Details on North Korean and Iranian Hacker Infiltrations; 2016 Florida Elections System Ransomware Attack

The US Department of Homeland Security's (DHS's) Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Defense (DoD) have jointly disclosed a list of malware variants that are being used by hackers working on behalf of the North Korean government.

Read more in

Researchers from ClearSky say that hackers working on behalf of Iran's government have been exploiting vulnerabilities in VPN servers to install backdoors on networks at companies around the world. The hackers have targeted organizations in the IT, telecommunications, oil and gas, government, and security sectors.

Read more in

The US Department of Homeland Security is investigating a ransomware attack that infected systems at the Palm Beach County (Florida) election office prior to the 2016 general election. The office's recently appointed Supervisor of Elections reported the incident to the FBI in November 2019, after learning about it from an IT employee. The incident was not disclosed in 2016.

Read more in

Computer systems belonging to the Redcar and Cleveland Borough Council (UK) were infected with malware. The attack occurred on February 8, and as of February 12, were still "working with a reduced capacity. The council has called in help from the National Cyber Security Centre (NCSC). The council has not said what type of malware infected its IT systems.

Read more in

Ransomware has infected systems belonging to the Pediatric Physicians' Organization at Children's (PPOC), affecting more than 500 physicians, physician assistants, and nurse practitioners across Massachusetts. While PPOC is affiliated with Boston's Children's Hospital, its network is separate from the hospital's. The affected servers have been quarantines and the remainder have been taken offline as a precaution.

Read more in

The US Department of Justice (DoJ) has charged an Ohio man in connection with a Darknet cryptocurrency laundering service. Larry Harmon allegedly ran the Helix service from 2014 until 2017. Helix operated as a Bitcoin mixer, allowing customers to mix their Bitcoin with others and obscure link between their Bitcoin addresses and their real-world identities.

Read more in

IBM said it will not attend the RSA Conference in San Francisco next week due to concerns about the coronavirus. RSA Conference executives say the event will go on as planned, from February 23-28. In related stories, Facebook has cancelled a marketing summit that was to have taken place in San Francisco in early March, and the organizers of Black Hat Asia have postponed a conference that was scheduled to be held in late March in Singapore.

Read more in

Microsoft has pulled the standalone KB4524244 update and the related KB4502496 update from Windows Update servers "due to an issue affecting a sub-set of devices." Users reported installation issues, freezing, and boot problems. The patch was designed to address "an issue in which a third-party Unified Extensible Firmware Interface (UEFI) boot manager might expose UEFI-enabled computers to a security vulnerability."

Read more in

Developers of the ThemeGrill Demo Importer WordPress plugin have released an updated version to fix a critical flaw that could be exploited to wipe websites. The flaw could allow an attacker to obtain administrative privileges on vulnerable sites. The plugin is estimated to be installed on at least 200,000 websites. The vulnerability is addressed in version 1.6.2.

Read more in

The corp.com domain is for sale. Administrators running Active Directory in their networks are urged to check their network configuration to ensure that the domain is not being used internally; some versions of Windows have used corp and corp.com as the default path for internal sites. If a user tries to access an internal site from outside the organization's network, they could run into namespace collision, "a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet." The danger of exposing sensitive information through namespace collision is not theoretical. Jeff Schmidt, founder and CEO of JAS Global Advisors LLC, analyzed eight months of traffic bound for corp.com and found more than 375,000 PCs attempting to send internal information to an external site. Schmidt briefly set up the domain to capture email and called the results "terrifying."

Read more in

On Tuesday, February 18, voters in Fulton, Wisconsin will use machines running Microsoft's open source ElectionGuard software in a primary election for Wisconsin Supreme Court candidates. This election will mark the first time ElectionGuard has been used in a US election.

Read more in

According to a report from the US Department of Commerce Office of Inspector General (OIG), inadequate security controls on Department systems exposed "sensitive trade information to unvetted foreign nationals." People working as contractors outside the US could still access and modify the Department of Commerce's Enterprise Web Services (EWS) document management system after their contracts had ended. The Department "mishandled the response to unauthorized access [and] ... failed to account for sensitive data on its systems."

Read more in