Researches have noticed a surge in cryptojacking attacks on Washington State’s schools in recent months, plus Tasmanian casinos targeted by ransomware. That and more in this week’s Cyber News Rundown.
Exchange server vulnerabilities receive more patches
Microsoft has spent the last week creating patches for multiple Exchange Server vulnerabilities relating to malicious code remote execution and affecting all versions from 2013 to 2019. All four known vulnerabilities have not yet been exploited by malicious actors but are rated critical. They can be resolved by installing the latest April update. While Microsoft was able to identify these exploits internally, the remainder were reported by security researchers at the NSA.
Tasmanian casinos struck by ransomware
Half the casinos owned by the Federal Group on the island of Tasmania have been forced to close after suffering a ransomware attack earlier this month. Officials for the casino are still working to determine the initial attack vector and if any customer or employee information was taken. It is still unclear what the ransom demands may be, or if Federal Group is able to restore damaged or encrypted files.
Q Link Wireless user accounts left unsecured
Customers of Q Link Wireless recently noticed being able to access their My Mobile accounts with nothing more than a valid phone number. Once entered, users were able to pull up all account and contact information, which could be harmful if used maliciously. The app has used this type of authentication since December of last year and could be used to commit a significant amount of identity fraud.
Cryptojacking attacks surge on Washington state’s education networks
Researchers have identified a massive influx in cryptojacking attacks focusing on educational institutions in the past two months. These are meant to exploit network resources to mine cryptocurrency. It's believed that cryptomining software was installed through a malicious HTTPS injection that left an internet-connected backdoor to allow external communication and the transfer of mined cryptocurrencies to the threat actors.
Huawei devices susceptible to Joker malware attacks
Over half a million Huawei-branded Android devices have been infected by Joker malware disguised as several seemingly harmless apps. The apps themselves provide the listed service or functionality, but also contain code for connecting to a remote server and downloading additional capabilities. Malicious apps have been spotted in the Google Play store using Joker tactics since 2017 and remain in currently available apps.