The Week in Cyber Security News, Nov 11-17
01. A new ransomware-as-a-service (RaaS) - Buran - is taking on competitors via discounted rates. Whereas most RaaS services ask for 30-40% of earnings made from successful infections, the makers of Buran ask for 25% ... and this rate is open to negotiation.
02. Britain's Conservative Government and opposition Labour Party have both been hit by large-scale cyber attacks against their websites just weeks before millions of citizens go to the polls in the national election.
03. Intel has released security updates for a large number of hardware products and fixed software drivers that attackers could abuse to gain full control over target Windows systems. The drivers in question are the 32- and 64-bit versions of Intel's PMxDrv, which have been used in the company's detection tools to discover other vulnerabilities since 1999.
04. An unconventional form of ransomware is being deployed in targeted attacks against enterprise servers – and it appears to have links to some of the most notorious cyber criminal groups around.
05. Google is drawing fire over its Project Nightingale, which involves the transfer of medical data - from Ascension, the USA's second-largest healthcare provider - of 50 million Americans.
06. Adobe has released its monthly patches and is warning Illustrator 2019 users that two critical memory-corruption vulnerabilities could allow for an attacker to remotely connect to a Windows machine, execute code and gain control of the targeted system.
07. A judge has rules that the seizure and search of phones and laptops at the US border is unconstitutional. The practice breaks the Fourth Amendment on unreasonable search, and that border agents need to have a "reasonable suspicion" of illegal activity before they can search electronic devices.08. The UK's Information Commissioner has urged the Court of Appeal to side with a supermarket chain in its battle to avoid liability for the theft and leaking of nearly 100,000 employees’ payroll details.
09. Intel released security updates for numerous hardware products and fixed software drivers that could be abused by attackers to gain control over Windows systems.
10. Hackers started hijacking Disney+ user accounts hours after the service launched, with many of the accounts being offered for free on hacking forums, or available for sale for prices varying from $3 to $11.
11. It's been revealed that cyber security experts took more than a week to eject a state-sponsored attacker from the Australian Parliament's computing network after it was compromised by malware earlier this year.
12. China's top hackers gathered in Chengdu to compete in the country's top hacking competition, which sees hackers test zero-days against some of the world's most popular applications, including Chrome, Edge, Safari and Office 356.
13. A new variant of malware with a low detection rate, capable of deploying both RevengeRAT and WSHRAT on vulnerable Windows systems, has been unveiled by researchers.
14. Facebook has reassured iPhone users that it wasn’t secretly spying on them via its app, after a Facebook user found the software keeping the phone’s rear camera active in the background.
15. A new phishing campaign is actively targeting Microsoft Office 365 administrators with the end goal of compromising their entire domain and using newly created accounts on the domain to deliver future phishing emails.
16. US Attorney General William Barr has stated that Chinese tech giants Huawei and ZTE "cannot be trusted", in a letter written to to Ajit Pai, the Chairman of the Federal Communications Commission.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.