Cyber Weekly Digest - Week #42
Updated: Oct 23, 2020
This week in the cyber security world includes stories on high profile cyber-attacks on Councils and game developer giants, as well as some new security measures and patches from zoom and Microsoft. Keep reading for a round up on all the latest, most important cyber security stories.
On Tuesday London’s Hackney Borough Council had confirmed it had suffered a cyber-attack in which its online services and IT systems were affected. The council is working with the NCSC to investigate the hack, although they have only shared limited information on the attack. There has been speculation around the attack, including if the attack was the result of a ransomware attack due to the increased attacks on public services.
87 vulnerabilities were fixed, including 11 rated as critical. The worst being CVE-2020-16898 named ‘Bad Neighbour’ that could be abused on Windows 10 and Windows served 2019 to install malware just by sending a malformed packet of data at a vulnerable system, it has a CVSS Score of 9.8 out of 10. As per usual, it means you should backup and update your systems.
This week Microsoft teamed up with telecommunication services to take down the malware-as-a-service botnet Trickbot by using trademark law on Monday. Although at the beginning of the week Microsoft claimed to have cut off key infrastructure, it appears now that the infrastructure has been replaced. Researchers stated that the takedown simply gave current victims a “breather”.
As a part of a 30-day technical preview, Zoom has announced that it is rolling out end-to-end encryption starting next week. Users will now know if their meeting is using end-to-end encryption if there is a shield and padlock logo in the corner of their window. This a part of Zoom’s efforts to provide increased privacy and security for meeting sessions.
The end of this week has seen cyber-attacks on two game developers, Crytek and Ubisoft. Egregor ransomware gang posted archives containing unencrypted files which were claimed to have been stolen from Ubisoft and Crytek. The data includes assets such as source codes for new upcoming games.