Cybersecurity News & Trends

This week, cybercriminals took a more hands-on approach, a new breed of ransomware bided its time, and computers got too hot to handle.

SonicWall Spotlight

Test Platform Leaks Bank Of America Clients’ Covid-19 PPP Loan Applications — SC Magazine

• Bank of America has disclosed that its third-party test platform briefly exposed Paycheck Protection Program applications to outside parties. According to SonicWall’s Dmitriy Ayrapetov, the leak was due to a rushed effort by the bank to finish the data platform, resulting in holes in its security.

Boundless Cybersecurity For The New Work Reality — SC Magazine

• The adoption of work-from-home has moved us into a hyper-distributed IT landscape. With 100-percent-remote employees conducting online meetings and connecting via email, mobile and cloud, the perimeter has vanished into a multitude of endpoints spread across the globe.

Cybersecurity News

New Tycoon ransomware targets both Windows and Linux systems — Bleeping Computer

• A new human-operated ransomware strain is being deployed in highly targeted attacks on small- to medium-size organizations in the software and education industries.

Large-scale attack tries to steal configuration files from WordPress sites — ZDNet

• In an attempt to steal database credentials, attackers tried to download configuration files from WordPress via old vulnerabilities in unpatched plugins.

‘Scorching-hot hacked computer burned my hand’ — BBC

• At least a dozen supercomputers across Europe had to be shut down last week due to cryptojacking attacks. One individual found out the hard way that his was one of them.

USBCulprit malware targets air-gapped systems to steal govt info — Bleeping Computer

• The newly revealed USBCulprit malware is designed for compromising air-gapped devices via USB.

Cybersecurity warning: Hackers are targeting your smartphone as way into the company network — ZDNet

• Campaigns targeting smartphones have risen by a third in just a few months, many with the end goal of opening a portal to corporate networks.

Denial of service attacks against advocacy groups skyrocket — Cyberscoop

• A new report suggests that advocacy sites are being targeted at a rate more than four times that of U.S. government websites such as police and military organizations.

Ransomware gang says it breached one of NASA’s IT contractors — ZDNet

• DopplePaymer ransomware gang claims to have breached DMI, a major U.S. IT and cybersecurity provider and a NASA IT contractor.

Anonymous, aiming for relevance, spins old data as new hacks — Cyberscoop

• The group is trying to use the nationwide protests to draw attention to data that was stolen years ago.

Apple fixes bug that could have given hackers full access to user accounts — Ars Technica

• Sign In With Apple — a privacy-enhancing tool that lets users log in to third-party apps without revealing their email addresses — just fixed a bug that made it possible for attackers to gain unauthorized access to those same accounts.

Suspected Hacker Faces Money Laundering, Conspiracy Charges — Bank Info Security

• According to the U.S. Department of Justice, a New York City man is facing federal charges after being arrested at John F. Kennedy Airport with a PC allegedly containing thousands of stolen credit card numbers.

An advanced and unconventional hack is targeting industrial firms — Ars Technica

• Attackers are putting considerable skill and effort into penetrating industrial companies in multiple countries, with hacks that use multiple evasion mechanisms, an innovative encryption scheme, and exploits that are customized for each target.

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time — Threat Post

• Microsoft has warned of a new breed of “patient” ransomware that lurks in networks for weeks before striking.

In Case You Missed It

• Custom Build your Security Strategy with the SonicWall Boundless Cybersecurity Bundle — Amber Wolff
• Why Securing Remote Work is Crucial To Ensuring Business Continuity — Agasthiamani Sankaran
• Securing Telecommuters with Expanded Endpoint Visibility and Control — Suroop Chandran
• ‘Boundless Cybersecurity’ Protects Organizations Mobilizing for the New Business Normal — Geoff Blaine
• The New Front in Hospitals’ Battle Against COVID-19: Ransomware — Amber Wolff
• SonicWall Unveils Partner Program Designed for MSSPs — Lindsey Lockheart

Amber Wolff

Senior Digital Copywriter | SonicWall

Amber Wolff is the Senior Digital Copywriter for SonicWall. Prior to joining the SonicWall team, Amber was a cybersecurity blogger and content creator, covering a wide variety of products and topics surrounding enterprise security. She spent the earlier part of her career in advertising, where she wrote and edited for a number of national clients.