Threatpost

25 September 2020

• Feds Hit with Successful Cyberattack, Data Stolen
  The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit.
• Cisco Patch-Palooza Tackles 29 High-Severity Bugs
  Patches and workaround fixes address flaws on networking hardware running Cisco IOS XE software.
• Free Apple iPhone 12? Chatbot Scam Spreads Via Texts
  Convincing SMS messages tell victims that they've been selected for a pre-release trial for the soon-to-be-launched device.
• Alien Android Banking Trojan Sidesteps 2FA
  A new 'fork' of the Cerberus banking trojan, called Alien, targets victims' credentials from more than 200 mobile apps, including Bank of America and Microsoft Outlook.
• Zerologon Patches Roll Out Beyond Microsoft
  A Samba patch and a micropatch for end-of-life servers have debuted in the face of the critical vulnerability.
• Gamer Credentials Now a Booming, Juicy Target for Hackers
  Credential abuse drives illicit market for in-game rare skins, special weapons and unique tools.
• Critical Industrial Flaws Pose Patching Headache For Manufacturers
  When it comes to patching critical flaws, industrial firms face various challenges - with some needing to shut down entire factories in order to apply updates.
• CISA: LokiBot Stealer Storms Into a Resurgence
  The trojan has seen a big spike in activity since August, the Feds are warning.
• OldGremlin Ransomware Group Bedevils Russian Orgs
  The cybercriminal group has plagued firms with ransomware, sent via spear phishing emails with COVID-19 lures, since March.
• Google Chrome Bugs Open Browsers to Attack
  Google's new release of Chrome 85.0.4183.121 for Windows, Mac, and Linux fixes 10 security flaws.