Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about an attack against Elasticsearch that delivers backdoors as its payload. Additionally, read how cybercriminals are turning to hijacked accounts to perform lateral phishing attacks on organizations.
Trend Micro spotted another attack against Elasticsearch that deviates from the usual profit-driven motive by delivering backdoors as its payload. These threats can turn affected targets into botnet zombies used in distributed-denial-of-service (DDoS) attacks.
Trend Micro announced its endpoint security products are available for purchase via the California Software Licensing Program (SLP) Plus vehicle. This means government agencies don’t have to carry out a formal proof-of-concept or RFP to purchase, which will shorten sales cycles and ensure they benefit from security sooner.
Trend Micro detected a threat that propagates by scanning for open ports and brute forcing weak credentials, installing a Monero cryptocurrency miner and a Perl-based IRC backdoor that is capable of scanning for open ports, downloading files, executing UDP floods, and remotely executing shell commands. The miner process is hidden using XHide Process Faker, a 17-year old open source tool used to fake the name of a process.
The Federal Trade Commission formally approved a record $5 billion settlement with Facebook over the company’s privacy policies, requiring the company to establish a new board committee on privacy and making CEO Mark Zuckerberg report each quarter to the FTC on how the company is taking steps to protect consumer privacy.
The U.S. Department of Education released a security alert after 62 higher education institutions were reportedly infiltrated via Ellucian, an enterprise resource planning web app, and the attackers hijacked students’ IDs to create fraudulent accounts.
Equifax Inc. has reached a deal to pay up to $700 million to a slew of state and federal regulators to settle probes stemming from a 2017 data breach that exposed nearly 150 million Americans’ Social Security numbers and other sensitive personal information.
Cybercriminals have recently been sending phishing emails specifically targeting Microsoft Office 365 administrators to gain administrative control over an organization’s Office 365 domain and accounts. Additionally, they’ve been turning to hijacked accounts to perform phishing attacks — a technique called lateral phishing.
Cybercriminals exploiting unpatched system vulnerabilities continue to be one of the top reasons enterprises suffer unauthorized intrusions. Trend Micro compiled some of the most destructive cyberattacks and data breaches over the past few years, showing the that failing to patch systems with the latest security updates can inflict a costly amount of damage, making the time it takes to patch systems worth it.
A hacker broke into Bulgaria’s largest tax database and stole the financial details of every working adult in the country before releasing them online. In their search for the perpetrator, police arrested 20-year-old Kristian Boykov charging him with committing a computer crime against critical infrastructure.
Security researchers found threat group FIN8 reappearing after two years with a new point-of-sale (PoS) malware named Badhatch, which is designed to steal credit card information. Badhatch features capabilities that allow it to scan for victim networks, provide attackers with remote access, install a backdoor, and deliver other modified malware payloads such as PoSlurp and ShellTea.
Do you trust organizations to patch system vulnerabilities in a timely manner? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.