FBI and CISA Issue Joint Alert Warning That Hackers Are Exploiting Zerologon, In Some Cases Against Election Systems

Google provided cops with IP addresses of web searchers in R. Kelly-related case, Software AG hit by CLOP ransomware, debate moderator says his Twitter account was hacked, more

(Check out our special report issued on Saturday, October 10 on how the FBI and Cyber Command attempted to meddle with the Trickbot botnet ahead of the elections.)

The FBI and DHS’s cybersecurity arm CISA issued an alert on Friday evening, saying they detected hackers exploiting a critical Windows vulnerability known as Zerologon against state and local governments. Some of the attacks are being used to breach networks used to support elections. To gain initial access, the attackers exploit vulnerabilities in firewalls, VPNs, and other products from companies including Juniper, Pulse Secure, Citrix (formerly NetScaler), and Palo Alto Networks. All of the vulnerabilities have been patched, and the two government agencies urge admins to implement those patches. (Dan Goodin / Ars Technica)

Related Reddit - cybersecurity, US-CERT

Presidential Debate Moderator Steve Scully Says His Twitter Account Was Hacked

C-SPAN’s longtime host Steve Scully, who was scheduled to moderate next week’s presidential town-hall debate between Donald Trump and Joe Biden, says his Twitter account was hacked after someone tweeted from his account a message to Trump detractor Anthony Scarmucci seeking advice on how to deal with Trump. Most of the news industry, including conservatives, backed the well-liked host and believed he was hacked. (Lloyd Grove, Justin Baragona / Daily Beast)

Related: POLITICOVoxNew York PostWashingtonExaminer.comDaily MailRT USAHeavy.comMediaite

German Enterprise Software Giant Software AG Hit by CLOP Ransomware

The CLOP ransomware gang hit the network of German enterprise software giant Software AG over a week ago, asking for a ransom of $23 million after stealing employee information and company documents. However, the company did not identify it as such. Software AG initially said that the attack affected only its internal systems and not its customer cloud accounts. The company later said that it found evidence that data was downloaded from Software AG's servers and employee notebooks. (Sergiu Gatlan / Bleeping Computer)

Related: isssource.comCarbon Black, HackReadReddit - cybersecurity, ZDNet SecurityThe Register - Security, Security Affairs, Gadgets Now, HackRead, Reddit - cybersecurity

Google Provided IP Address of People Who Searched for Home Address of R. Kelly Witness

Raising a host of privacy and civil liberty issues, court documents showed that Google provided the IP addresses of people who searched for the home address of a witness against accused sex offender R. Kelly, who then had his car set on fire. Police tied one of the IP addresses to a phone number for Michael Williams, who the cops then arrested for allegedly setting the car on fire. (Alfred Ng / CNET)

Related: The Register - SecurityHotHardware.comAndroidHeadlines.comTech Insider

Click on the tweet below to read the incredible thread by Robert Snell of The Detroit News about how the police found Williams.

Other Infosec News

  • Google changed the HTTP Cache or the Shared Cache, a core component of the Chrome browser works to add additional privacy protections for its users. Over the years, the caching system has been abused by web advertising and analytic systems to track users. The change Google implemented, known as "cache partitioning," changes how resources are saved in the HTTP cache based on two additional factors which effectively blocks all known attacks on the caching system. (Campus Codi ZDNet)

  • In recent weeks, unidentified spies have been quietly breaching Azerbaijani government IT networks and accessing the diplomatic passports of certain official researchers at Cisco Talos report. The effort coincides with an outbreak of violence between ethnic Armenian separatists and Azerbaijani government forces. (Sean Lyngaas / Cyberscoop)

    Related: Digital Journal

  • Georgia Department of Human Services said that between May 3, 2020, and May 15, 2020, hackers managed to gain access to several employee email accounts, exposing personal and health information of children and adults involved in Child Protective Services (CPS) cases of the DHS Division of Family & Children Services (DFCS). (Campus Codi / ZDNet)

  • French digital TV security company Verimatrix announced that it was targeted by a “sophisticated” cyberattack that led to a data breach on October 9. The company said it took prompt action and has not identified any impact on customers. (Business Wire)

  • Prison video visitation provider HomeWAV, which serves a dozen prisons across the U.S., left a dashboard for one of its databases exposed to the internet without a password, allowing anyone to read, browse and search the call logs and transcriptions of calls between inmates and their friends and family members, security researcher Bob Diachenko discovered. (Zach Whittaker / TechCrunch)

    Related: Reddit - cybersecurity

Outstanding Must-Read

This dogged and thoroughly reported piece by multiple reporters for Germany’s BR24 is worth the hour or so to read it, if only for the outstanding production value and informative, interactive graphics. It focuses on a group of Vietnamese dissidents spied on by the Ocean family state-sponsored Vietnamese hackers (Ocean Lotus is the best known) for years with little help from authorities. Photo by cheng feng on Unsplash

Main photo by Elliott Stallion on Unsplash