November 2020

CVE-2020-8351

A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.
Source: NIST
CVE-2020-8351

CVE-2020-6317

In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions – 15.7, 16.0.
Source: NIST
CVE-2020-6317

CVE-2020-29394

A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon 2.8.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in a format argument).
Source: NIST
CVE-2020-29394

Denmark News Agency Refuses to Pay Hacker's Ransom

Denmark News Agency Refuses to Pay Hacker’s Ransom

Denmark’s largest news agency has refused to pay a ransom to cyber-criminals who attacked its computer system with ransomware. 



Wire service Ritzau was knocked offline following an attack that occurred early last week. The incident infected roughly a quarter of the agency’s 100 servers with malware, causing editorial systems to be shut down.



Copenhagen-based Ritzau, which has been providing the Danish media, organizations, and companies with text and images since 1866, said it had been forced to transfer its emergency distribution to clients to six live blogs “which provide a better overview.”



CEO of Ritzau, Lars Vesterloekke, revealed that the agency had no clear idea of how much the attackers were demanding in return for the restoration of Ritzau’s encrypted files. Vesterloekke said that the agency had been instructed by its advisers not to open “a file with a message” left behind by whoever was responsible for the “professional attack.”



The news agency said that it was “hit by a serious hacker attack on Tuesday.” The attack’s instigators are yet to be identified.



An external computer forensics company has been hired by Ritzau to assist the company’s own IT department with recovering from the disruption caused by the attack. 



“Ritzau’s web service with distribution of news to media customers is now up and online again,” the news agency said in a statement published on its restored website. “The web service is in its first version without images and other associated formats.”



The news service said that it is still working toward a full technical recovery and added that its news app is not yet back up and running. 



“As soon as there is a known time horizon for when the news app will be up again, we will announce it,” said Ritzau.



“All resources are still being put into getting the systems back in operation, and we very much regret the inconvenience that the hacker attack has caused our customers due to lack of distribution and deliveries.”



Throughout its long history, the Danish news service has been quick to embrace new technology, including the telephone that came to Copenhagen in 1881, the cable remote printer that came to Denmark in the 1930s, and the internet, which took the country by storm in the late 1990s. 


Source: Infosecurity
Denmark News Agency Refuses to Pay Hacker’s Ransom

Ransomware Attack on Baltimore County Schools

Ransomware Attack on Baltimore County Schools

A ransomware attack orchestrated two days before Thanksgiving has forced the Baltimore County Public School System to be shut down.



Online classes for 115,000 students were disrupted as a result of what school officials are calling a “catastrophic attack on our technology system.”



While specific details of the attack have not yet been shared, The Baltimore Sun reports that the school board meeting video stream dropped out suddenly toward the end of Tuesday night. 



Teachers entering grades into the school system’s computer system said on social media that they began experiencing technical difficulties at around 11:30 pm Tuesday.



The district’s website, email system, and grading system have all been impacted by the incident. It is not yet clear whether any student data was exposed to unauthorized third parties.



School officials said on social media that files that were encrypted in the incident have a .ryuk extension, suggesting that Ryuk ransomware has been used by the attackers. This suggestion has not been confirmed by authorities or local officials. 



Officials kept their comments on the incident to a minimum, confirming that an attack took place, that an investigation has been launched into it, and that the school system is working with state and federal law enforcement and the Maryland Emergency Management Agency.



Baltimore County Police Chief Melissa Hyatt told the Baltimore Sun simply that “we are in the preliminary steps of that investigation.”



Schools in the county were closed for students today and will remain so tomorrow. However, school offices are being kept open to help staff find a way to keep teaching students whose education has already been fundamentally altered by the outbreak of COVID-19.



In a tweet, the school system said that keeping offices open will provide “much-needed time for our staff to continue working to set up the instructional platform and to communicate next steps regarding devices.”



Superintendent Darryl L. Williams was unable to confirm when online classes will be able to resume.



The incident follows a number of ransomware attacks on school systems in the United States, including a September attack on the Fairfax County Public School System in Virginia. 


Source: Infosecurity
Ransomware Attack on Baltimore County Schools