threat updates
NORTH AMERICA
The National Security Agency in America has
revealed that Russian cyber actors, known as
the Sandworm team, from the GRU Main Center
for Special Technologies, have been exploiting a
vulnerability in Exim Mail Transfer Agent software
since at least August 2019.
Sandworm could then add privileged users or disable
network security settings, among other things.
Yana Blachman, Threat Intelligence Specialist,
Venafi, said: “A new wave of Sandworm attacks is
deeply concerning. Highly sophisticated APT groups
can use SSH capabilities to maintain undetected
remote access to critical systems and data, allowing
attackers to do nearly anything from circumventing
security controls, injecting fraudulent data, subverting
encryption software and installing further payload.”
NORTH AMERICA
The National Railroad Passenger Corporation
(Amtrak) in Vermont has disclosed a data breach
that may have resulted in the compromise of
customer personally identifiable information (PII).
In a letter to the Attorney General’s Office of
Vermont, the rail service said that an unknown third
party managed to fraudulently access Amtrak Guest
Rewards accounts.
Sam Curry, Chief Security Officer at Cybereason,
said: “Amtrak is undoubtedly suffering in the
current COVID-19 pandemic from a near halt of
business and personal travel across the US and
this particular breach, while extremely painful for
the company and its impacted customers, will
strengthen Amtrak’s resolve and help it improve its
security defences.”
24 Issue 26 | www.intelligentciso.com