Ransomware disrupts COVID-19 vaccine trials
The attack hit the Philadelphia-based eResearchTechnology on September 20th, which provides services for electronic patient-reported outcomes in clinical trials. Researchers in multiple clinical trials couldn’t access electronic patient records, resorting to pen and paper, including work done by IQVIA, a research organization working on AstraZeneca’s Covid vaccine trial. The attack didn’t ruin any clinical trials but did slow down data transmission. ERT took its systems offline on September 20th as a precaution, with data backups limiting the scope of the outage. The attack was reported to the FBI, although it’s unknown what strain of malware was used or what the attackers asked for in the ransom.
SEC sues John McAfee over cryptocurrency promotion
The agency is suing McAfee, saying he earned $23.1 million in undisclosed compensation for several cryptocurrency products with claims that were false or misleading. The promotion lasted from November 2017 through February 2018, with McAfee denying that he was paid by the issuers. The SEC is seeking a trial by jury, and will attempt to confiscate the promotion compensation with interest as well as ban Mcafee from serving as an officer or director of any company that files reports with the agency.
Firmware bootkit spotted in the wild
The newly uncovered framework is called MosaicRegressor, and appears to be the work of a Chinese-speaking group, targeting groups with ties to North Korea. Researchers initially found altered UEFI firmware images that incorporated malicious modules, which contained a customized version of the leaked source code of HackingTeam’s VectorEDK bootkit. The end goal of the bootkit would be to install an IntelUpdate.exe executable into a machine’s start menu which would then run on bootup, triggering the download of several espionage and file extraction payloads. The vector of getting the malicious firmware on the machine is unknown.
Flaws found in popular antivirus programs
Researchers at CyberArk Labs found the flaws, which could allow an elevated privilege attack on targeted systems. Flaws were found in antivirus solutions from Kaspersky, McAfee, Symantec, Fortinet, Check Point, Trend Micro, Avira, and Microsoft Defender. One of the main flaws was the use of the ProgramData folder on the system drive to store default DACLs, which can be read or written to by any users, and ultimately to stage an escalated privilege attack. Other flaws include vulnerability to symlink attacks, and DLL hijacking flaws. CyberArk said it contacted the manufacturers of the antivirus solutions, who have addressed all reported issues.
Thanks to this week’s sponsor, Detectify
Vulnerability found in Apple’s T2 chip
The findings come from security researcher Niels H., who found that because the T2 chip on recent Intel-based Macs is based on Apple’s A10 processors, it is also vulnerable to the checkm8 exploit. This could allow attackers to get around a Mac’s activation lock when used in conjunction with the Pangu vulnerability. Getting access to the T2 chip wouldn’t decrypt files from Apple’s FileVault, but it would give full root access and kernel execution privileges. Apple can’t patch the vulnerability as the T2’s operating system uses read only memory, although the vulnerability requires a hardware component and isn’t persistent, which limits its potential use.
Report finds SMBs investing in cybersecurity during COVID era
The report comes from Kaspersky, and found that 71% of SMBs plan to increase cybersecurity spending during the next three years, with only 17% planning to keep spend unchanged. Kaspersky found that responding to increased IT infrastructure complexity was the driver of growing security spending, followed by a need to improve internal expertise and an overall desire to improve a company’s security posture. The budget for IT spend in terms of the overall IT budget also increased on the year for SMBs, up from 20% in 2019 to 23% in 2020. The report also found that the average cost of a data breach decreased for SMBs, from $108,000 in 2019 to $101,000 in 2020.
Alleged leaders of the Team Xecuter piracy group arrested
The department of Justice announced the arrests of Max Louarn and Gary Bowser in conjunction with video game piracy, as well as charging Yuanning Chen, a Chinese national. Team Xecuter claims to have been around since 2001, and sells devices to mitigate copyright protection on consoles to run pirated software. Each man faces 11 felony counts. According to court documents, the government believes the piracy ring consists of at least a dozen individuals involved in finding the exploits on consoles, operating websites to sell devices to customers, as well as producers and distributors of the circumvention hardware.
Most healthcare apps have serious bugs
This comes from Intertrust’s Security report on global mHealth apps 2020, looking at 100 healthcare apps across iOS and Android. The report found that all apps surveyed had at least one basic security issue, while 71% contained at least one high-level security flaw. 91% of the apps had weak encryption, with 34% of Android apps and 28% of iOS apps open to encryption key extraction exploits. Health commerce apps had the most vulnerabilities as a category, while telemedicine apps had the most high-risk vulnerabilities. 60% of Android apps also stored data in the SharedPreferences, which is unencrypted. Intertrust found that 80% of high-risk vulnerabilities it found could be mitigated with measures like code obfuscation, tampering detection, and white-box cryptography.