DearCry ransomware using ProxyLogon exploits
Microsoft security researcher Phillip Misner has confirmed that DearCry, also known as DoejoCrypt, is being installed in human-operated attacks using the new Microsoft Exchange exploits. McAfee’s Head of Cyber Investigations has confirmed that they are seeing victims in United States, Luxembourg, Indonesia, Ireland, India, and Germany. DearCry creates a Windows service named ‘msupdate’ which is later removed when the encryption process is finished. Tens of thousands of Microsoft Exchange servers have been patched over the last three days, but Palo Alto Networks states that there are still approximately 80,000 older servers that cannot directly apply the recent security updates. All organizations are strongly advised to apply the patches as soon as possible and to create offline backups of their Exchange servers.
Google faces suit over snooping on “Incognito” browsing
Google has failed in its attempts to kill a lawsuit that alleges it secretly scoops up troves of internet data even if users browse in “Incognito” mode to keep their search activity private. The consumers who filed the case as a class action alleged that even when they turn off data collection in Chrome, other Google tools used by websites end up amassing their personal information. A federal judge on Friday denied the Alphabet Inc. unit’s initial request to throw out the case.
Detecting deepfakes by analyzing light reflections in the eyes
A new AI tool developed by computer scientists from the University at Buffalo looks at analyzing the corneas, which have a mirror-like surface that generates reflective patterns when illuminated by light. The tool was 94% effective at detecting deepfake images in portrait photography mode, including from the This Person Does Not Exist repository of generated images. The developers acknowledge that there are still limitations such as the need to be able to see both eyes straight on. The technique cannot work whet the face in the picture isn’t looking at the camera.
Canada Revenue Agency (CRA) locks 800,000 online accounts following breach
The accounts were locked on Saturday after an investigation revealed that some usernames and passwords may have been obtained by “unauthorized third parties.” On Friday, the agency, Canada’s version of the IRS, said the move is a precautionary cybersecurity measure and is being taken after a similar action in February, when over 100,000 accounts were locked. In a news release, the agency stated the IDs and passwords were not compromised as a result of a breach of CRA’s online systems but “through a variety of means by sources external to the CRA.”
Thanks to our episode sponsor, Trend Micro
Flaws found in Netgear switch, including a critical RCE
Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critical remote code execution issue. The most severe flaw is a critical RCE tracked as CVE-2020-26919 and rated with a CVSS v3 score of 9.8. This resides in the switch internal management web application in firmware versions prior to 2.6.0.43, it could be exploited by unauthenticated attackers to bypass authentication and execute actions with administrator privileges. The remaining flaws are nine high-severity issues and a five medium-rated bugs.
Microsoft shares temporary fix for Windows 10 printing crashes
Following the installation of the March 2021 cumulative updates on Patch Tuesday, some Windows 10 customers have been experiencing blue screen of death crashes when trying to print. According to Microsoft, this issue “affects a subset of Type 3 printer drivers and does not affect printer drivers that are Type 4.” Printer brands impacted by this known issue include Kyocera, Ricoh, and Dymo. Microsoft is suggesting affected users uninstall the March updates, or if they are unwilling to do so, they are also offering a temporary workaround.
Security agencies leak sensitive data by failing to sanitize PDF files
In a research paper published this month, the French National Institute for Research in Computer Science and Automation (INRIA) said security agencies are doing a poor job at sanitizing PDF documents they publish on their official websites and are leaking troves of sensitive information that could be collected and weaponized in malware attacks. INRIA collected and analyzed almost 40,000 PDF files published on the websites of 75 security agencies from 47 countries, and were able to recover sensitive data from 76% of the files they analyzed, including the author’s name and email address, device details and file path information. The research also revealed that 19 of these security agencies had not updated their software for over two years.
Molson Coors beer production disrupted by massive hack
The brewer, which makes Miller and Coors products said in filing with the Securities and Exchange Commission that on March 11 it experienced a “systems outage that was caused by a cybersecurity incident.” It further stated that the incident has “caused and may continue to cause a delay or disruption to parts of the Company’s business, including its brewery operations, production, and shipments.” Molson Coors operates seven breweries and packaging plants in the U.S., three in Canada and 10 in Europe.
(The Hill)