Security News for 4Jun2020

Jun04
by Shahid Sharif on June 4, 2020 at 9:37 pm
Posted In: cyber security, cybersecurity, Privacy, Risk Management, Security
#security #cybersecurity #itsecurity #privacy #hangover #neon #viceroytiger #monsoon #backconfig #malware #nhs cycldek #goblinpanda #conimes #usbculprit #zloader #mazeransomware #bec #tycoon
Image by https://recordedfuture.com
  1. “Hangover Group is a cyberespionage group that was first observed in December 2013 carrying on a cyberattack against a telecom corporation in Norway. Cybersecurity firm Norman reported that the cyberattacks were emerging from India and the group sought and carried on attacks against targets of national interest, such as Pakistan and China. However, there have been indicators of Hangover activity in the U.S. and Europe. Mainly focusing on government, military, and civilian organizations. The Hangover Group’s initial vector of compromise is to carry out spear-phishing campaigns. The group uses local and topical news lures from the South Asia region to make their victims more prone to falling into their social engineering techniques, making them download and execute a weaponized Microsoft Office document. After the user executes the weaponized document, backdoor communication is established between BackConfig and the threat actors, allowing attackers to carry on espionage activity, potentially exfiltrating sensitive data from compromised systems.” https://unit42.paloaltonetworks.com/threat-assessment-hangover-threat-group/
  2. “All National Health Service (NHS) and social care organisations in the United Kingdom have always been and will always be a target for bad actors. The nature of their business and the sensitive data they hold make these entities appealing to bad actors who know that legacy systems, and/or, not regularly patched systems, such as those employed by healthcare organizations are easy to penetrate. Such attackers also figure that they can easily use disrupted IT assets within hospitals to get what they want.” https://www.tripwire.com/state-of-security/healthcare/nhs-uk-healthcare-orgs-boost-security-covid-19/
  3. “The deep web and the dark web are two distinctly different things. The dark web is merely dark because of its more limited accessibility; however the public misconception has led to the belief that the dark web is a realm for cybercrime. Still, cybersecurity is a huge issue for companies and individuals. Personal data such as name, address, email address, and phone number are on the Internet. Data breaches and hacking cost the global economy more than $400 billion of losses annually. Most cyberattacks happen through the dark web.” https://www.threathunting.se/2020/06/04/what-is-the-dark-web/
  4. “A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday. The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks, including previously unreported custom tools, tactics, and procedures in attacks against government agencies in Vietnam, Thailand, and Laos.”   https://thehackernews.com/2020/06/air-gap-malware-usbculprit.html
  5. “The app, created by Jaipur, India-based developer OneTouch AppLabs, purported to scan Android phones for any apps with links to China. It used market research to identify apps from a named list and would then offer users the chance to wipe them from the user’s phone. Demos found online showed it deleting TikTok, the popular messaging app owned by Chinese developer ByteDance, and UC Browser, developed by Alibaba-owned UCWeb. It also also reportedly deleted the app for the Zoom videoconferencing service, which the Munk School’s Citizen Lab revealed was sending encryption keys to Chinese servers.” https://nakedsecurity.sophos.com/2020/06/04/google-deletes-indian-app-that-deleted-chinese-apps/
  6. “The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. Then the attackers used the hijacked domain to launch spear-phishing attacks against some of its customers.” https://securityaffairs.co/wordpress/104272/hacking/hackers-hijacked-coincheck-domain.html
  7. “Cybercriminals are taking advantage of the massive uptick in unemployment across the U.S. in a recent spear-phishing campaign, which purports to be CVs sent from job-seekers – but actually spreads banking credential-stealing malware” https://threatpost.com/zloader-laced-emails-unemployed-victims/156222/
  8. Sky News reported on Wednesday that the contractor, Westech International, has confirmed that it’s been hacked and that its computers have been encrypted. It’s not yet clear if the extortionists managed to steal classified military information. Investigations to identify exactly what they got away with are still ongoing.  However, the attackers have already leaked files that suggest they had access to sensitive data – including payroll and emails – that they copied before they encrypted it, Sky News reports. They’re threatening to publish all of the files.”  https://nakedsecurity.sophos.com/2020/06/04/nuclear-missile-contractor-hacked-in-maze-ransomware-attack/
