A high-severity flaw allows remote, unauthenticated attackers to potentially gain administrative privileges for Cisco small business switches. Cisco Systems is warning of a high-severity flaw affecting more than a half-dozen of its small business switches. The flaw could allow remote, unauthenticated attackers to access the switches’ management interfaces with administrative privileges. Specifically affected are Series Smart Switches, Series Managed Switches and Series Stackable Managed Switches. Cisco said it was unaware of active exploitation of the vulnerabilities. Software updates remediating the flaws are available for some of the affected switches, however, others have reached end of life (EOL) and will not receive a patch.
Despite an increased toll on their computer systems amid Covid-19, healthcare organizations throughout the world generally are doing a good job of mitigating inbound attack attempts, according to a Vectra analysis of the first five months of 2020. The report cites a doubling of data exfiltration behaviors to external destinations in Europe, Middle East and Africa (EMEA), such as cloud services, and healthcare’s increased reliance on remote work and collaboration. “In North America, healthcare providers experienced an initial spike in external data movement activity that settled down over time,” the Vectra report said. The new research studied the networks of 31 opt-in enterprise organizations that use the company’s Cognito NDR platform.
New ‘smishing’ campaigns from the Roaming Mantis threat group infect Android users with the FakeSpy infostealer. Android mobile device users are being targeted in a new SMS phishing campaign that’s spreading the FakeSpy infostealer. The malware, which is disguised as legitimate global postal-service apps, steals SMS messages, financial data and more from the victims’ devices.
The malware is using DNS tunneling to exfiltrate payment-card data. A venerable point-of-sale (POS) malware called Alina that’s been around since 2012 is back in circulation, with a new trick for stealing credit- and debit-card data: Domain Name System (DNS) tunneling. DNS is the mechanism by which numeric IP addresses are linked to website names; DNS translates human-readable domain names to IP addresses so browsers can load internet resources. Researchers at Black Lotus Labs spotted a still-ongoing campaign that began in April, in which cyberattackers employed Alina to siphon off payment-card information, then used DNS to exfiltrate it.