Morphisec Cybersecurity Blog

Security News in Review: Google Funding Security Development for Linux Kernel

Written by Matthew Delman | February 26, 2021 at 5:38 PM

We’re back after a skipped Security News in Review last week. In this week’s edition of our roundup of the biggest cybersecurity news stories, we have reporting on ransomware attacks shutting down Underwriters Laboratories and a payment processor widely used by state and municipal governments, as well as a report on Google partnering with the Linux Foundation to hire two people whose sole job will be to improve the security of the Linux kernel. 

Read on for the latest Security News in Review, and let us know if we missed anything. 

Underwriters Laboratories (UL) certification giant hit by ransomware -- Safety certification giant Underwriters Laboratories was hit by a ransomware attack recently. The attack encrypted their servers and resulted in the company shutting down its systems while they cover. UL is the largest and oldest certification company in the United States, affixing its certification logo to hundreds of products, such as TV remotes and Apple USB chargers. Shutting down its systems to restore from backups has resulted in some employees being unable to do their jobs at this time. 

Chinese Hacking Group 'Cloned' NSA Exploit Tool -- For a few years now, researchers have suspected that the China-based group variously called APT32 and Zirconium had created an exploit tool to take advantage of a Windows zero day tracked as CVE-2017-0005. According to new reports, however, it appears that APT32 “cloned” an exploit that the NSA had in its zero day toolkit. They did this a few years prior to when NSA exploits began to be published. 

Payment processor used by government hit by ‘Cuba’ ransomware gang -- Automatic Funds Transfer Services (AFTS), a Seattle-based payment processing company used heavily by state and local governments, was hit by the Cuba ransomware gang. Threat actors stole unencrypted data files from AFTS before locking up their systems, with cities from California and Washington state already feeling the hit in their operations. AFTS is widely used to manage payment on utility bills as well as driver’s license data. 

These hackers sell network logins to the highest bidder. And ransomware gangs are buying -- Business is booming for Initial Access brokers on the dark web, with ransomware gangs buying the stolen network credentials that these middlemen are selling. Access via remote desktop protocol is the most highly sought-after form of stolen credentials. Demand is reflected in the average listing price for stolen RDP access, which is $9,765 as of this writing. 

New York issues cyber insurance framework as ransomware, SolarWinds costs mount -- In early February, the state of New York issued guidance to all property and casualty insurance companies in the state regarding ransomware cyber risk. The move is widely viewed as protecting one of New York’s key industries from deleterious losses as ransomware attacks and ransom demands continue to increase year over year. 

Google funds Linux kernel developers to work exclusively on security -- Google and the Linux Foundation have hired two developers to work exclusively on the security of the Linux kernel. These two researchers will focus on enhancing the security posture of the kernel, in recognition of the reality that the Linux OS can’t coax by on its reputation of being more secure than Windows. 

IBM Squashes Critical Remote Code-Execution Flaw -- IBM recently patched a critical flaw in IBM Integration Designer, tracked as CVE-2020-27221, which would have allowed for remote code execution in the Integration Designer solution. The flaw was related to an issue in versions 7 and 8 of Java Runtime Environment (JRE), which is used by IBM Integration Designer toolset.