  9. “Google faces a $5 billion class-action lawsuit over claims that it has been collecting people’s browsing information without their knowledge even when using the incognito browsing mode that’s meant to keep their online activities private.” https://threatpost.com/google-faces-privacy-lawsuit-over-tracking-users-in-incognito-mode/156269/
  10. “An aggressive tool hitting a sizable number of popular web services and platforms is trying to brute force its way in with login combinations obtained from parsing metadata from the target.  The malware looks for various systems for managing content, databases, and file transfers as well as backup files and administrator login paths.” https://www.bleepingcomputer.com/news/security/bruteforce-malware-probes-login-for-popular-web-platforms/
  11. “A 64-year-old man has pleaded guilty in a Texan court to charges of money laundering after a series of attacks that defrauded companies out of hundreds of thousands of dollars.  Kenenty Hwan Kim (who sometimes went by the name Myung Kim) took advantage of a simple trick that has proven highly effective to fraudsters in recent years.  The method of tricking businesses into handing over large amounts of money is known as Business Email Compromise (BEC), and comes in a variety of flavours.” https://www.tripwire.com/state-of-security/featured/the-scammer-launder-business-email-compromise/
  12. “Recorded Future catalogued more than 200 publicly reported ransomware attacks against banking and financial institutions outside of the United States between April 2019 and April 2020. During the same period, there were just over 40 publicly reported ransomware attacks against financial institutions in the United States.” https://www.recordedfuture.com/finance-ransomware-attacks/
  13. Signal, the popular encrypted messaging app, will release a feature that enables users to blur faces in photos they share, Signal Foundation co-founder Moxie Marlinspike said Wednesday. The feature will be built into forthcoming versions of Signal for Android and iOS to automatically detect faces and obscure them. For faces that aren’t detected, the user can manually blur the image before sending” https://www.cyberscoop.com/george-floyd-protest-phone-security/
  14. “After researchers conducted forensic investigations at a European educational institution, they uncovered that attackers had gained access to the unnamed institution through an internet-connected remote desktop server, according to the Blackberry Research and Intelligence Team. The ransomware, which Blackberry has dubbed Tycoon, uses a little known Java image format to avoid detection and then encrypts file servers, locking administrators out unless they pay a ransom.” https://www.cyberscoop.com/tycoon-ransomware-java-blackberry-kpmg/
  15. “The traditional image of a successful email attack is that of a naive employee clicking the link in a crudely crafted spam email bent on phishing. But times have changed, and employees are much more security-educated than they used to be. So, today’s threat actors are creating increasingly sophisticated business email compromise (BEC) attacks that rely on social engineering and lack the common threat signals to trigger detection.” https://threatpost.com/understanding-payload-less-email-attacks/156299/
  16. “The Maze Ransomware operators are claiming to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network.  Conduent is a New Jersey, USA based business services firm with 67,000 employees and a 2019 business revenue of $4.47 billion.  Today, Maze Ransomware posted a new entry to their data leak site that states that they breached the network for Conduent in May 2020.” https://www.bleepingcomputer.com/news/security/business-services-giant-conduent-hit-by-maze-ransomware/
  17. “Chartered Professional Accountants of Canada (CPA) today disclosed that a cyberattack against the CPA Canada website allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders.” https://www.bleepingcomputer.com/news/security/cpa-canada-discloses-data-breach-affecting-329-000-individuals/
  18. “Chartered Professional Accountants of Canada (CPA) today disclosed that a cyberattack against the CPA Canada website allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders.” https://www.bleepingcomputer.com/news/security/cpa-canada-discloses-data-breach-affecting-329-000-individuals/

