Cyber Security Headlines – September 29, 2020

TikTok’s latest court win means videos still available – for now

A federal judge on Sunday granted a preliminary injunction against a Trump administration order to ban the viral video app TikTok from U.S. app stores, in a reprieve for the Chinese-owned service. The injunction applies only to the part of the ban that was scheduled to take effect on Sunday at midnight, which involved removing TikTok from app stores run by companies like Apple and Google. A further set of restrictions is still on track to take effect in November.

(New York Times)

Universal Health Services hospitals hit country-wide by Ryuk ransomware

The attack started early Sunday morning leaving UHS hospitals in California, Florida, Texas, Arizona, Washington D.C., and parts of the UK without access to computers, phone systems, and vital documents, and forcing them to redirect ambulances and patients in need of surgery. Antivirus programs were disabled by the attack, leading computers to shut down. The ransom note carried a distinctive Ryuk handle, and phishing has been assessed as the source. There is also a high likelihood of patient and employee data loss from this event.


Windows XP and Windows Server 2003 source code leaked online

Various media outlets are reporting that the source code for the legacy operating systems Windows XP and Windows Server 2003 have leaked online. Although most organizations no longer use these operating systems, many still do, including UK government offices. Expert Graham Cluley warns that this release might expose similar weaknesses in modern operating systems and curiosity might lead to people to download poisoned copies of these files, leading to further malware infections.

(Graham Cluley)

REvil posts $1 million in Bitcoin in hacker recruitment drive

The ransomware group responsible for high profile hacks at Jack Daniel’s Whiskey and Carnival Cruise Lines among others, has deposited the money on a Russian-speaking hacker forum to prove to potential affiliates that they mean business. As part of their ransomware-as-a-service platform, they are soliciting hackers with experience in penetration testing and other skills to sign up as affiliates to become part of a coordinated profit sharing scheme.

(Bleeping Computer

Thanks to this week’s sponsor, ReversingLabs

ReversingLabs is the leading provider of explainable threat intelligence.  In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world’s most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action–all with zero interruption to business critical systems.    
Learn more by watching an on-demand demo at

SSL certificates no longer an indication of safe browsing

A report from the Anti-Phishing Working Group (APWG) shows that threat actors abuse HTTPS certificates to trick internet users into believing a site is secure. In the second quarter of 2020, 80% of phishing sites used SSL certificates and cybercriminals are leveraging Transport Layer Security (TLS) and Extended Validation (EV) Certificates for extra credibility. Webmail, SaaS, Facebook, and WhatsApp remain the most targeted areas.


Google gives app developers one year to comply with 30% Play Store fee

In a move seen by industry observers as a way to make up for the revenue hole created when Netflix and Spotify started billing direct, Google has issued a “clarification” to its billing policies to developers wishing to sell apps through the Google Play store. Google traditionally charges 30% of the revenues generated by third party app sales, and is giving companies until September 30, 2021 to update their billing practices.

(New York Times)

Twitter says bug leading to API key leak is patched

Twitter last week started sending emails to developers to inform them of a vulnerability that might have resulted in the disclosure of developer information, including API keys. The issue, which has now been fixed, potentially resulted in details about Twitter developer applications being stored in the browser’s cache when the app builders visited the website, the company said in an email sent to developers, which was shared online.


Fashion brands design ‘waist-up’ clothing for video calls

The catwalks of fashion houses in Milan and London are responding to the “lockdown economy” by focusing on fashions designed to be seen on Zoom and similar videoconference technology. Although not admitting this directly, new designs are focusing on moving brand logos higher up the neckline and focusing on tops, while allowing more relaxed fit pants and flatter shoes. 

(BBC News)