CSTI
    industryThe Ransomware & AI Era (2020–2023) Daily Briefing

    Cybersecurity Briefing: Key Events from September 7, 2020

    Monday, September 7, 2020

    # Lead Story

    On September 7, 2020, Microsoft released patches for 129 vulnerabilities in its September Patch Tuesday update, addressing critical issues that could lead to remote code execution. Notably, CVE-2020-16875, a memory corruption vulnerability in Microsoft Exchange, has a CVSS score of 8.2, posing a serious risk if exploited via crafted emails. Other significant vulnerabilities include CVE-2020-0922, a critical exploit in Microsoft COM with a score of 7.9, and CVE-2020-0908, affecting the Windows Text Service Module, scoring 6.7. Organizations are urged to apply these updates promptly to mitigate risks associated with these vulnerabilities. HHS Cybersecurity Bulletin

    # Secondary Items

    1. Equifax Recovery: In a recent interview, Equifax's CISO, Jamil Farshchi, discussed the company's progress since its massive 2017 data breach. He highlighted enhancements in system monitoring, better communication with management, and a cultural shift prioritizing cybersecurity. This reflection underscores the ongoing challenges faced by organizations in recovering from significant breaches. Information Security Media Group

    2. RDoS Threats: The FBI issued advisories on the rise of Ransom Denial of Service (RDoS) attacks, warning businesses of threats to launch Distributed Denial of Service (DDoS) attacks unless a ransom is paid. This emerging tactic highlights the evolving nature of cyber threats, as attackers increasingly leverage DDoS as a means of extortion. Cyjax

    3. Data Breach at APA: The American Payroll Association (APA) reported a data breach resulting from a web skimmer on its website, potentially exposing customer information. This incident illustrates the persistent threat of web-based attacks and the ongoing need for robust security measures to protect sensitive data. ColorTokens

    # Analyst Perspective

    The events of September 7, 2020, underscore the critical importance of timely vulnerability management and the need for organizations to remain vigilant against evolving cyber threats. With Microsoft addressing significant vulnerabilities, the risk of exploitation remains high for unpatched systems. Additionally, the increase in RDoS threats and the APA breach serve as stark reminders that cybercriminals are continually adapting their tactics. Organizations must prioritize cybersecurity, fostering a culture of awareness and preparedness to navigate the complex threat landscape effectively.