#security #cybersecurity #itsecurity #privacy #hangover #neon #viceroytiger #monsoon #backconfig #malware #nhs cycldek #goblinpanda #conimes #usbculprit #zloader #mazeransomware #bec #tycoon

└ Tags: , , , , , , , , , , , , , , , , ,
 Comment 

Cyber Security News for 3Jun2020

Jun03
by Shahid Sharif on June 3, 2020 at 6:37 pm
Posted In: cyber security, cybersecurity, Privacy, Risk Management, Security
#security #cybersecurity #itsecurity #privacy #ransomware #maze #dopplepaymer #mukashi #trickbot #nasa #spacex #threathunting #sap #youtube #firefox #rce #chromium #edge #sfers #wordpress #rivieramaya
Cyber Security News for 3Jun2020
  1. “Ransomware gangs are teaming up to extort victims through a shared data leak platform, and the exchange of tactics and intelligence.   In November 2019, the Maze Ransomware operators transformed ransomware attacks into data breaches after they released unencrypted data of a victim who refused to pay.  Soon after, they launched a dedicated “Maze News” site used to shame their unpaid victims by publicly releasing stolen data.” https://www.bleepingcomputer.com/news/security/ransomware-gangs-team-up-to-form-extortion-cartel/
  2. “DopplePaymer ransomware gang said it successfully breached the network of Digital Management Inc. (DMI), a Maryland-based company that provides managed IT and cyber-security services on demand.”  https://www.blackhatethicalhacking.com/news/ransomware-gang-says-it-breached-one-of-nasas-it-contractors/
  3. “Living in the cyber-based world of ours these days, no one can deny the effect of the internet and cyber world on our lives. Nearly 4.5 billion people out of 7.77 are considered active internet users nowadays and around 1.75 billion websites exist on the internet, providing a wide range of content and services. Besides all the great impacts of this web-based platform on our every-day life tough, the dangers and threats in the cyber world are great as well. Cyber-attacks by black hat hackers have risen to be one of the greatest threats to businesses and individuals” https://www.threathunting.se/2020/06/03/all-you-need-know-bug-bounty/
  4. “An increasing number of offers for stolen YouTube credentials has been noted recently on hacker and cybercrime forums, where access to accounts is sold in bulk.  Sellers advertise large lists of credentials that are verified for the availability of a YouTube channel and subscriber count.” https://www.bleepingcomputer.com/news/security/youtube-channel-credentials-in-high-demand-on-hacker-forums/
  5. “A new set of critical vulnerabilities uncovered in SAP’s Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios.  The six flaws, disclosed by cybersecurity firm Trustwave today, reside in Sybase Adaptive Server Enterprise (ASE), a relational database management software geared towards transaction-based applications.” https://thehackernews.com/2020/06/newly-patched-sap-ase-flaws-could-let.html
  6. “Mukashi is a variant of the Mirai malware family, which is known for targeting IoT devices. The original Mirai was described as a classic case of racketeering: the creators infected potential clients with Mirai and then would offer their services to remove the threat. The malware would scan IoT devices on a network for vulnerabilities and enslave the vulnerable devices (especially those that were still using their default factory credentials).” https://resources.infosecinstitute.com/mukashi-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/
  7. “Multiple vulnerabilities have been discovered in Mozilla Firefox, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the logged-on user.  Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.” https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-firefox-could-allow-for-remote-code-execution_2020-075/
  8. “The rate of mobile phishing rose sharply between the last quarter of 2019 and the first quarter of 2020, a boost most likely due to the increased number of people working from home due to COVID-19 stay-at-home orders, new research has found.  In fact, encounter rates for enterprise mobile phishing increased 37 percent between the last quarter of 2019 and the first quarter of 2020, from around 16 percent to 22 percent.” https://threatpost.com/enterprise-mobile-phishing-pandemic/156236/
  9. “Distributed denial-of-service attacks against advocacy organizations increased by 1,120% since a Minneapolis police officer killed George Floyd by kneeling on his neck, sparking demonstrations throughout the U.S.” https://www.cyberscoop.com/ddos-advocacy-groups-skyrocket-cloudflare/
