Cyber security news March 2020

This posting is here to collect cyber security news in March 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

111 Comments

  1. Tomi Engdahl says:

    Hackers Aim To Exploit Zero-Day Vulnerabilities In LILIN CCTV Cameras
    https://www.hackers-review.tech/2020/03/hackers-aim-to-exploit-zero-day.html

    Reply
  2. Tomi Engdahl says:

    Medical and military contractor Kimchuk hit by data-stealing ransomware
    https://techcrunch.com/2020/03/26/kimchuk-medical-military-ransomware/

    Kimchuk, a medical and military electronics maker, has been hit by data-stealing ransomware, TechCrunch has learned.

    The Danbury, Conn.-based manufacturer, which builds electronics for medical equipment, telecoms systems and energy grids, also makes nuclear modules for the Navy, work that often requires security clearance.

    Its systems were infected and knocked offline earlier this month by DoppelPaymer, a newer strain of ransomware that exfiltrates data out of an infected network before encrypting user files. If a victim doesn’t pay the ransom to decrypt their files, the DoppelPaymer group will begin publishing the contents of their victim’s network.

    Reply
  3. Tomi Engdahl says:

    Remote Code Execution Vulnerability Patched in OpenWrt
    https://www.securityweek.com/remote-code-execution-vulnerability-patched-openwrt

    A vulnerability that OpenWrt addressed in its opkg fork could have been exploited for the remote execution of arbitrary code.

    A free, Linux-based embedded platform, OpenWrt has been specifically tailored for network routers and is used on millions of devices worldwide. Opkg is a package management system forked from ipkg, and is intended for use on embedded devices.

    Tracked as CVE-2020-7982, the addressed issue resides in the package list parse logic of opkg, which did not perform the necessary checks on downloaded .ipk artifacts.

    “Due to the fact that opkg on OpenWrt runs as root and has write access to the entire filesystem, arbitrary code could be injected by the means of forged .ipk packages with malicious payload,” OpenWrt notes in an advisory.

    Reply
  4. Tomi Engdahl says:

    Online credit card skimming increased by 26 percent in March
    https://blog.malwarebytes.com/cybercrime/2020/04/online-credit-card-skimming-increases-by-26-in-march/
    Crisis events such as the current COVID-19 pandemic often lead to a
    change in habits that captures the attention of cybercriminals. With
    the confinement measures imposed in many countries, for example,
    online shopping has soared and along with it, credit card skimming.
    According to our data, web skimming increased by 26 percent in March
    over the previous month.. While this might not seem like a dramatic
    jump, digital credit card skimming was already on the rise prior to
    COVID-19, and this trend will likely continue into the near future.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*