Now that workplaces around the world are – more or less – functioning under some combination of remote work tools, a new set of security challenges has manifested itself. Cybersecurity risks like phishing scams, man-in-the-middle attacks, ransomware, evil twin attacks, passive sniffing, and many more cause even more sleepless nights for IT personnel tasked with maintaining their company’s security. But there might be light at the end of the tunnel with the concept of ‘Zero Trust’.
What is Zero Trust Security?
The Zero Trust concept focuses on the idea that an organization systematically refrains from automatically trusting anything inside or outside its perimeters. It might seem at first like this isn’t a great idea, but it is the foundation on which traditional security and access have been built. With a Zero trust strategy in play, everything must go through a rigorous verification process before any connection to its internal networks and programs can be permitted.
According to Charlie Gero, CTO of Enterprise, and Advanced Projects Group at Akamai Technologies, quoted in a 2018 CSO magazine article: Zero Trust boils down to “do not trust anyone.” In a nutshell, a Zero Trust solution creates “trust zones” that continuously identify, test and authenticate devices or users whenever they try to access resources on the internal company network. In a Zero Trust scenario, a hacker is barred from taking advantage of vulnerabilities.
Zero Trust was created by John Kindervag in 2010 when he was a principal analyst at research firm Forrester Research. Kindervag was part of Forrester’s security and risk team when he developed the Zero Trust model to expose the myth that internal networks were safe. One of Kindervag’s examples of how internal networks were vulnerable was with the American National Security Agency (NSA) whistleblower, Edward Snowden. Snowden had unfettered access to internal systems and stole classified documents, Kindervag said during a security roundtable hosted by Palo Alto Networks. Kindervag currently works for Palo Alto Networks. Snowden, as an IT contractor, did not ‘game’ or cheat the system. He simply used the access the (fundamentally flawed) system granted him.
Besides the Zero Trust strategy’s apparent data protection gains, one of the most significant benefits of the concept is that organizations can provide remote users with protected access to their organization’s applications with confidence. The converse applies equally, too – organizations can shut down access in a similarly efficient way.
An added advantage to Zero Trust is that organizations can significantly reduce the load on the VPN. It also increases the speed and ease of access to data, since Remote Desktop connections slow users down. During this COVID-19 pandemic with so many individuals working remotely, this could be a reliable solution to ease the stress on the system.
Zero Trust Deployment
Zero Trust may sound like an ideal solution during COVID-19 however, it is not an easy solution to implement. Organizations must adjust their IT budgets to accommodate a Zero Trust strategy since their current infrastructure may not be ready for it. A potential weak spot for Zero Trust maybe when a workforce uses personal computer equipment for business. The lack of endpoint security on those devices may trip up a Zero Trust environment. This will inevitably leave workers defenseless against a cyber-attack opening vital data to theft. However, solutions like Mobile Device Management facilitate a greater degree of control and will go some way to achieving a more secure position. These solutions, provided by Microsoft or JAMF, for example, solve this by automatically managing devices and deploying endpoint protection and encrypting the machines and assessing the devices for conditions of compliance before enabling further access.
Regardless if we’re in the middle of a pandemic or not, it’s never too late to get started formalizing a plan for Zero Trust. Implementing Zero Trust will take time, but organizations should consider starting with isolated trust zones, developing a pilot program, and selecting essential organization applications for remote access. As always, Jolera is here to help our partners on the journey to Zero Trust with our professional services and managed services like Manage IT and Secure IT Endpoint, offering 24/7 security and uptime for an organization’s environment.
A new variant of malware is attacking Windows systems. Dubbed Lucifer, this malware identified by security experts has cryptojacking and DDoS capabilities that leverage old vulnerabilities to perform malicious attacks. The vulnerabilities targeted by Lucifer malware include Rejetto HTTP File Server (CVE-2014-6287), Oracle Weblogic (CVE-2017-10271), ThinkPHP RCE (CVE-2018-20062), Apache Struts (CVE-2017-9791), Laravel framework CVE-2019-9081), and Microsoft Windows (CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464).
