Active Threats
- “Payment card data from customers of Greenworks hardware tools website is currently being stolen by hackers via a malicious script with self-cloaking capabilities and anti-tampering protection. Greenworks distributes home and garden battery-powered tools for DIY consumers. Its business started in 2007 and grew to expand in North America and Europe.” https://www.bleepingcomputer.com/news/security/self-destructing-skimmer-steals-credit-cards-of-greenworks-customers/
- “The Japanese carmaker Honda announced that threat actors have compromised the Honda network disrupting its business in several countries. Source informed about the security incident believe Honda’s systems have been infected with SNAKE Ransomware. BleepingComputer reported that a security researcher named Milkream has found a sample of the SNAKE (EKANS) ransomware submitted to VirusTotal that checks for the internal Honda network name of “mds.honda.com”.” https://securityaffairs.co/wordpress/104548/cyber-crime/honda-cyber-attack.html
- “Thanos is the first ransomware family observed that advertises the use of the RIPlace tactic. RIPlace is a Windows file system technique unveiled in a proof of concept (PoC) last year by researchers at Nyotron, which can be used to maliciously alter files and which allows attackers to bypass various anti-ransomware methods.” https://threatpost.com/thanos-ransomware-weaponize-riplace-tactic/156438/
- “Operators of the cryptojacking botnet Kingminer botnet are trying to keep their business humming by applying hotfixes from Microsoft on vulnerable infected computers to lock out other threat actors thay may claim a piece of their pie. Kingminer has been around for about two years and continues to brute-force its way on SQL servers to install the XMRig cryptocurrency miner for Monero. In their latest campaigns, the botnet operators started to use the EternalBlue exploit and shutting the door on remote access to their compromised systems, shows a new report from researchers at Sophos cybersecurity company.” https://www.bleepingcomputer.com/news/security/kingminer-patches-vulnerable-servers-to-lock-out-competitors/
- “Hackers use fake contact tracing apps in attempt to install banking malware on Android phones” https://www.cyberscoop.com/contact-tracing-hacking-security-anomali/
- “The U.S. Federal Bureau of Investigation (FBI) today warned mobile banking app users that they will be increasingly targeted by hackers trying to steal their credentials and take over their banking accounts. The alert, published on the agency’s Internet Crime Complaint Center (IC3), says that the increased usage of such apps during the pandemic could lead to more exploitation attempts targeting their users. The FBI is anticipating that threat actors will focus their attacks on mobile banking customers since most Americans are using such services for making payments, transferring funds, and cashing checks.” https://www.bleepingcomputer.com/news/security/fbi-warns-of-increased-hacking-risk-if-using-mobile-banking-apps/
- “Business owners with Microsoft Office 365 accounts are targeted in a phishing campaign that uses bait emails designed to look like legitimate Small Business Grants Fund (SGF) relief payment messages from the UK government. These highly targeted phishing attacks have so far delivered emails that, according to numbers from security researchers at email security company Abnormal Security, have landed in the mailboxes of up to 5,000 potential victims.” https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-business-owners-with-relief-payments/
- “A phishing email campaign asking you to vote anonymously about Black Lives Matter is spreading the TrickBot information-stealing malware. Started as a banking Trojan, the TrickBot has evolved to perform a variety of malicious behavior. This behavior includes spreading laterally through a network, stealing saved credentials in browsers, stealing Active Directory Services databases, stealing cookies and OpenSSH keys, stealing RDP, VNC, and PuTTY Credentials, and more.” https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/
Data Breaches/Ransomware
- “Babylon mobile health app mixes up patient consultation videos” https://nakedsecurity.sophos.com/2020/06/10/babylon-mobile-health-app-mixes-up-patient-consultation-videos/
- “Slovak National Criminal Agency (NAKA) seized wiretapping devices connected to the Govnet network and arrested four individuals, including the head of a government agency, who was responsible for managing the government network.” https://securityaffairs.co/wordpress/104567/intelligence/slovak-govnet-network-wiretapping-devices.html
Vulnerabilities