  10. “Microsoft’s new Chromium-based Edge web browser is rolling out automatically via Windows Update to customers using Windows 10 1803 or later.  The new Chromium-based version of Microsoft Edge will be delivered as KB4559309 to all users and it will replace the legacy Edge browser on all Windows 10 2004, Windows 10 1909, Windows 10 1903, Windows 10 1809, and Windows 10 1803 devices.” https://www.bleepingcomputer.com/news/microsoft/new-microsoft-edge-rolling-out-to-windows-10-via-windows-update/
  11. “The San Francisco Employees’ Retirement System (SFERS) has suffered a data breach after an unauthorized person gained access to a database hosted in a test environment.  SFERS manages the benefits program for active and retired employees of San Francisco, California.  In a data breach notification filed today, SFERS stated that one of their vendors had set up a test environment that included a database containing the information for approximately 74,000 SFERS members.” https://www.bleepingcomputer.com/news/security/san-francisco-retirement-program-sfers-suffers-data-breach/
  12. “A new module for the infamous trojan known as TrickBot has been deployed: A stealthy backdoor that researchers call “BazarBackdoor.” The binary was first spotted being delivered as part of a phishing campaign that began in March, according to an analysis from Panda Security this week. The campaign used the legitimate marketing platform Sendgrid to reach targets in a mass-mailing fashion; however, the emails were well-crafted, with the operators making an effort to make the phishing links inside the emails look legitimate. The link addresses also corresponded to the emails’ lures, researchers said.” https://threatpost.com/trickbot-bazarbackdoor-malware-arsenal/156243/
  13. “Microsoft Office 365 customers are targeted by a phishing campaign using bait messages camouflaged as notifications sent by their organization to update the VPN configuration they use to access company assets while working from home.  The phishing emails impersonating VPN configuration update requests sent by their company’s IT support department have so far landed in the inboxes of up to 15,000 targets according to stats from researchers at email security company Abnormal Security.” https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-remote-workers-with-fake-vpn-configs/
  14. “Microsoft announced the security baseline draft release for Windows 10 and Windows Server, version 2004, and the intention to add new account password length security policies with the Windows 10 May 2020 Update.  The Windows 10 security baseline enables enterprise security admins to use Microsoft-recommended Group Policy Object (GPO) baselines to boost the overall security posture and reduce a Windows 10 device’s attack surface.” https://www.bleepingcomputer.com/news/microsoft/windows-10-version-2004-adds-new-account-password-policies/
  15. “Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting (XSS) vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials.  The attacks were aiming to download wp-config.php, a file critical to all WordPress installations. The file is located in the root of WordPress file directories and contains websites’ database credentials and connection information, in addition to authentication unique keys and salts. By downloading the sites’ configuration files, an attacker would gain access to the site’s database, where site content and credentials are stored, said researchers with Wordfence who spotted the attack.” https://threatpost.com/attackers-target-1m-wordpress-sites-to-harvest-database-credentials/156255/
  16. “The Cycldek APT group has added a previously unknown malware dubbed USBCulprit to its arsenal, aimed at reaching air-gapped devices.Cycldek (a.k.a. Goblin Panda, APT 27 and Conimes) has been targeting governments in Southeast Asia since 2013, according to analysis from Kaspersky, and has been steadily adding more sophisticated tools over time. In the case of USBCulprit, it has been deployed against targets in Vietnam, Thailand and Laos, according to the firm.” https://threatpost.com/info-stealer-air-gapped-devices-usb/156262/
  17. “The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stolen unencrypted data, and encrypted their computers.  UCSF is a research university located in San Francisco, California, and is entirely focused on health sciences.  According to the U.S. News & World Report’s college rankings, UCSF ranks #2 in medical schools for research and #6 in best medical schools for primary care.” https://www.bleepingcomputer.com/news/security/netwalker-ransomware-continues-assault-on-us-colleges-hits-ucsf/
  18. “An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2 billion and enjoyed the protection of top Mexican authorities.” https://krebsonsecurity.com/2020/06/romanian-skimmer-gang-in-mexico-outed-by-krebsonsecurity-stole-1-2-billion/