Besides applying patches and increase password safety, it is important to manage these updates to guarantee protection from any potential vulnerabilities. Manage IT and Secure IT – Endpoint combined provide clients with 24/7/365 IT management service, which includes monitoring, support/troubleshooting, maintenance, reporting and asset management of their IT infrastructure (servers, storage, networking, applications, desktop/laptops).
New ransomware with peculiar features, named Thanos, is being promoted as a Ransomware-as-a-Service. According to a new report by Recorded Future, Thanos is enlisting hackers, and other threat actors, to distribute the ransomware in exchange for a revenue share of the ransom payments. Thanos ransomware is considered a serious threat because of its advanced features, like the use of a researcher-disclosed RIPlace anti-ransomware evasion technique.
Businesses are increasingly becoming the most popular targets for ransomware. Consequently, it is important that companies take measures to improve their security posture. Secure IT offers a wide range of services to protect organizations against evolving security threats.
‘COVID-19 Employee Training’ Phish
Security experts are advising companies of a new phishing attack that exploits COVID-19 pandemic. The campaign targets employees using Office 365, by sending them alleged training resources regarding returning to work policies, as COVID-19 lockdowns lift. Users are then directed to a malicious URL, where they need to provide their credentials.
Users should be cautious of suspicious email links. Services like Secure IT – Mail help scan emails to detect if they are legitimate or not. If they are not legitimate, these tools will block users from even visiting the malicious website.
Millions of internet of things (IoT) devices are affected by dozens of vulnerabilities. Cyber-security experts exposed a total of 19 vulnerabilities (4 of them considered critical) in a small library widely used and integrated into innumerous products over the last 20 years. These vulnerabilities affect both enterprise and consumer-grade products, from printers to insulin pumps.
Treck has issued a patch for use by OEMs in the latest Treck stack version (126.96.36.199 or higher).
Linkedin ‘Job Offers’ Malware
A recent malware campaign targeting aerospace and military firms has been discovered. Victims in Europe and the Midle East received Linkedin spear-phishing messages, supposedly from Collins Aerospace and General Dynamics, with a job offer. Besides the offer being fake, the message also included malicious documents that eliminate data from the device.
Users should be cautious whenever opening files from an email. Services like Secure IT – Mail help scan the files within emails to detect if they are legitimate or not. If they are not legitimate, these tools will block users from even visiting the malicious website.
Customers of U.S. banks and financial institution are the target of an ongoing campaign using “Qbot malware”, a banking Trojan active since 2008. Trough Qbot payloads, attackers are able to steal financial data from these clients, and spread malware on compromised devices. According to specialists, “Qbot malware” is being used with updated worm features.
Cybersecurity awareness training is highly recommended to defend against evolving malware threats. Secure IT – User Defence is a suite of security services specifically tailored to empower employees to become the first line of defence against cyber attacks.
The COVID-19 pandemic has disrupted our global economy and forced businesses to change the way they operate. The evolution of this virus and its socio-economic impact has made it difficult for many businesses to adapt their operations. However, through it all, Jolera has managed to maintain consistent and successful operations. We asked Jolera’s very own Chief Operating Officer, Manish Govindaraj, how the company managed to adapt and thrive during the global crisis while staying true to its people-first core values. Manish describes his team’s approach to enacting the company’s Business Continuity Plan (BCP), as well as their coordinated return to work strategy.
“For a business to continue operating under these situations of duress or crisis, you have to have an active and tested Business Continuity Plan. For us, as a SOC II Type II certified entity, we have been testing our BCP on a quarterly basis, not just because SOC II demands it, but also because it’s good business practice.”