- “The Mozilla Firefox web browser contains a vulnerability in its SharedWorkerService function that could allow an attacker to gain the ability to remotely execute code on a target’s machine. This vulnerability can be triggered if the user visits a malicious web page. The attacker can design this page in a way that it would cause a race condition, eventually leading to a use-after-free vulnerability and remote code execution. https://blog.talosintelligence.com/2020/06/vuln-spotlight-firefox-shared-service-june-2020.html
- “We’re coming to a point in time now where there are lots of CA Root Certificates expiring in the next few years simply because it’s been 20+ years since the encrypted web really started up and that’s the lifetime of a Root CA certificate. This will catch some organizations off guard in a big way,” https://www.bleepingcomputer.com/news/security/expiring-ssl-certs-expected-to-break-smart-tvs-fridges-and-iots/
- “ESXi, Workstation and Fusion are affected by an out-of-bounds read vulnerability that can be exploited by an attacker with non-admin access to a virtual machine to read privileged information from memory. The flaw resides in the NVMe functionality. NVMe (nonvolatile memory express) is a new storage access and transport protocol for flash and next-generation solid-state drives (SSDs) that delivers the highest throughput and fastest response times yet for all types of enterprise workloads.” https://securityaffairs.co/wordpress/104579/security/vmware-products-flaw.html
Patching & Remediation
- “In order to be successful as a security professional and effectively scale the vulnerability mountain, you have to break these silos down. This requires the organization to create a shared alliance and motivate teams to work together to achieve their ultimate goal of making the company more secure, efficient, and productive.” https://blog.rapid7.com/2020/06/10/how-team-collaboration-can-help-you-scale-the-vulnerability-mountain/
Bug Bounty
- No updates
Privacy
- “Amazon is announcing a one-year moratorium on allowing law enforcement to use its controversial Rekognition facial recognition platform, the e-commerce giant said on Wednesday. The news comes just two days after IBM said it would no longer offer, develop, or research facial recognition technology, citing potential human rights and privacy abuses and research indicating facial recognition tech, despite the advances provided by artificial intelligence, remains biased along lines of age, gender, race, and ethnicity.” https://www.theverge.com/2020/6/10/21287101/amazon-rekognition-facial-recognition-police-ban-one-year-ai-racial-bias
Darkweb
- “During this research, we observed an overlap between our detections and a ransomware family called Hakbit. Based on code similarity, string reuse, and core functionality, Insikt Group assesses with high confidence that ransomware samples tracked as Hakbit are built using the Thanos ransomware builder developed by Nosophoros.” https://www.recordedfuture.com/thanos-ransomware-builder/
Standards, Guidelines, Best Practices
- “If you suspect you have been hacked, the sooner you act the better. If the hack is work related, do not try to fix the problem yourself; instead, report it immediately. If it is a personal system or account that has been hacked” https://www.sans.org/security-awareness-training/resources/am-i-hacked
- “Any business launched online in the cyber network is inevitably at risk of vulnerabilities — bugs and issues that can endanger the business infrastructure as well as public information and create irreparable damage. Consequently, many organizations are now using vulnerability rewards programs (VRP) such as Bug Bounties in order to have a safer business online by patching and remediating these vulnerabilities before publication and creating further damage. Though, in these programs, an undeniable need for a Vulnerability Disclosure Philosophy (VDP) is tangible.” https://www.threathunting.se/2020/06/10/vulnerability-disclosure-philosophy/
Red/Blue Teaming
- “Testing with Atomic Red Team may seem daunting at first, but it’s really quite simple—and easier than ever with all the recent improvements to Invoke-Atomic, the open source PowerShell module for executing tests. However, even if you don’t use Invoke-Atomic, testing is still as simple as cloning the Atomic Red Team repository and following simple instructions (mostly just copy and pasting command-line scripts) that are included with the tests you want to run. However you use it, the platform is a great resource for checking your visibility, validating assumptions about security controls, and learning about what suspicious or malicious behavior might look like in your endpoint telemetry.” https://redcanary.com/blog/top-atomic-red-team-tests/
#security #cybersecurity #itsecurity #privacy #risk #compliance #skimmer #greenworks #vdp #snake #ransomware #ekans #thanos #riplace #mozilla #firefox #hakbit #raas #cryptojacking #kingminer #eternalblue #govnet #naka #trickbot
Comments Off on Security News for 10Jun2020
