Cyberattack on U.S. Department of Veteran Affairs Impacts 46,000 Veterans
The U.S. Department of Veteran Affairs (VA) has announced that the personal and protected health information of approximately 46,000 veterans has potentially been obtained by unauthorized individuals who were attempting to redirect VA payments to community healthcare providers. The attack involved the use of social engineering techniques to obtain credentials for an application used by the VA’s Financial Services Center (FSC), with...
Phishing Campaign Uses Real Time Active Directory Validation of Credentials
A new phishing technique has been identified where the attackers validate Office 365 credentials in real time using Active Directory. One of the problems with many phishing landing pages is they capture credentials when they are entered by the user but no checks are performed to make sure the credentials have been entered correctly. In the event of a typo, the incorrect password or username will be captured. A phishing attack detected...
Hacking Group Observed Installing Weave Scope Tool to Gain Visibility and Control of Business Cloud Environments
The threat detection and response firm Intezer has observed a hacking group using the Weave Scope visualization and monitoring tool to gain visibility into and take control of compromised Docker and Kubernetes cloud environments. The hacking group, referred to as TeamTNT by Intezer, is known to target Docker and Kubernetes systems and has been observed using a credential-stealing worm to discover and exfiltrate AWS login credentials....
Almost a Quarter UK Corporate-Owned Computers and Smartphones Have No Antivirus Software Installed
A worrying percentage of businesses are not adequately protecting the devices they issue to their employees, according to new research commissioned by Kaspersky. Kaspersky commissioned Arlington Research to conduct interviews with 2,000 UK adult consumers in June 2020 to gain a better understanding of the state of cybersecurity at UK businesses. 32% of respondents said they had been provided with a desktop computer by their employer,...
Adobe Patches 12 Critical Flaws in Experience Manager, InDesign, and Framemaker
Adobe has released patches to correct 18 flaws on September 2020 Patch Tuesday. The flaws exist in Adobe Experience Manager, Adobe InDesign, and Adobe Framemaker. 12 of the vulnerabilities have been rated critical, with the rest rated important. 5 patches have been released to correct critical cross-site scripting vulnerabilities in Adobe Experience Manager (CVE-2020-9732, CVE-2020-9734, CVE-2020-9740, CVE-2020-9741, and...