– Manish Govindaraj
According to Manish, the organization’s transition to remote operation meant balancing the safety of employees with the ideal productivity levels necessary to satisfy customers’ expectations. With hundreds of staff members operating globally, Jolera was identified as an essential service and aimed to “challenge ourselves to provide a seamless experience to our customers, as if nothing had changed,”. With hundreds of channel partners, thousands of end clients, and such depending on their services, company stakeholders recognized the importance of honouring commitments to both customers and employees alike.
“We are a true 24/7/365 entity, and that had to be held true while we were remote with all of our staff members. At the forefront of all of this was the importance to keep our employees safe, and as a result, keep our business safe.”
– Manish Govindaraj
The company made the transition to total remote operation at the beginning of March, even before the government of Ontario declared a state of emergency. “We acted early, reducing the risk of exposing our staff members to the virus at the workplace; that was very important to us,” Manish reflected. In the best interest of employees, Manish led the initiative to remote operation with Jolera Inc’s Pandemic Response Team.
Together, they identified four key aspects to protect their people and their business:
1. Keep everyone safe
2. Deliver on customer mandates
3. Ensure operational security
4. Build a stronger Jolera community
Once employees safely transitioned to remote operation, the company introduced rigours to maintain and further improve productivity. Manish reported, “Through daily active management, collaboration and transparency through better reporting, we saw a Jolera community bond even closer together and a total rise in productivity.
As government-mandated restrictions began to ease around the world, businesses once again were challenged to transition their operations and safely re-open their doors. Before building any plan to re-open, Manish’s main objective was to create a sense of normalcy for workers in the physical office. With this goal in mind, Manish teamed up with Jolera’s Pandemic Response Team to build and execute a re-opening plan.
“We kept it somewhat simple. If you look at the government of Ontario’s plan, there are multiple phases, and we just distilled it down to two phases. In Phase 1, we begin operating our offices with a limited number of staff per location. This was to test physical distancing and safe practices at work. We did not put a number or target into play, simply because it was an elective approach where employees chose to be part of that phase and wanted to join back in the office. Phase 2 is going to be about returning to a sense of normal in alignment with guidance from our government.”
– Manish Govindaraj
It was essential, to Manish, to source information from reliable government agencies when making decisions about opening the various offices across the globe. “Because we are so spread out and geographically dispersed, we had to factor in the diverse needs that existed based on where we were located geographically. The reality in Porto, Portugal, is very different from that of Toronto, Calgary or even Winnipeg.”
In addition to geographical diversities, local considerations unique to each building or operating site also had to be considered. Manish identified challenges associated with each operating site; “We needed to coordinate with building security and building management to ensure that our people could come in and start working.” Although prerequisites such as PPE, cleaning equipment and sanitization requirements were identified to ensure the offices were equipped to operate safely, individual employee considerations also needed to be accounted for.
“We made the decision not to include people who relied on public transit during Phase 1. Instead, we chose a subset of employees who would drive into work to limit their exposure to the public.”
– Manish Govindaraj
Taking all of these factors into account, Manish identified, “the most important thing was to start building confidence among our people that we’ve taken the right actions in order to re-open our offices in a limited capacity.” Open communication and reviewing the plan with department leaders gave staff a full debrief of all the considerations that had been factored into building an executable return to work plan. Physical distancing and other new behaviours at the office have since been adopted to ensure that people are kept safe.
“When COVID-19 started surfacing as a distant threat, there was a lot of media hype about what it was, what it could be and where things could be heading. The narrative was morphing every day. As a leadership team, we agreed that we would look to government agencies and sources from within the governments of where our offices are located to guide our decisions and actions. We’ve been monitoring all of those sources for direction on what we needed to do relative to every point in time throughout this crisis. Whether it was before we invoked our BCP and Pandemic Plan or as we continue to monitor our evolving coordinated return to work plan, one size does not fit all – we had to tailor our plans according to the information that we were getting from the different government agencies.”
– Manish Govindaraj
Manish credits Jolera’s readiness and resilience to the immensely talented and committed people within the organization.
