Articles of interest from the week of November 9, 2020

Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities

This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access (T1133)1 or for external web services (T1190), and should be prioritized for immediate patching. (By National Security Agency) 

Cyberattack on UVM Health Network Impedes Chemotherapy Appointments

The University of Vermont (UVM) health network is scrambling to recover its systems after a cyberattack has halted chemotherapy, mammogram and screening appointments, and led to 300 staff being furloughed or reassigned. (By Lindsey O'Donnell, Threatpost)

Microsoft Urges Users to Stop Using Phone-Based Multi-Factor Authentication

Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys. (By Catalin Cimpanu, ZDNet) 

Ransomware Criminals Demand $11 Million From Video Game Giant Capcom

Capcom, the Japanese gaming giant behind the Street Fighter, Mega Man and Resident Evil franchises, has reported a major cybersecurity incident. The attackers have demanded an $11 million ransom payment. (By Lee Mathews, Forbes)

The Double-Edged Sword of Cybersecurity Insurance

Cybersecurity insurance is no longer a luxury. As attacks have accelerated — and become more costly — the idea of hedging against a breach has gone mainstream. The global cyber-insurance market now stands at $7.8 billion, but it's projected to reach $20.4 billion by 2025, according to an October 2020 report from ResearchAndMarkets. (By Samuel Greengard, Dark Reading)