Cyber Weekly Digest - Week #19

This week our news feed includes a critical vulnerability patch, security breaches and how companies and employees were utterly unprepared for the remote work transition. Here's our round-up.

1. According to KrebsonSecurity, Fresenius, Europes largest private hospital operator and one of the biggest companies in the world has been hit by ransomware. The attack comes during a challenging period for the healthcare system with INTERPOL detecting a significant increase in the number of attacks against organizations engaged with the coronavirus response. Even though Fresenius refused to give any particular information for the attack, it is not the first time ransomware targeted the company, with the previous infection costing them $1.5 million in ransom.


2. Godaddy, the world largest domain registrar, has notified an undisclosed amount of its 19 million customers of a data breach. The incident seems to have taken place on October 19, 2019, but went undetected until April 23, 2020, when some suspicious activity was discovered. As a result of the incident, the credentials of an unknown number of customers have been exposed. It's recommended that affected users change their password immediately to avoid compromise.


3. As reported from Check Point Sofware Technologies, a global conglomerate had 75% of their mobile devices infected with a banking trojan that was spread by their Mobile Device Management server. Even though MDM abuse incidents have been seen before, the current healthcare crisis makes things even worse. Companies now rely heavily on their mobile workforce, and by not securing their MDM solutions, they expose their environment to a tremendous amount of danger.


4. French newspaper Le Figaro had mistakenly left an 8TB Elasticsearch database wide open with no password protection. Security Detectives found the database which contained API logs for the past three months including records of new subscribers and users logged in during this period. The exposed PII information included full names, emails, home addresses, countries of residence and postcodes, IP addresses, server access tokens and passwords. According to the researchers, the data trove may result in further attacks in the future.


5. Kasperky's "How COVID-19 Changed the Way People Work" report revealed that over half of employees working from home access inappropriate content on the same device they use for work. The same report stated that nearly a fifth of the employees are doing this on company-managed devices heightening the security risk. Moreover, the report also found that personal services like emails are frequently used for work purposes providing an additional security risk for the corporate data. It is recommended that companies introduce basic awareness training for their employees in areas like endpoint and email security. Moreover, companies should secure their corporate cloud services by utilizing CASB technologies.


6. Samsung patched a critical vulnerability this week, affecting all its smartphones since 2014. The vulnerability if exploited, allows an attacker to execute malicious code on the device in a zero-click scenario, meaning that it does not require any user interaction. Other Android smartphones do not seem to be affected by this vulnerability as only Samsung seems to have modified the Android OS to support the custom Qmage image format, in which the vulnerability resides. Since there already is a PoC demonstration on the web, we recommend all Samsung users to download and install the latest OS updates for their phones.

5 views