#security #cybersecurity #itsecurity #privacy #ransomware #maze #dopplepaymer #mukashi #trickbot #nasa #spacex #threathunting #sap #youtube #firefox #rce #chromium #edge #sfers #wordpress #rivieramaya

└ Tags: , , , , , , , , , , , , , , , , , , , ,
 Comment 

Cyber Security News for 2Jun2020

Jun02
by Shahid Sharif on June 2, 2020 at 6:49 pm
Posted In: Compliance, cyber security, cybersecurity, Privacy, Risk Management, Security
#security #cybersecurity #itsecurity #privacy #vmware #contacttracing #Sodinokibi #revil #unc0ver #sandworm #exim #booters #geoint #ipip #cisco #sectigo #comodo #pki
Image by https://tripwire.com
  1. “While it would be nice if cybersecurity could temporarily take a backseat while people and organizations figure out how to adapt to truly new working conditions, the reality is that you can’t do things like rapidly shift to working from home, dramatically increase ecommerce over brick-and-mortar sales, and massively scale the logistics of delivery without considering how all those changes are secured along the way. Cybersecurity is part of the pandemic response, plain and simple.” https://www.tripwire.com/state-of-security/featured/cybersecurity-integral-part-pandemic-response-plan/
  2. “Cybersecurity researchers today disclosed details for a new vulnerability in VMware’s Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure.  Tracked as CVE-2020-3956, the code injection flaw stems from an improper input handling that could be abused by an authenticated attacker to send malicious traffic to Cloud Director, leading to the execution of arbitrary code.  It’s rated 8.8 out of 10 on the CVSS v.3 vulnerability severity scale, making it a critical vulnerability.” https://thehackernews.com/2020/06/vmware-cloud-director-exploit.html
  3. “Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution” https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-arbitrary-code-execution_2020-073/
  4. “There are positive and negatives to both a centralised and decentralised model. But there is definitely an advantage of using an Operating System developed feature over a custom developed application. The marriage of software and hardware by Google and Apple means better performance, better battery life and resilience.  If a centralised model is required, then steps like NHS health authority have taken to ensure personal data is protected or not collected in the first place, must be a priority.” https://www.tripwire.com/state-of-security/healthcare/contact-tracing-ensure-user-privacy-security/
  5. “Two weeks later, Sodinokibi operators published 1,280 files allegedly stolen from the company on their leak site. The files contain passports of Elexon staff members and an apparent business insurance application form.   Even if the company did not reveal details on the attack, experts from security firm Bad Packets reported that Elexon had been running an outdated version of Pulse Secure VPN server, if confirmed threat actors could have exploited it to access the internal network.” https://securityaffairs.co/wordpress/104149/cyber-crime/sodinokibi-published-elexon-files.html
  6. “In the past, we have often heard of some strings or files that you can send to other users to cause their iPhone/iPad to reboot.  Now there’s a similar issue affecting some Android devices: a simple picture can soft-brick some Android phones if it’s set as the wallpaper.” https://www.andreafortuna.org/2020/06/02/beware-a-simple-wallpaper-image-can-brick-your-android-device/
  7. “Apple released security patches to address the CVE-2020-9859 zero-day vulnerability in the iOS kernel that had been used to jailbreak iPhones.  The flaw was discovered by a team of cyber-security researchers and hackers that also released a new jailbreak package dubbed Unc0ver (from the name of the team that devised it) that works on all recent iOS versions.” https://securityaffairs.co/wordpress/104168/hacking/apple-fixes-cve-2020-9859-jailbreak.html
  8. “Patching Exim mail servers is not going fast enough and members of the Russian hacker group Sandworm are actively exploiting three critical vulnerabilities that allow executing remote command or code remotely.  Close to a million Exim servers are currently exposed and vulnerable, although the number is gradually getting lower every day. Exim 4.93 is currently considered a safe release” https://www.bleepingcomputer.com/news/security/critical-exim-bugs-being-patched-but-many-servers-still-at-risk/
  9. “Booters are illegal DDoS-for-hire services used to overload websites with huge amounts of traffic, with gaming servers a favourite target (stressers are synonymous with much the same nefarious idea although in theory they also have legitimate uses such as helping sysadmins model the traffic capacity of their websites).” https://nakedsecurity.sophos.com/2020/06/02/crime-agency-turns-to-google-ads-to-deter-teen-ddos-hackers/
  10. “We live in a world in which threats are constantly growing and morphing. Geospatial intelligence (GEOINT) links events to geography through visual depictions and deep analysis. This empowers leaders to understand what is happening, where it’s happening, and why it’s happening — so they can take decisive action to protect citizens.” https://www.recordedfuture.com/geoint-artificial-intelligence/
  11. “Google Search is facing indexing issues on June 2, 2020 and the bug prevents users from discovering new content across the search engine.  According to several reports and our own testing, Google search is partially broken for users and the latest articles of websites such as BleepingComputer and CNN are not showing up in Search and Google News results.” https://www.bleepingcomputer.com/news/google/google-search-bug-prevents-new-content-from-being-indexed/
  12. “An unauthenticated attacker can route network traffic through a vulnerable device, which may lead to reflective DDoS, information leak and bypass of network access controls,” reads the advisory published by the CERT Coordination Center (CERT/CC). “An IP-in-IP device is considered to be vulnerable if it accepts IP-in-IP packets from any source to any destination without explicit configuration between the specified source and destination IP addresses. This unexpected Data Processing Error (CWE-19) by a vulnerable device can be abused to perform reflective DDoS and in certain scenarios used to bypass network access control lists.”  https://securityaffairs.co/wordpress/104192/security/ip-in-ip-flaw-cisco.html
  13. “A successful exploit could cause the affected device to unexpectedly decapsulate the IP-in-IP packet and forward the inner IP packet,” according to Cisco’s security advisory, published on Monday. “This may result in IP packets bypassing input ACLs configured on the affected device or other security boundaries defined elsewhere in the network.”  https://threatpost.com/cisco-dos-flaw-nexus-switches/156203/
  14. “There’s a bit of a kerfuffle in the web hosting community just at the moment over an expired web security certificate from a certificate authority called Sectigo, formerly Comodo Certificate Authority. Expired certificates are a problem because they cause the web server that relies on them to show up as “invalid” to any program that tries to do the right thing and verify the validity of the site it’s connecting to.” https://nakedsecurity.sophos.com/2020/06/02/the-mystery-of-the-expiring-sectigo-web-certificate/
  15. “?The operators of the REvil ransomware have launched a new auction site used to sell victim’s stolen data to the highest bidder.  REvil, otherwise known as Sodinokibi, is a ransomware operation that breaches corporate networks using exposed remote desktop services, spamexploits, and hacked Managed Service Providers.” https://www.bleepingcomputer.com/news/security/revil-ransomware-creates-ebay-like-auction-site-for-stolen-data/

