Microsoft: Trickbot Take-Down Rate Is 94%

NSA warns of Chinese malicious activity, Sweden bans Huawei and ZTE, Pfizer exposes sensitive patient data, Many browsers features address bar spoofing flaw, Google issues Chrome fix and more

Microsoft said it has disabled 120 out of 128 command and control servers it has identified as part of the Trickbot botnet which the company says equates to a 94% take-down rate. The move follows a push by the Pentagon and a coalition of tech companies to take out the ransomware-purveying botnet ahead of election day and following a string of high-profile ransomware attacks. (Tim Starks / Cyberscoop)

Related: TechTargetReutersBloombergBentham's GazeDataBreachToday.com, Dark ReadingSecurityWeekBleeping Computer, Microsoft, Asia One DigitalBusinessWorldiTnews - SecurityLaw & Disorder – Ars TechnicaNeowinSecurity Affairs

NSA Outlines Twenty-Five CVEs Used by Chinese State-Sponsored Actors

The U.S. National Security Agency (NSA) published an in-depth report on Chinese state-sponsored malicious cyber activity outlining “25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.” The Department of Homeland Security’s cybersecurity and Infrastructure Security Agency (CISA) encourages critical system administrators to prioritize the immediate patching of the CVEs in NSA’s advisory. (Catalin Cimpanu / ZDNet)

Related:Homeland Security TodayCISAFCWDark ReadingThe RegisterSecurity AffairsDark Reading:  DataBreaches.netIT ProBleeping Computer, NSA, US-CERT, Cyberscoop

Share Metacurity

Sweden Joins Growing List of European Countries to Ban Chinese Telecom Gear From 5G Networks

Sweden has banned gear from Chinese telecom tech giants Huawei and ZTE from large parts of the country’s 5G networks, joining a growing list of European countries that have also banned the companies’ technology on security grounds. The country’s telecom regulator said it followed the advice from the country's armed forces and security service, which described China as "one of the biggest threats against Sweden.” (Supantha Mukherjee, Helena Soderpalm / Reuters)

Related: BloombergPolitico EUDAILYSABAHGadgets NowThe Hindu - NewsRT NewsDevdiscourse News DeskMalay Mail - AllCyberNews

Pfizer’s Misconfigured Google Cloud Storage Bucket Exposed Sensitive Patient Information on the Internet

Due to a misconfigured Google Cloud storage bucket, pharmaceutical giant Pfizer suffered a data breach with patient information exposed on the public internet, researchers at VPNmentor discovered. The data included hundreds of conversations between Pfizer’s automated customer support software and people using its prescription pharmaceutical drugs including Lyrica, Chantix, Viagra, and cancer treatments Ibrance and Aromasin. Along with confidential medical information, the exposed data included full names, home addresses, and email addresses of the patients. (Duncan Riley / Silicon Angle)

Related: Cyber News GroupInfosecurity Magazine, VPNMentor

Address Bar Spoofing Flaws in Multiple Browsers Could Fool Users Into Believing Scam Sites Are Legitimate

Address bar spoofing vulnerabilities were found by researchers at Rapid 7 for multiple browsers including Apple’s Safari, Opera Touch/Mini, Yandex, Bolt Browser, RITS Browser, and UC Browser. An attacker can exploit the vulnerabilities to present a fake URL in the address bar for a given webpage, fooling users into believing that they may be on a legitimate site when in fact they’re on a scam site. (Ravie Lakshmanan / The Hacker News)

Related: Silicon Angle

Google Issues Chrome Security Fixes, Including One Zero-Day Bug Exploited in the Wild

Google released Chrome version 86.0.4240.111 to deploy security fixes, including a patch for an actively exploited zero-day vulnerability discovered by Google’s Project Zero researches. The zero-day (CVE-2020-15999) is described as a memory corruption bug in the FreeType font rendering library that's included with standard Chrome distributions. (Catalin Cimpanu / ZDNet)

Related: iTnews - Security

Solarium Commission Urges U.S. to Step Up Efforts on 5G Technology Supply Chain

The Cyberspace Solarium Commission, a congressionally-led public-private initiative aimed at solving some tough cybersecurity problems, has issued a 50-page white paper entitled “Building a Trusted ICT Supply Chain” that largely centers on counteracting China’s influence in the 5G market. The Commission says that China has put the U.S. and its allies at a disadvantage, creating an unfair trade system. The report concludes that the “United States must step up its efforts because the nation that wins the battle over 5G technology will hold the keys to the next 20 years of innovation and economic growth.” (Steve Zurier / SC Magazine)

Follow Us on Twitter

Related: GovCon WireInsideCyberSecurity.comInfosecurity Magazine, Cyberspace Solarium

Other Infosec News