“We had the comfort level going in [to remote operation] that our people can perform well remotely. We have a great team, and we have the right oversight and collaboration mechanisms in play. The team came together; they just fell right into the groove and delivered on their mandate. Overall, we are delivering on all the things that we need to deliver on, keeping both our customers and our teams satisfied.”
John Dathan, the senior vice president and general manager of Insight Canada, admitted that as the COVID-19 outbreak was occurring in China, he didn’t fathom at the time it would lead to a global lockdown and the rise of the remote worker. But as he and his team began to deal with this unique challenge, Dathan switched gears in their approach to the marketplace.
Dathan has been involved in the IT industry for over three decades, most recently as the vice president and general manager for Hewlett Packard Enterprise, Canada. He used this invaluable experience to guide his team at Insight Canada to serve customers as opposed to selling to them. Dathan got to work quickly to build a communication and marketing plan that would embrace Serve over Sell.
“Leaders have to be calm and collected to deliver the right intent. In my message to the team, I talked about Insight values of hunger, heart, harmony and of how. The operation has not changed, but we needed to go back to simple values. If you have that in place, people will make the right decisions. ‘Serve not Sell’ then becomes another layer to your value system,” he said. And, that is precisely what the Insight Canada team has done.
Recently, the Insight Canada team deployed an app for all teammates that remotely connects them to nurses and doctors. It has already paid some key dividends as the app was able to connect concerned parents of a newborn who was suddenly feeling sick to consult with the right doctor and nurse via open video chat. They were able to resolve the issue instead of risking the child going to the Emergency Room. The nurse then followed up with the parents the next day. This app provided peace of mind to the parents of this child, Dathan said.
The COVID-19 lockdown has led to many things, Dathan added. For one, he has spent more time in one place then he is ever had in his 30-year career. His desire to help the business community has gone to a new level, and he believes that the only way for the economy to rebound from this massive hit is by working together.
“To me, it’s interesting when people start to talk about ‘back to normal,’ and you need to put air-quotes when you say that. This is the new normal. Or it is going to become the new normal. People have been working from home for about 60 to 70 days now. The way video (conferencing) has played a role is fascinating. You can undoubtedly work wherever you are. The adoption of video in the last couple of months is the new norm. It has become truly collaborative with team huddles, social events and the ability to connect with people on a regular basis,” he said. He anticipates that traditional work hours of 9 to 5 or 8 to 4 will make way to a single stream of activity. “It’s going to be hard for someone to say ‘its 5 P.M.; I’m done for the day.'” On the flip say it will also be OK to inform co-workers and whomever you report to that you will not be available between 10 A.M. to 2 P.M., for example. Dathan believes there will be trust between staff and management and that companies will empower people to embrace this new working philosophy. “People are going to become comfortable with this, and there will be no more need to apologize because you have to take your kid to a pre-school ceremony,” Dathan added.
The COVID-19 pandemic has been challenging for Dathan, but he would not say it the biggest challenge he has faced during his career. That would be the decline of Nortel. “I found that to be personally harder. In many ways, this feels to be a positive (from an Insight Canada perspective as no one has contracted the virus in Canada.) This has been more of a rally with the team to work together to deal with issues and solve problems. To serve our clients while protecting our teammates. I would describe this as more complex, but not as more difficult.”
If you think the current COVID-19 pandemic is a dire one for business and society, then you should walk a mile in Rola Dagher’s shoes. Dagher, the President of Cisco Canada, grew up in Lebanon and routinely dealt with life in a bomb shelter because of the 15-year civil war in that country.
Her perceptions of the current state of business under COVID-19 is that technology has never played a more critical role as the Internet and networks are keeping people connected, productive and secure. Technology has turned what could have been a dire situation into a watershed moment in how we work and what this means for Canadians.