#security #cybersecurity #itsecurity #privacy #vmware #contacttracing #Sodinokibi #revil #unc0ver #sandworm #exim #booters #geoint #ipip #cisco #sectigo #comodo #pki

└ Tags: , , , , , , , , , , , , , , , , ,
 Comment 

Cyber Security News for 1Jun2020

Jun01
by Shahid Sharif on June 1, 2020 at 6:56 pm
Posted In: Compliance, cyber security, cybersecurity, Privacy, Risk Management, Security
#security #cybersecurity #itsecurity #privacy #5g #apple #bugbounty #kingnull #danielshosting #darkweb #joomla #jrd #devsecops #csc #vmware #Nipissing #NFN #nist #iot #nistir8259a #microsoft #windows2004 #nest #google #nsa
Image by https://thehackernews.com
  1. “A totally connected world will also be especially susceptible to cyberattacks. Even before the introduction of 5G networks, hackers have breached the control center of a municipal dam system, stopped an Internet-connected car as it travelled down an interstate, and sabotaged home appliances. Ransomware, malware, crypto-jacking, identity theft, and data breaches have become so common that more Americans are afraid of cybercrime than they are of becoming a victim of violent crime.”  https://www.tripwire.com/state-of-security/security-data-protection/cybersecurity-implications-5g-technology/
  2. “At least until a bug bounty hunter in India found the bug, reported it to Apple, and received a $100,000 bug bounty.  Essentially, anyone could request a token for any email ID. Apple’s servers would then verify that token, so an attacker could gain access to any account you had linked to it.”  https://www.blackhatethicalhacking.com/news/hacker-finds-huge-apple-security-hole-apple-pays-100000-bug-bounty/
  3. “According to a cursory analysis of today’s data dump, the leaked data includes 3,671 email addresses, 7,205 account passwords, and 8,580 private keys for .onion (dark web) domains.” https://securityaffairs.co/wordpress/104109/deep-web/daniels-hosting-data-leak.html
  4. “The main goals and responsibilities of a SOC team are continuously monitoring security, detecting, analyzing, and responding to security incidents in the best way possible using processes and technology. The SOC team is also in charge of proactively investigating abnormal activity and correctly identifying and defending threats to maintain the safety of the infrastructure.  Other than specialized expertise, security analysts need to think outside the box when it comes to threat response and also learn progressively.” https://www.threathunting.se/2020/06/01/get-to-know-the-roles-of-soc-analyst-and-the-soc-team-threat-hunter/
  5. Facebook announced on Thursday that it’s going to be verifying the identity of some US profiles that pump out posts that reach a mass of people.” https://nakedsecurity.sophos.com/2020/06/01/facebook-to-verify-identities-on-accounts-that-churn-out-viral-posts/
  6. “JRD full site backups (unencrypted) were stored in a third-party company Amazon Web Services S3 bucket. The third-party company is owned by a former Team Leader, still Member of the JRD team at the time of the breach.” reads the data breach notification. “Known to the current Team Leader at the time of the breach. (https://volunteers.joomla.org/teams/resource-directory-team) Each backup copy included a full copy of the website, including all the data.”  https://securityaffairs.co/wordpress/104118/data-breach/joomla-data-breach.html
  7. “Amtrak looked into the matter and discovered that an unknown third party had gained unauthorized access to some Amtrak Guest Reward accounts. Those types of accounts allow passengers to build up points by riding with Amtrak so that they can ultimately claim rewards.”  https://www.tripwire.com/state-of-security/security-data-protection/passenger-railroad-service-says-data-breach-might-have-affected-pii/
  8. “With an estimated 68% of organizations experiencing zero-day attacks from undisclosed/unknown vulnerabilities in 2019, this is an upward trend that we need to address as an industry by shipping secure code at a reasonable speed.”  https://thehackernews.com/2020/06/devsecops-engineers.html
  9. “On March 11, 2020, the Cyberspace Solarium Commission (CSC), a governmental commission aiming to identify “a strategic approach to defending the United States in cyberspace against cyber-attacks of significant consequences,” published an extensive report outlining a new cyber strategy. The report is based on over 300 interviews and includes more than 80 recommendations for actions across the private and public sectors.” https://resources.infosecinstitute.com/five-key-lessons-from-the-u-s-cyberspace-solarium-commission-report/
