CyberSec Roundup
A synopsis of the Latest Cybersecurity News
Malware targeting Latin American Countries
ESET security researchers have uncovered a malicious campaign called Bandidos, which is being used to spy on corporate Latin American networks, particularly in Venezuela. The threat actors are using an upgraded version of the Bandook remote access trojan. ESET’s telemetry data has identified targets in manufacturing, construction, healthcare, software services, retail sectors. The campaign seems to have begun in 2015 but has only been recently discovered.
Morgan Stanley Leak
Morgan Stanley notified the Attorney General of New Hampshire that they were the victim of a data breach, which would have affected 108 of its residents. The breach occurred at one of Morgan Stanley’s vendors called Guidehouse, which provides account maintenance services. Guidehouse was breached via the Accellion FTA vulnerability, which resulted in customer information being accessed by the attacker. Information that was leaked included the client’s name, SSNs, and date of birth, however, they say passwords for financial accounts were not accessed.
CNA Hit with Ransomware
CNA Financial Corporation has been notifying customers that they were the victim of a sophisticated ransomware attack in March. Phoenix Locker operators were behind the attack and accessed files relating to over 75,000 individuals before deploying ransomware on the network. CNA was able to successfully recover from the attack, and do not believe the files that were accessed were viewed, retained, or shared. They will still offer the affected customers 2 years of free access to an identity protection service.
By: David Pinder
IT & Security Consultant
Certified Ethical Hacker (Master)