“There is a silver lining here. While the world has paused, we can work from home, and we are truly blessed to have what we have. At Cisco, we were lucky enough to have the technology in place for remote work, which made our transition to remote work pretty seamless. It allowed us to focus on helping our employees, customers, partners and communities,” said Dagher. “We’re donating networking equipment to help hospitals, senior’s homes and other organizations in need manage through the pandemic. We also have free offers on our WebEx and Cisco security products to help business continuity.”
Next month will mark Dagher’s third year at the helm of Cisco Canada. And, while she has orchestrated many successful moves under her direction, the COVID-19 pandemic has brought about a unique challenge.
And Cisco has tried to meet this challenge head-on by donating more than $225 million in products and services worldwide. This corporate-led endeavour also includes a significant cash outlay on top of the products and services. Additionally, Cisco has encouraged all of its employees to give back to their local communities through Cisco’s matching contribution program or by virtually volunteering their time with Cisco’s community partners.
In Canada, Cisco has provided extended financing options for partners, provided a regular “Ask The Experts” webinars and offered flexible payment terms for small and commercial businesses. They also are ensuring Cisco Canada’s field personnel are protected at all times for any onsite work in cases where they are unable to do the service remotely.
Dagher points to Cisco’s leadership in remote work technology on its WebEx platform to enable people to not just work from home, but any other place too.
During the COVID-19 lockdown, WebEx handled 4.2 million meetings just one day alone. This is more than twice the average on a peak day before the pandemic. Cisco also hosted more than 20 billion meeting minutes in April. That’s up from March’s 14 billion minutes, which was also more than double the number from February. Dagher added that this does not include the many one-on-one WebEx sessions, just group meetings. In March, WebEx registered a record 324 million attendees, with usage more than doubling in the Americas. For comparison, WebEx meetings had 153 million attendees worldwide in January. “We believe at Cisco that work is something you do, not a place you go,” she said.
For Dagher, she wants to put some of her focus on the mental health aspect of COVID-19. “COVID-19 is a big, if not huge, wake up call for every single organization. This is a crisis, and it’s going to be about how you respond and recover,” she said. Her advice to customers and partners in Canada is to ensure employees are all safe, prioritizing their health, and that doesn’t just mean physically but mentally as well. From there, think about the technology solutions required to keep everyone connected safely and securely. “I also urge people to be patient and empathize because sometimes the technology will have glitches here and there. People can get frustrated, and they need to take a deep breath and support them,” she added. “This is the new norm. What we have been doing since mid-March will continue long after. This is a reality check for leaders in all organizations on the way we work today,” she said.
Dagher added that there will be a lot of thought put into if it’s worth a person’s time to commute to work each and every day. Or if operations can be run remotely and what would be the cost/benefit scenarios of a remote business model. Leaders will take a hard look at real estate costs, especially if they are situated in downtown areas of the country. And, finally, leaders will start to measure productivity levels for people who work at home.
“In times of crisis, I believe it brings out the best in humanity. I’ve always led with my heart, my mind and my soul. Today more than ever, we need to rise to the challenge of a lifetime. I lived a difficult life in the beginning, and it toughened me to be the servant leader I am today. I try to empower and inspire people and give them a strong sense of purpose. I encourage people to take care of their mental health. We all need our people to be strong and safe, especially in these types of situations,” said Dagher.
Many businesses have transitioned to a new operating model and are beginning to accept this new normal. With all the challenges facing our world today, one can assume that things will be different for a while. Organizations have begun to mobilize their workforce, and remote-work capabilities are becoming more flexible. Gone are the days when workers were tethered to a dedicated desktop and seated closely amongst their peers.
What does this mean for the security of organizations?
With an increased number of employees working off mobile devices such as laptops, tablets and mobile phones, users will often connect to unsecured networks to access work files. Without proper management of mobile devices, users are vulnerable to malicious attacks, and threat actors are ready to take advantage of this situation.
