Cybersecurity Weekly: Australia’s P&N Bank breached and Crytographic flaw in Windows 10

Wipfli Insights Team

Jan 22, 2020

2 min read

Each week, Wipfli’s cybersecurity professionals review the latest breaches, vulnerabilities, patches and updates.

Australia’s P&N Bank has disclosed a breach that compromised customer data, including names, account numbers, and account balances. The incident occurred around the second week of December 2019 during a server upgrade. P&N believes that the intruders gained entry through third-party hosting provider.
In December, operators of Maze ransomware posted data they claimed was taken from Southwire, a U.S. wire and cable manufacturer, during a cyberattack. That website was taken down after Southwire filed a lawsuit. The Maze ransomware operators have now posted an additional 14 GB of data they allegedly took from Southwire and said they would keep posting data until the company paid the ransom. The new website also lists the names of organizations the attackers claim to have infected with ransomware and that have not paid. Following the lead of the Maze attackers, operators of the Sodinokibi ransomware have begun publishing data belonging to organizations that have not paid the demanded ransom.
The Manor Independent School District, near Austin, TX, lost $2.3 million in an email scam. The funds were sent in three separate transactions in November and December 2019.

The U.S. National Security Agency (NSA) has deemed a cryptographic flaw it found in Windows 10 so critical that it took the unusual step of disclosing the flaw itself. The flaw could be exploited to spoof code signing certificates. The issue also affects Windows Server 2016 and 2019 and “applications that rely on Windows for trust functionality.” The Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive instructing federal agencies to patch the issue by January 29. Proof-of-concept exploit code for the vulnerability has been released.
Critical flaws in two WordPress plugins could be exploited to access websites’ administrator accounts without a password. The affected plugins – InfiniteWP Client and WP Time Capsule, run on 300,000 and 20,000 websites, respectively. The developers of both plugins have addressed the issues in updates.
US-CERT Vulnerability Summary for the week of January 13, 2020.

On Tuesday, January 14, Microsoft released fixes for 50 security issues, including a critical cryptographic vulnerability in Windows 10. While that vulnerability has grabbed headlines, users are also being urged to apply the update to fix a pair of Remote Desktop Protocol (RDP) vulnerabilities. January 14 also marks the last update Microsoft will provide for Windows 7; the operating system will no longer be supported for home users.
Adobe’s monthly security release includes fixes for five critical memory corruption flaws in Illustrator CC and four flaws in Adobe Experience Manager.
Oracle’s Critical Patch Update for January 2020 includes fixes for 334 security issues across a wide spectrum of product families. Forty-three of the vulnerabilities addressed in the update are rated critical.