Nightfall Infosec Roundup: January 27 To February 1


Exploits & Vulnerabilities

Cache flow problems continue for Intel: Yet more data-leaking processor design blunders discovered, patches due soon
Intel on Monday issued a processor data leakage advisory, INTEL-SA-00329, describing two chip architecture flaws, one of which it tried to fix twice before. The memo covers two security vulnerabilities: CVE-2020-0548, dubbed Vector Register Sampling and rated 2.8 Low severity, and CVE-2020-0549, described as L1D Eviction Sampling (L1Des) Leakage and rated 6.5 Medium severity.

Advanced Obfuscation Marks Widespread Info-Stealing Campaign
A large-scale spam campaign bent on spreading info-stealing malware is applying advanced obfuscation techniques to get around security scanning and maximize infection rates. According to Lastline researchers, a large botnet is distributing malicious rich text format (RTF) documents that act as downloaders for well-known info-stealers, such as Agent Tesla or LokiBot.

200K WordPress Sites Vulnerable to Plugin Flaw
A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover. The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the website (essentially used as a mini-plugin).

Ongoing Risks & Threats

US County’s Computers Still Down Nine Days After Ransomware Attack
A county in the Pacific Northwestern state of Oregon is yet to fully recover from a ransomware attack that happened over a week ago. Cyber-criminals hit Tillamook County in a targeted attack last Wednesday, January 22. As a result, all internal computer systems under the county government, which 250 county employees rely on, went down.

Weaponized Data Breaches: Fueling a Global Cyber Cold War
This new battlefield is filled with obfuscated identities and anonymous adversaries that have weaponized data breaches of government sites and combined this data with publicly available data to create powerful new sources of intelligence. Civil unrest, voter polarization, and international politics has increased demand for this data and as a result, we have seen increased circulation of voter information available in the underground community.

As botnet bill gains new life, old concerns about scope linger
For years one of the most prominent pieces of legislation on this topic, the Botnet Prevention Act, which was first introduced in 2016, languished in Congress. Just last December, however, a version of the bill quietly passed through the Senate Judiciary Committee as part of a larger legislative package focused on countering the Russian government.

Federal agency offers guidelines for businesses defending against ransomware attacks
The National Institute of Standards and Technology (NIST) published draft guidelines Monday providing businesses with ways to defend against debilitating ransomware attacks. The two draft practice guidelines help firms create strategies to protect data in the event of an cyberattack.

N.Y. Could Ban Cities from Paying Ransomware Attackers
New York State may soon ban municipalities from paying ransomware demands in the event of a cyberattack. State Senators Phil Boyle, George M. Borrello and Sue Serino introduced Senate Bill S7246 earlier this month, in response to the rising tide of cyberattacks targeting government agencies and municipal entities across the country.

Evil Corp Returns With New Malware Infection Tactic
Researchers have observed the cybercrime group back in action, now using a new tactic for distributing malware. Cybercrime group Evil Corp (a.k.a. TA505 or Dudear) is back in action after a short hiatus, with a technique in its arsenal not previously used by the group to distribute malware. Microsoft on Thursday said that it observed emails from the cybercriminal gang utilizing HTML redirectors.

Share this post: