaws Could Let Gamers to Crash Opponents' Computers
• The patch that wasn't: Cisco emits fresh fixes for NTLM hash-spilling vuln and XSS-RCE combo in…

Kmart hit in Egregor Ransomware Attack

This is a very US-centric post; however it serves to remind that Retail is a huge target at the moment:

• Kmart, a vulnerable target, among those hit in Egregor ransomware attack spree | SC Media
• It's not just the economy and bad management messing with Kmart - ransomware crews are there too

Travel Agent drops the ball and gives away customer data on purpose, by accident

In an attempt to do something cool, a travel agent accidentally gave access to customer data to participants during a hackathon.

• Travel agent leaked customer data by - this is embarrassing - giving it away in a hackathon

Managing Instance Metadata Service Data

Check Point Software posted a great article about how to manage the security of Instance Metadata in AWS; many of the points are valuable in Azure and GCP too.

• AWS Instance Metadata Service (IMDS) Best Practices - Check Point Software

Cyber Security in Healthcare

Given the times we live in; there has been a big focus over the last few months on CyberSecurity in Healthcare. This week has been no exception:

• Healthcare in Crisis: Diagnosing Cybersecurity Shortcomings in Unprecedented Times
• As DNA Synthesis Evolves, Cyber-Physical Attack Worries Grow
• Insider Report: Healthcare Security Woes Balloon in COVID-Era
• Europol Warns COVID-19 Vaccine Rollout Vulnerable to Fraud, Theft
• COVID-19 Vaccine Cyberattacks Steal Credentials, Spread Zebrocy Malware

1,000,000,000,000 USD lost to Cyber Attacks in 2020

Security News points out the cost of cyber attacks this year is a huge number; yet companies are often poorly prepared.

• $1 trillion lost to cybercrime in 2020, yet companies remain ill-prepared | SC Media

SANS Breaks down qbot

Once again SANS have given us a great brekdown of how Qakbot/Qbot works, I really enjoy the deeply technical articles SANS posts:

• InfoSec Handlers Diary Blog

PLEASE_READ_ME Reaches a Grim Milestone

Seems this year is full of grim milestones, between COVID-19 and threat actors attacking services. In the latest of these Threat Post points out that 85,000 MySQL servers have been breached having their data exfiltrated and ransomed back in a unsophisticated, yet high volume attack.

• PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers