DEV Community

Cover image for Security news weekly round-up - 25th September 2020
Habdul Hazeez
Habdul Hazeez

Posted on

Security news weekly round-up - 25th September 2020

One thing led to another, we did not publish any weekly round-up last week. My sincere apologies.

This week round-up is a mixture of it all, from ransomware attacks to software bugs.


Patient dies after ransomware attack reroutes her to remote hospital

All technology created by man can be abused, code is not an exception.

This time it allegedly results in a fatality.

Excerpt from the article:

A woman seeking emergency treatment for a life-threatening condition died after a ransomware attack crippled a nearby hospital in Duesseldorf, Germany, and forced her to obtain services from a more distant facility.

Zerologon – hacking Windows servers with a bunch of zeros

Microsoft Windows is the most popular Operating System in 2020 therefore, it's always under scrutiny by researchers and this time the result is a bug with "huge impact".

Excerpt from the article:

Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization’s crown jewelsβ€”the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network.

Tutanota encrypted email service suffers DDoS cyberattacks

It's possible you've never heard of Tutanota, but now you know it. Recently, it suffered a Distributed Denial of Service attack popularly called DDoS.

Excerpt from the article:

This is a direct attack on our freedom and our right to privacy. With Tutanota we provide a secure communication tool to millions of users around the world, also to activists and journalists. These constant attacks against Tutanota seem to have only one aim: To stop citizens from using encrypted email.

Microsoft Sysmon now logs data copied to the Windows Clipboard

Malware can infect anyone and any computer system for a variety of reasons. The least malicious action performed by a malware is monitoring and capturing of data in the user's clipboard.

Now, Microsoft has taken a step that allow System administrators monitor when a system clipboard is compromised with the new version of Sysmon.

Excerpt of the article:

With the release of Sysmon 12, users can now configure the utility to generate an event every time data is copied to the Clipboard. The Clipboard data is also saved to files that are only accessible to an administrator for later examination.

As most attackers will utilize the Clipboard when copying and pasting long commands, monitoring the data stored in the Clipboard can provide useful insight into how an attack was conducted.

Shopify data breach illustrates the danger of insider threats

No System is Safe, no matter the level of a security built into a system there is always one weak link: humans.

Excerpt from the article:

A recent data breach at Shopify that affected almost 200 merchants has been attributed to insiders.

The incident did not result from a technical vulnerability, but from two "rogue" support team employees involved in a scheme to procure customer transactional records and sensitive data.

Instagram bug allowed crashing the app via image sent to device

From an application with just 30 million users to over half a billion, it's 2020 Instagram needs no introduction.

IG users let me see your hands in the air (my hands are raised high enough).

Excerpt from the article:

To trigger the bug, an attacker had only to send the target a specially crafted image via a common messaging platform or over email.

The issue was in the way Instagram parsed images, so as long as the app could access it to show it as options for a post, the vulnerability would set off allowing dangerous actions.

The Windows XP source code was allegedly leaked online

The software is over 19 years old but the source is still proprietary technology therefore, take a look or walk away. Your choice.

Excerpt from the article:

The leaker claims to have spent the last two months compiling a collection of leaked Microsoft source code.


That's it for this week, I'll see you next Friday.

Cover photo by Jazmin Quaynor on Unsplash.

Top comments (0)