SECURITY TRENDS: Botnets are ramping up CMS infections

Botnets are increasingly targeting content management (CMS) tools by exploiting older platform versions, unsupported plugins, and weak passwords. 

The move to digital business, spurred by the COVID-19 pandemic, has dramatically expanded the attack surface for botnets.

One botnet, KashmirBlack, has grown particularly adept at...

To read more, sign up for our 14-day free premium content trial! 

Dutch researcher Victor Gevers claims to have hacked into President Trump's Twitter account by correctly guessing Trump's password, "maga2020!" Gevers said Trump did not have multi-factor authentication enabled. The researcher said he was able to access Trump's direct messages, post tweets, and change his profile. 

More:

• Gevers said he was able to make seven attempts at guessing Trump's password and was not blocked. 
• Twitter said it has seen no evidence that Trump's account was compromised.
• Gevers said he previously compromised Trump's Twitter account in 2016.
• President Trump has 87 million Twitter followers.

Cisco patched on Wednesday 36 bugs in its network products, some of which could enable a remote attacker to launch denial-of-service (DoS) and cross-site request forgery (CSRF) attacks. A majority of the bugs affect Cisco's Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software.

More:

• Cisco's FTD is a suite of network security and traffic-management products, while its ASA software is the operating system for its ASA corporate network security devices.
• Twenty of the bugs are rated high-severity, with the rest rated medium-severity.
• The most severe bug affects the Firepower Chassis Manager (FCM), which suffers from insufficient CSRF protection in the FCM interface. 

Iran was responsible for sending emails purportedly from the Proud Boys threatening Democratic voters in Alaska, Florida, and Pennsylvania, according to John Ratcliffe, the director of national intelligence. Ratcliffe said both Iran and Russia have stolen U.S. voter information that could be used to spread disinformation.

More:

• Proud Boys is a far-right, neo-fascist, male-only organization that engages in political violence.
• Earlier this month, the Department of Justice said it had seized 92 domain names being used by Iran in a global disinformation campaign.
• The bogus Proud Boys email threatened to come after Democratic voters who didn't vote for President Trump. 
• Trustwave said it found a hacker selling voting registration information on 186 million Americans.

Google will automatically hide website notification spam on sites that have a pattern of sending abusive notification content to victims in Chrome 86. The new feature focuses on content that delivers malware or tries to harvest user credentials. 

More from Google:

• Chrome 80 first introduced the quiet notification permission UI, which discourages users from allowing notifications from abusive websites. 
• Google said that abusive web notifications are one of the top Chrome user complaints. 
• When Chrome detects abusive activity from a website, it will give the registered site owners at least 30 days before enforcing the new feature.

PODCAST NOTES: 

Every Thursday, I summarize a podcast about cybersecurity so you can read it in about five minutes or less. This week features Bill Harrod, federal CTO with MobileIron, who spoke with Dave Bittner of Hacking Humans (#121) about election disinformation campaigns and associated malicious activities. [Note: Questions and answers were edited for brevity and clarity.]

Dave Bittner: Where do we need to head in terms of getting election disinformation under control?

Bill Harrod said that there is a need for people to have the ability to know what is safe and what is true. That might come from trusted media. It could also come from quarantining email coming in and having people select what they're going to look at rather than having it dumped into their email inbox. People tend to scroll through the email and select something that may be malicious without really considering it. 

He noted phishing has been one of the most significant attack vectors, particularly since the COVID pandemic started and everybody went to telework...

To read more, please sign up for our 14-day FREE premium content trial today.

QUICK HITS:

• Artic Wolf Networks, a managed detection and response startup, has raised $200M in Series E funding led by Viking Global Investors. (For more startup funding news, check out my weekly SECURITY FUNDING column.)
• An unknown attacker is holding for ransom stolen patient information from Vastaamoa, a Finnish psychotherapy provider.
• Ansa McAI, the Caribbean's largest conglomerate, has been hit by a REvil ransomware attack that has taken some of its IT systems offline.
• Scalable Capital, a German online advisory firm, has suffered a data breach that exposed data on 20,000 clients.  
• Two Idaho tribal casinos were shut down by ransomware attacks for 10 days, while a California casino had to shut down for three weeks due to an unidentified type of cyberattack.
• Chargebee’s virtual summit gathers the biggest market disruptors from Apple, Slack, Drift, Zendesk and the likes to empower SaaS businesses. Join the summit for free.*

*This is sponsored content.