Weekly Cybersecurity Roundup #3
Happy (quarantined) Easter!
Hackers accessed staff mailboxes at Italian bank Monte dei Paschi
Italian state-owned bank Monte dei Paschi discloses a security breach, hackers have accessed the mailboxes of some employees and sent emails to clients.
The news was reported by the Reuters that seen a notice sent by the Italian bank to its customers.
According to the notice, the attack took place on March 30 when some messages with voice mail attachments had been sent.
“Monte dei Paschi told clients in the notice that on March 30 some messages with voice mail attachments had been sent as a result of the cyber attack.” reports the Reuters.
“The notice to customers made no mention of any breach of company data. It did not say what if any information had been asked for, or if any customers had suffered any loss as a result of the emails.”
OSINT Investigation: Cerberus and the INPS
On 1 April 2020, the Italian National Institute for Social Security (INPS) experienced an unexpected outage on its website, leaving many Italians distressed and confused. This is due to the fact that the Italian government has offered a rescue package of €600 to assist with those experiencing hardship during lockdown, during the coronavirus pandemic. However, with the website being offline those who need help are temporarily unable to get it.
Suddenly, a tweet from the infamous Anonymous Italy (@Anon_ITA) led some to believe that the site was taken down due to a distributed denial of service (DDoS) attack from the activist group.
Accenture acquires cybersecurity startup Revolutionary Security
Accenture is acquiring Philadelphia-based startup Revolutionary Security as it works to expand its cybersecurity practice. Financial terms of the deal were not disclosed.
Revolutionary Security's portfolio includes services for risk assessment, breach and attack simulation testing, and designing and building security programs. The company's breach and attack simulation testing service is called LiveFire and is meant to help enterprises find gaps in their security and monitoring processes. The company employs 90 cybersecurity professionals across the US, Accenture said.
DarkHotel hackers use VPN zero-day to breach Chinese government agencies
Foreign state-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees.
Attacks began last month, in March, and are believed to be related to the current coronavirus (COVID-19) outbreak.
Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide remote access to enterprise and government networks.
Qihoo said it discovered more than 200 VPN servers that have been hacked in this campaign. The security firm said that 174 of these servers were located on the networks of government agencies in Beijing and Shanghai, and the networks of Chinese diplomatic missions operating abroad
Zoom Caught in Cybersecurity Debate — Here's Everything You Need To Know
Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to yoga classes amidst the ongoing coronavirus outbreak and work from home became the new normal.
The app has skyrocketed to 200 million daily users from an average of 10 million in December — along with a 535 percent increase in daily traffic to its download page in the last month — but it's also seen a massive uptick in Zoom's problems, all of which stem from sloppy design practices and security implementations.
Zoom may never have designed its product beyond enterprise chat initially, but with the app now being used in a myriad number of ways and by regular consumers, the company's full scope of gaffes have come into sharp focus — something it was able to avoid all this time.
SFO Websites Hacked: Airport Discloses Data Breach
San Francisco International Airport notified users of two low-traffic websites of a data breach that occurred in March.
The San Francisco International Airport (SFO) disclosed this week two of its websites had been hacked and lead to the disclosure of some users’ login credentials at both sites. The attacks occurred in March and compromised were SFOConnect.com and SFOConstruction.com, both relatively low-traffic websites.
“The attackers inserted malicious computer code on these websites to steal some users’ login credentials,” according to a message posted to both site’s homepages by the SFO’s Airport Information Technology and Telecommunications (ITT) director. “Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO.”