GlobalSign Blog

The GlobalSign Cybersecurity News Round-Up: Week of November 2, 2020

The GlobalSign Cybersecurity News Round-Up: Week of November 2, 2020

Thanks for taking the time to stop by our blog! 

Popular development platform GitHub was in the news quite a bit this week. First, researchers at Google’s Project Zero announced the discovery of a “high-severity vulnerability” within GitHub. The researchers say the vulnerability could allow attackers to remotely execute code on affected systems. Uncovered in a source code review, the vulnerability could impact GitHub Actions’ workflow commands which are used to provide a communication channel between executed actions and the Action Runner. 

Then, GitHub’s home page malfunctioned, likely due to an expired SSL certificate. The problem was revealed when GitHub users reported being unable to access various resources, since because the SSL certificate issued to GitHub’s content delivery network (CDN) was only valid until November 2, 2020, 7:00 AM ET. While it was technically a “mixed content problem” because while the main GitHub server did have a valid certificate, but anything accessed from the separate CDN server, including images and JavaScript files, could not be loaded. Yet another reminder for people to better manage their certificates

In other news, well-known U.S. toymaker Mattel revealed it was struck by ransomware in July. The attack crippled some business functions, but the company says it recovered from the attack after a forensic investigation found no evidence that any sensitive business data or retail customer, supplier, consumer or employee data had been stolen. The incident took place on July 28, according to a 10-Q quarterly form the company filed with the US Securities Exchange Commission. 

Also making headlines this week is International hotel operator Marriott International. It’s been fined £18.4m ($23.8 million) by the UK Information Commissioner’s Office (ICO) for failing to protect the personal data of millions of customers. A four-year data breach beginning in 2014 on Starwood Hotels and Resorts Worldwide, Inc., continuing through 2016 when Marriott acquired Starwood and then through 2018 when it was finally discovered. The breach exposed the personal data for approximately 339 million customers worldwide. While the sum is high it could have been worse. Marriott originally faced a £99.2 fine ($128.2 million). Fortunately the ICO had a change of heart. 

There’s plenty more stories to review in this week’s blog post. We’ll see you back here next Friday!

Top Security News

TechRadar (November 4, 2020) GitHub home page down after apparent SSL fail 

"GitHub’s home page malfunctioned earlier this week, with reports indicating that an expired SSL certificate was to blame.

GitHub users reported being unable to access various resources, apparently because the SSL certificate issued to GitHub’s content delivery network (CDN) was only valid until November 2, 2020, 7:00 AM ET.

Technically, the issue is termed a 'mixed content problem' because the main GitHub server did have a valid certificate, meaning that some aspects of the site, such as text-based content, continued to function properly. However, anything accessed from the separate CDN server, including images and JavaScript files, could not be loaded."

READ MORE 

ZDNet (November 4, 2020) Toy maker Mattel discloses ransomware attack

"US toymaker Mattel revealed today that it suffered a ransomware attack that crippled some business functions, but the company says it recovered from the attack with no significant financial losses.

The incident took place on July 28, according to a 10-Q quarterly form the company filed with the US Securities Exchange Commission earlier today.

Mattel said that the ransomware attack was initially successful and resulted in the successful encryption of some of its systems."

READ MORE 

Bleeping Computer (November 3, 2020) Blackbaud sued in 23 class action lawsuits after ransomware attack

"Leading cloud software provider Blackbaud has been sued in 23 proposed consumer class action cases in the U.S. and Canada related to the ransomware attack that the company suffered in May 2020.

Blackbaud has operations in countries around the world including the United States, the United Kingdom, Australia, and Canada.

The ransomware attack directly responsible for the software provider being sued was disclosed by the company on July 16, 2020."

READ MORE 

HelpNetSecurity (November 3, 2020) Ryuk ransomware behind one third of all ransomware attacks in 2020

"There’s a growing use of ransomware, encrypted threats and attacks among cybercriminals leveraging non-standard ports, while overall malware volume declined for the third consecutive quarter, SonicWall reveals.

'For most of us, 2020 has been the year where we’ve seen economies almost stop, morning commutes end and traditional offices disappear,' said Bill Conner, President and CEO, SonicWall.

'However, the overnight emergence of remote workforces and virtual offices has given cybercriminals new and attractive vectors to exploit. These findings show their relentless pursuit to obtain what is not rightfully theirs for monetary gain, economic dominance and global recognition.'"

READ MORE 

ZDNet (November 2, 2020) Marriott fined £18.4 million by UK watchdog over customer data breach

"The Information Commissioner's Office (ICO) has fined Marriott £18.4 million over a 2014 data breach, heavily reducing the penalty originally planned due to COVID-19 disruption.

The Marriot hotel group was subject to a 2014 data breach impacting the Starwood resort chain, acquired by Marriott in 2015.

At the time, threat actors were able to infiltrate Starwood systems and execute malware via a web shell, including remote access tools and credential harvesting software."

READ MORE 

ZDNet (October 31, 2020) Chrome will soon have its own dedicated certificate root store

"Google has announced plans to run its own certificate root program/store for Chrome, in a major architectural shift for the company's web browser program.

A 'root program' or a 'root store' is a list of root certificates that operating systems and applications use to verify the identity of a software program during its installation routine.

Browsers like Chrome use root stores to check the validity of an HTTPS connection.
They do this by looking at the website's TLS certificate and checking if the root certificate that was used to generate the TLS cert is included in the local root program/store."

READ MORE 

Other Industry News 

Chesapeake Regional Healthcare data breach exposes 23,000 individuals’ sensitive information

Hospitals take action to avoid ransomware attacks, including pre-emptive email shut down

Ransomware vs WFH: How remote working is making cyberattacks easier to pull off

Google researchers disclose high-severity vulnerability affecting GitHub

Furniture Giant Steelcase Hit by Suspected Ransomware Attack

Covid-related cybercrime drives attacks on UK to record number

Four years since the Mirai-Dyn attack… is the Internet safer?

Book excerpt: Get greater protection with IoT security advances in authentication

Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.
 

Share this Post