  10. “An exploitable denial-of-service vulnerability exists in VMware Workstation, version 15.5.0, build-14665864. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from a VMware guest and the VMware host will be affected, leading to vmware-vmx.exe process crash on the host.” https://blog.talosintelligence.com/2020/06/vulnerability-spotlight-vmware.html
  11. “The Nipissing First Nation administration stopped a ransomware attack in its tracks but not soon enough to prevent disruption of communications.  The attack was discovered on May 8 and affected all departments of the administration but most of the network remained unaffected.” https://www.bleepingcomputer.com/news/security/ransomware-locks-down-the-nipissing-first-nation/
  12. “Internet of Things (IoT) devices offer tremendous capabilities to users. Looking around I see more and more ways, especially in a post COVID-19 world, that these devices will make our lives easier and safer, which makes this work more critical than ever. And while cybersecurity is a shared responsibility and the solution will likely require an ecosystem approach, how can IoT devices enable customers’ security goals?” https://www.nist.gov/blogs/cybersecurity-insights/more-just-milestone-botnet-roadmap-towards-more-securable-iot-devices
  13. “Rod Rosenstein, a former deputy attorney general at the Department of Justice, has been providing counsel on cybersecurity and national security to NSO Group, the Israeli software surveillance firm accused of spying on human rights activists and journalists, according to court documents obtained by CyberScoop.” https://www.cyberscoop.com/rod-rosenstein-nso-group-whatsapp/
  14. “We know well that the ulterior intention of the United States is to tarnish the image of our state and create a moment for provoking us by employing a new leverage called ‘cyber threat’ together with the issues of nuke, missiles, ‘human rights,’ ‘sponsoring of terrorism’ and ‘money laundering,’” North Korea’s Ministry of Foreign Affairs said in a May 28 statement.” https://www.cyberscoop.com/north-korea-issues-blanket-denial-us-hacking-accusations/
  15. “According to Troy Hunt at Have I Been Pwned (HIBP), the group of allegedly ill-gotten email addresses and passwords has been circulating in multiple forums, with most of them attributing the credential leak to Anonymous, which is a loose affiliation of individuals that carry out hacking to send political messages. According to multiple social-media posts, Anonymous supposedly carried out the breach/leak in response to the MPD’s role in Floyd’s death” https://threatpost.com/anonymous-hack-minneapolis-police-department-fake/156171/
  16. “Microsoft has begun to notify users via Windows Update if they are currently blocked from upgrading to Windows 10 2004 due to a compatibility hold.  With the May 2020 Update release, Microsoft placed nine compatibility holds on devices that prevent them from upgrading to Windows 10 2004 if they are using specific drivers, applications, or Windows 10 features.  These holds are due to conflicts that could cause applications not to run correctly, Windows 10 to have Blue Screen of Death (BSOD) crashes, or Windows 10 to have problems starting.” https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-notifying-users-if-windows-10-2004-is-blocked/
  17. “Today we’re announcing one of the top requests we’ve received: to bring the Advanced Protection Program to Nest.  Now people can seamlessly use their Google Accounts with both Advanced Protection and Google Nest devices — previously, a user could use their Google Account on only one of these at a time,”  https://www.bleepingcomputer.com/news/google/google-brings-the-advanced-protection-program-to-nest-devices/
  18. “The office of Minnesota Gov. Tim Walz says the National Security Agency did not provide the state with signals intelligence as its law enforcement agencies responded to protests against the killing of George Floyd. For awhile this weekend, though, the governor stirred up some confusion about whether the intelligence agency could do so.” https://www.cyberscoop.com/george-floyd-minnesota-nsa-surveillance/

