In today’s cybersecurity news…
Iranian hackers ramping up U.S. election interference
Microsoft has issued a new report stating that Iranian hackers have “increased their efforts to influence the upcoming U.S. election, attempting to break into the campaign of an unnamed presidential candidate and creating fake news websites aimed at conservative and liberal voters.” Their activities have included spearphishing a high ranking campaign official, breaching a user account, and creating bogus news sites. The report echoes the warnings of U.S. intelligence officials who have described Tehran’s intent as “to act as a ‘chaos agent’ and use disinformation to incite violence.”
(The Record and Microsoft)
AMD SinkClose flaw helps install nearly undetectable malware
A warning from chip maker AMD about a high-severity CPU vulnerability which has been named SinkClose. The vulnerability affects multiple generations of its EPYC, Ryzen, and Threadripper processors, and allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable. For context, “Ring -2 is one of the highest privilege levels on a computer, running above Ring -1 (used for hypervisors and CPU virtualization) and Ring 0, which is the privilege level used by an operating system’s Kernel.” SinkClose has apparently passed undetected for almost 20 years.
ADT discloses breach that impacts more than 30,000 customers
The company known for its alarm and physical security systems, is sounding an alarm itself over a data breach that is the result of a cyberattack. The attackers gained access to ADT customer order information, according to a FORM 8-K filed with SEC. The stolen data was limited to basic PII, and did not include information about customers’ home security systems, or financial information such as credit card or banking numbers.
Unpatched Microsoft Office vulnerability could lead to data exposure
This warning concerns an unpatched zero-day in numerous versions of Office. In an advisory, Microsoft stated, “in a web-based attack scenario, an attacker could host or take over a website that contains a specially crafted file that is designed to exploit the vulnerability.” The company added that the attackers would have to convince the user to click a phishing link in order to open a specially crafted file. A patch is expected in tomorrow’s Patch Tuesday. Details about the versions of Office affected, and the CVE number are available in the shownotes to this episode.
Thanks to today’s episode sponsor, ThreatLocker
ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team.
To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Microsoft has also uncovered a vulnerability in ESXi hypervisors which it says is being exploited by “several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors.” The vulnerability “involves a domain group whose members are granted full administrative access to the ESXi hypervisor by default without proper validation.” Microsoft has disclosed the findings to VMware, and recommends that administrators apply the updates released by VMware.
Texas and Florida latest victims of municipal level cyberattacks
The city of Killeen, Texas is recovering from a cyberattack that began on Wednesday, which disabled the utility customer service payment system. The city itself attributed the attack to the BlackSuit ransomware gang. This attack came one day after The attack on Killeen came one day after an attack on Florida’s Sumter County which affected access to “certain records,” but not emergency services. This attack was claimed by the Rhysida ransomware group on Friday. They have demanded payment of a $400,000 ransom by August 16.
White House devising cyber insurance policy proposal for catastrophic incidents
Speaking at Black Hat on Thursday, National Cyber Director Harry Coker, Jr. said his office is working with the Treasury’s federal insurance office and CISA to design an policy “manage risk and not avoid risk.” The goal would be to explore ways to “stabilize insurance markets against catastrophic risk to drive better cybersecurity practices and to provide market certainty when catastrophic events do occur.” This means that should such a catastrophic cyber incident occur, the Federal Government could be called upon to stabilize the economy and aid recovery.” This initiative is being created because, “there exists a gap with respect to the insurance market’s ability to respond to catastrophic cyber incidents.”
GPS spoofers hack clocks on commercial airliners
The relatively recent phenomenon of GPS spoofing involves hackers modifying GPS signals used by commercial airlines to navigate. The technique is also used to disorient drones and missiles in conflict zones. But now, according to Ken Munro, founder of British cybersecurity firm Pen Test Partners, and speaking recently at DEF CON, the technology is being used to change the times and dates on the clocks in aircraft cockpits, sometimes by years, Causing the plane to lose access to its digitally-encrypted communication systems, and requiring them to be grounded for weeks while engineers manually reset their onboard systems.
(Reuters)