GlobalSign Blog

The GlobalSign Cybersecurity News Round-Up: Week of September 14, 2020

The GlobalSign Cybersecurity News Round-Up: Week of September 14, 2020

Welcome back to GlobalSign’s weekly news round-up.

It’s been another active week in cybersecurity land. 

The week began with the news that Nvidia agreed to acquired Arm from Softbank for $40 billion. If completed, the purchase will be the largest semiconductor deal of all time by dollar value. This is an important acquisition since Arm-designed chips are at the core most smartphones and in countless other devices. File this under: Why did I sell my Nvidia stock a few years ago???? (Insert very sad face.) 

In addition, it was revealed that around 2000 e-commerce stores running the popular Magento software were attacked last weekend. It may be the largest recorded campaign of its kind. Sansec’s Threat Research Team warned that the 1904 Magecart attacks it detected targeted e-stores running the now out-of-date Magento version 1. A total of 10 stores were infected on Friday, followed by 1058 on Saturday, 603 on Sunday and 233 on Monday. The security firm estimates that tens of thousands of customers unwittingly had their payment details stolen by the attackers. 

We also learned early in the week that office superstore Staples reported that some customers had been impacted by a data breach. According to Bleeping Computer, the event occurred earlier this month and that Staples alerted affected customers individually via email.

Also this week, The Smithsonian confirmed it was a victim of a ransomware attack back in May. Unfortunately, donor information was stolen. Blackbaud, a third-party vendor that provides fundraising and donor engagement software for the Smithsonian's ventures, notified the museum of the attack in July. It also appears that The Smithsonian was not the only organization impacted by the breach.
In a truly disturbing turn of events, Dusseldorf University hospital in Germany was hit by a ransomware attack which forced them to recommend patients seek alternative care. Unfortunately, one patient forced to go to a more distant hospital passed away. It seems the attackers did not realize they attacked a hospital and when contacted by police, they offered a decryption key. But it was too late for the patient.

In other less upsetting news, the U.S. House of Representatives passed the ‘IoT Cybersecurity Improvement Act’, setting minimum security standards for IoT devices connected to federal networks. The bi-partisan bill would require the National Institute of Standards and Technology to set best practices for device security. The Office of Management and Budget would then create guidance for agencies to meet or exceed those standards. The bill would also require the Department of Homeland Security to publish guidance on coordinated vulnerability disclosures for contractors and vendors.

That wraps up another week. For a deeper look at all the week’s stories, check out all the articles included in our round-up. Have a great weekend! 

Top Global Security News 

Bleeping Computer (September 17, 2020) Ransomware attack at German hospital leads to death of patient 

"A person in a life-threatening condition passed away after being forced to go to a more distant hospital due to a ransomware attack.

On September 10th, the Duesseldorf University hospital in Germany suffered a ransomware attack after threat actors exploited a software vulnerability in "a commercial add-on software that is common in the market and used worldwide."
With their IT systems disrupted, the hospital announced that planned and outpatient treatments and emergency care could not occur at the hospital."

READ MORE 

WUSA (September 15, 2020) Smithsonian ransomware attack steals information of museum donors

"The Smithsonian confirmed that its technology system was hacked by a ransomware attack in May 2020, and information of donors to the museum institution was stolen.
Blackbaud, a third-party vendor that provides fundraising and donor engagement software for the Smithsonian's ventures, notified the museum institution of the attack in July. The Smithsonian was not the only organization impacted, with others seeing the same breach that it had, according to Smithsonian officials."

READ MORE 

Federal News Network (September 15, 2020) House passes bipartisan IoT security bill to fix ‘glaring gap’ in cyber infrastructure

"A bipartisan bill setting minimum security standards for Internet of Things devices connected to federal networks passed the House Monday. The bill now awaits a Senate floor vote before heading to the president’s desk.

The IoT Cybersecurity Improvement Act would require the National Institute of Standards and Technology to set best practices for device security. The Office of Management and Budget would then create guidance for agencies to meet or exceed those standards.

The bill would also require the Department of Homeland Security to publish guidance on coordinated vulnerability disclosures for contractors and vendors."

READ MORE 

Infosecurity (September 15, 2020) Largest Ever Magecart Campaign Hits 2000 E-Stores

"Around 2000 e-commerce stores running the popular Magento software were attacked over the weekend, in the largest recorded campaign of its kind, according to researchers.

Sansec’s Threat Research Team warned that the 1904 Magecart attacks it detected targeted e-stores running the now out-of-date Magento version 1. A total of 10 stores were infected on Friday, followed by 1058 on Saturday, 603 on Sunday and 233 on Monday, it said.

The security firm estimates that tens of thousands of customers unwittingly had their payment details stolen over the weekend in the attacks."

READ MORE 

Bleeping Computer (September 14, 2020) Staples discloses data breach exposing customer info 

"Giant office retail company Staples informed some of its customers that data related to their orders has been accessed without authorization.

Few details are available at the moment. The company has not disclosed the incident publicly and alerted affected customers individually over email.

BleepingComputer learned that the event occurred earlier this month around September 2 and consisted of unauthorized access to a system belonging to Staples."

READ MORE 

Computing UK (September 14, 2020) Nvidia to buy Arm for $40 billion

"American graphics hardware giant Nvidia announced on Sunday that it has entered a definitive agreement with SoftBank Group Corp. (SBG) to acquire British chip and IP design company Arm in a $40 billion transaction.

As part of the deal, Nvidia will pay SBG $12 billion in cash and $21.5 billion in Nvidia common stock. Moreover, SBG may also receive up to $5 billion in cash or common stock under an earn-out construct, provided Arm achieves some specific financial performance targets.

Nvidia will also pay $1.5 billion in equity to Arm employees."

READ MORE 

Other Industry News

This security awareness training email is actually a phishing scam

What UK CISOs need to know about the California Consumer Privacy Act

National Guard Cybersecurity Units Ready to Protect Election

FERC, NERC Staff Outline Cyber Incident Response, Recovery Best Practices

As Ransomware Attacks Increase, The SEC Takes Notice

European babycare retailer Windeln.de flags data exposure incident

Ransomware: Huge rise in attacks this year as cyber criminals hunt bigger pay days

Surge in DDoS attacks targeting education and academic sector

Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.

Share this Post