Here are three ways to help protect your remote workers and secure your organization’s data
1. Device Level Encryption
For many years, encryption has been a standard practice to help protect sensitive data from prying eyes. However, not all devices have device-level encryption settings turned on as a default. If you are an organization that is beholden to compliance, encryption helps to meet those requirements. With added endpoint security, you will have device management, centralized deployment, policy administration, and audit reporting capabilities for all devices associated with your network. This means that if a remote worker’s device becomes compromised, your company’s sensitive data will remain safe, and the infection will be isolated from the rest of your corporate network.
2. Managed Security
Security applications and devices, such as firewalls and Virtual Private Networks (VPNs), are an integral part of any layered security environment. Although these systems generally prevent unauthorized access to and from your network, the virtual alerts and threat identification that they provide usually remain unmonitored. To be effective, remote workers need to have confidence in their data protection systems when signing into their respective networks. Having 24/7 managed security affords your organization a more vigorous defence against potential threat actors. With Jolera’s layered managed security approach, your organization will have real-time alerting on threats filtered through our Security Information Event Management (SIEM) system. In addition to automated protection, live agents will analyze and remediate these threats through our Network Operations Centre (NOC) and Security Operations Centre (SOC).
3. Mobile Device Management
Mobile device management (MDM) enables organizations to ensure its remote workers’ data is always protected. The great thing about MDM is that it can integrate with services such as Office 365 and the Active Directory to control who has access and what they have access to within your network. MDM solutions also provide the ability to set rules and configure settings on personal devices to allow users to securely access company data and networks. MDM can deploy and authenticate apps on devices, both on-premises and remotely.
When deployed properly, MDM can increase the security of devices tenfold by pushing certificates to devices that are in the field, while preparing reports on these users and their devices for compliance purposes. It can also remotely wipe the device if it’s found that the device has been lost or stolen or deemed not in use by the organization.
Each of these security layers can help to protect sensitive data from breaches and threat actors. Managing a remote IT environment means that organizations require a 24/7/365 approach that includes monitoring, support, troubleshooting, maintenance, reporting and asset management for all end-user devices. The need for remote support and network security has become an essential part of business operations.
Customers of one of the largest domain name registrar company – GoDaddy – are being warned about an attack that took place last October. An intruder gained access to users’ login information of their hosting account. The attack was only discovered last April 23. GoDaddy proceeded to reset the passwords for all the 28,000 users affected by the attack.
Your organization should enact a credential monitoring program to be alerted when important credentials leak onto the dark web. Services like Secure IT – User Defence continuously scans the dark web for credential leaks and also train end-users on best cybersecurity practices.
Toll Group, an Australian transportation company said its systems had been targeted by a new form of ransomware called Nefilim. The company that operates across 50 countries, detected unusual activity on some of its servers, which led to delays to customers. The hackers behind Nefilim gain access through vulnerable Remote Desktop Protocol (RDP) servers, like other types of ransomware, namely Nemty, Crysis and SamSam.
Attacks via Remote Desktop Protocol servers are widespread these days. In order to prevent them, organizations should enable 24/7 monitoring and remediation solutions. Services like Endpoint Protection and SIEM (Security Information & Event Management) help avoid or at least isolate these attacks from spreading.
Cisco WebEx Phishing
A series of phishing attacks are targeting Cisco WebEx users by using fake certificate error warnings. These phishing emails include graphics and formatting similar to communications sent by Cisco WebEx to users. Users are requested to click on a hyperlink to unlock their accounts and are then redirected to a phishing credential site.
Users should be cautious whenever clicking links suggesting they need to unlock their accounts. Services like Secure IT – Mail help scan the links within emails to detect if they are legitimate or not. If they are not legitimate, these tools will block users from even visiting the malicious website.
Phil Palmieri, the President of MicroAge Canada, has been involved in the IT industry since 1984. If you think back to 1984, the IT industry saw for the first-time flash memory, a chip that could store 1MB and, of course, the introduction of the Apple Macintosh computer. So, you can say Palmieri has seen a lot during his career in IT. But nothing can compare to what the IT marketplace is going through right now with COVID-19.