#security #cybersecurity #itsecurity #privacy #5g #apple #bugbounty #kingnull #danielshosting #darkweb #joomla #jrd #devsecops #csc #vmware #Nipissing #NFN #nist #iot #nistir8259a #microsoft #windows2004 #nest #google #nsa

└ Tags: , , , , , , , , , , , , , , , , , , , , , , , ,
 Comment 

Cyber Security News for 29May2020

May29
by Shahid Sharif on May 29, 2020 at 8:28 pm
Posted In: Compliance, cyber security, cybersecurity, Privacy, Risk Management, Security
#security #cybersecurity #itsecurity #privacy #bithub #octopusscanner #ics #scada #steganography #c2 #microsoft #tag #himera #absent-loader
Image by https://threatpost.com
  1. “GitHub has issued a security alert on Thursday warning about a new malware strain that’s been spreading on its site via boobytrapped Java projects. The malware, which GitHub’s security team has named Octopus Scanner, has been found in projects managed using the Apache NetBeans IDE (integrated development environment), a tool used to write and compile Java applications.”  https://www.blackhatethicalhacking.com/news/github-warns-java-developers-of-new-malware-poisoning-netbeans-projects/
  2. “Phishing emails, used as the initial attack vector, were tailored and customized under the specific language for each specific victim. The malware used in this attack performed destructive activity only if the operating system had a localization that matched the language used in the phishing email.” reads the report published by Kaspersky. “For example, in the case of an attack on a company from Japan, the text of a phishing email and a Microsoft Office document containing a malicious macro were written in Japanese. “ https://securityaffairs.co/wordpress/103971/hacking/industrial-enterprises-attacks-steganography.html
  3. “Designing a robust command and control infrastructure involves creating multiple layers of command and control. This can be described as tiers. Each tier offers a level of capability and covertness. The idea of using multiple tiers is the same as not putting all your eggs in one basket. If c2 is detected and blocked, having a backup allows operations to continue. C2 tiers generally fall into three categories: Interactive, Short-Haul, and Long-Haul. These are sometimes labeled as Tier I, 2, or 3. There is nothing unique to each tier other than how they are used.” https://www.threathunting.se/2020/05/29/command-control-c2-tier/
  4. “A few weeks ago, our researchers came across a leaked database on the darkweb where a known and reputable actor ‘Toogod” dropped the database of “Taiwan Whole Country Home Registry DB” comprising of 20 Million+ records.” reads a post published by Cyble. https://securityaffairs.co/wordpress/103990/deep-web/taiwan-db-dark-web.html
  5. “Windows 10 release 2004 is out, with a slew of new features. They include several updates to its security and privacy. Here’s what you get when you download it, as outlined in the company’s blog post. Microsoft has updated its System Guard Firmware Measurement. This feature, launched in Windows 10 1903, helps guarantee the integrity of a system when it starts by checking system firmware, and it’s part of a broader System Guard protection feature.”  https://nakedsecurity.sophos.com/2020/05/29/windows-10-adds-new-security-and-privacy-features-in-may-update/
  6. “Criminals have been quick to adapt to the global coronavirus pandemic. Sophos threat researchers have shown how cybercriminals have taken advantage of COVID-19 in myriad ways, and the FBI has warned us about criminals profiteering with advance fee and business email compromise scams.” https://nakedsecurity.sophos.com/2020/05/29/covid-19-tests-ppe-and-antivirual-drugs-find-a-home-on-the-dark-web/
  7. “The American Civil Liberties Union (ACLU) has sued a New York-based startup for amassing a database of biometric face-identification data of billions of people and selling it to third parties without their consent or knowledge” https://threatpost.com/aclu-sues-clearview-ai-over-faceprint-collection-sale/156117/
  8. “Researchers with Google’s Threat Analysis Group (TAG) warned that they’ve spotted a spike in activity from several India-based firms that have been creating Gmail accounts that spoof the World Health Organization (WHO) to send coronavirus-themed phishing emails.” https://threatpost.com/hack-hire-spoof-who-google-credentials/156100/
  9. “Attackers looking to steal employee credentials from organizations tied to the industrial sector deployed highly-targeted operations that delivered malicious PowerShell scripts in images.  The technique is called steganography and in these incidents the actors used public hosting imaging services to evade network traffic scanners and control tools that would flag the malicious download.” https://www.bleepingcomputer.com/news/security/highly-targeted-attacks-on-industrial-sector-hide-payload-in-images/
  10. “Vitalii Antonenko was charged in Massachusetts on multiple counts of conspiracy – to commit computer hacking, launder money and traffic in stolen payment card numbers – in connection with a scheme to sell stolen data on cybercriminal markets. The U.S. Department of Justice announced on Wednesday that Antonenko, 28, was apprehended in March upon his arrival at John F. Kennedy Airport from Ukraine. He was charged Tuesday.”  https://www.cyberscoop.com/hacker-arrest-nyc-jfk-airport/
  11. “Microsoft acknowledged and mitigated a new Windows 10 known issue affecting the Deployment Image Servicing and Management (DISM) tool used to service Windows images prior to deployment.  DISM can be used to prepare images in the Windows image (.wim) or a virtual hard disk (.vhd or .vhdx) formats for Windows PE, Windows Recovery Environment (Windows RE), and Windows Setup.” https://www.bleepingcomputer.com/news/microsoft/microsoft-mitigates-windows-10-2004-known-issue-impacting-dism/
  12. “Researchers at ZLab spotted a new phishing campaign using Covid19 lures to spread Himera and Absent-Loader.  “  https://securityaffairs.co/wordpress/104015/malware/himera-absent-loader-covid19-lures.html

#security #cybersecurity #itsecurity #privacy #bithub #octopusscanner #ics #scada #steganography #c2 #microsoft #tag #himera #absent-loader

└ Tags: , , , , , , , , , , , , ,
 Comment