According to Palmieri, this is the most challenging time the industry has ever faced. MicroAge Canada, with some forethought in its business continuity planning program, is weathering the COVID-19 disruption well. The vast majority of his staff is working remotely except for a small crew in its Laval, Que., headquarters, which includes Palmieri.
“There are a couple of ways to look at this situation: you can hide under your desk and wait for it to pass or be proactive and look for opportunities and ways to help customers remotely,” he said.
MicroAge Canada chose to do the later and took an active approach in communicating with all their clients to see how they could keep them operational. While MicroAge Canada vigilantly worked to keep its clients going, the company was inundated with inquiries from customers and prospects on issues of security and remote access.
“Call volumes increased five times over normal, and some people were even panicking,” he said.
Palmieri’s team dealt with requests such as how to work remotely, how to work from home securely, how to get the most out of Office 365, how to use Teams for better collaboration and video calls, mobile device management, and back up and data recovery.
If there is any benefit that will come out of this historical time, it’s the value of managed services and IT solution providers. “Our value, as managed services providers, just went up as people start to realize how important we are to the business. Before, you would get the thought that IT was just another department. Not anymore. IT is what makes business roll, and I’m proud of the systems, solutions and processes we deliver. IT is no longer a requirement but a necessity. Without it, a business doesn’t work well,” Palmieri said.
During the COVID-19 lockdown, Palmieri and his team have received numerous messages and calls of thanks and appreciation from customers
Palmieri’s challenges go well beyond just dealing with customers. MicroAge Canada is a network of more than 35 independently owned and operated solution providers across Canada. So, Palmieri just doesn’t have to worry about the Laval operation but all of the other locations as well.
During this time, Palmieri has brought in weekly touchpoints with each location and their field teams. “The network is fine, and I’m very proud of all these people. They have been around a long time, and this group has invested in their businesses, and they know how to sustain themselves during tough times.”
Palmieri believes there is a good lesson to learn from all this. He hopes that after society gets a handle on the COVID-19 pandemic and everything gets back to a newer normal, everyone will see the value in IT providers and not take them for granted. “This community is not a nice to have; it’s an essential service and a must for business.”
You can learn more about MicroAge Canada on their website MicroAge.ca
A vulnerability has been identified in Microsoft Teams that involved a simple GIF image. For the attack to work, the victim had only to view the malicious GIF, which illustrated Donald Duck character sweeping a row of Mickey Mouse toys. The attackers were then able to steal data from specific systems and have access into the company’s Teams accounts.
Microsoft has already corrected this vulnerability by updating misconfigured DNS records, thus mitigating the problem.
A new spyware campaign has been identified and has been ongoing for 4 years. Named PhantomLance by Kaspersky, this spyware is distributed by dozens of Android apps available on Google Play (in addition to other points of sale). The attack implements high levels of encryption, in addition to being able to download and execute additional malicious payloads that would be suited to the specific environment of the device.
Kaspersky reported his findings to Google that has since removed the malicious apps from the Play Store.
Critical Adobe Illustrator, Bridge and Magento Flaws
Critical flaws were detected in several Adobe tools, namely Illustrator, Bridge and Magento. These critical flaws include a stack-based buffer overflow flaw (CVE-2020-9555), heap overflow bugs (CVE-2020-9562, CVE-2020-9563), memory corruption glitch (CVE-2020-9568) and use-after-free vulnerabilities (CVE-2020-9566, CVE-2020-9567). Also included are critical out-of-bounds write flaws (CVE-2020-9554, CVE-2020-9556, CVE-2020-9559, CVE-2020-9560, CVE-2020-9561, CVE-2020-9564, CVE-2020-9565, CVE-2020-9569). All of these could be exploited remotely by an attacker, allowing arbitrary code execution.