Cyber Security News for 8Apr2020

Apr08
by Shahid Sharif on April 8, 2020 at 5:01 pm
Posted In: cyber security, cybersecurity, Security
Linux Image
  1. “Amidst all the pandemic doom and gloom, we finally have something positive come from the chaos: NERC filed a motion recently (April 6, 2020) to defer three Critical Infrastructure Protection (CIP) Reliability Standards (as well as 1 PER, and 3 PRC standards) for three months due to the national emergency declared on March 13th by President Trump. As the original implementation date was July 1, 2020, this means that should FERC approve the motion, the new implementation date would be October 1, 2020.  You can find the announcement here and the filing here, but rather than read through that material, I have some proposals on how to better spend your time!” https://www.tripwire.com/state-of-security/regulatory-compliance/nerc-cip/nerc-proposes-deferment-3-cip-standards/
  2. “One item that comes up a lot in conversations is how security teams or IT teams struggle to speak the “business language” to business leaders, mainly to members of the senior leadership that make the final decisions on spending and investments. This problem could have its roots in IT, and later security, teams historically having their management lines within the accounting department, ultimately being accountable to the Chief Financial Officer. Regardless, there was a massive potential for adversarial relationships between IT and business. Most often we have seen this attributed to poor communication skills, from “too technical” of responses to misalignment with the holistic organization.” https://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/role-cyber-threat-intelligence-analyst/
  3. “No matter what your business might be, you need to make sure that your company’s cybersecurity is top-of-the-line. Many small businesses can find themselves under attack from cyber threats simply because their security might not be as complex as that of a giant corporation. Here are three tips to help you protect your business, no matter what.” https://hackercombat.com/cybersecurity-101-3-tips-to-protect-your-business
  4. “Cybercrime groups are now building hard-to-detect tools and deploying techniques making it quite difficult for organizations to tell if they are being intruded. Passive methods of detecting signs of intrusion are becoming less practical as environments are complicated, and no method or technology is able to absolutely detect malicious activities; thus, humans must “go for a hunt.”” https://www.threathunting.se/2020/04/08/understanding-threat-hunting-part1/
  5. “On Saturday 14 March 2020, HMR was subjected to a targeted and sophisticated attack by cyber criminals.  We took immediate action to stop the attack, but not before the attackers had stolen copies of some of our files.  A criminal group called Maze has claimed responsibility.” reads the data breach notification published by the company. “We’re sorry to report that, during 21–23 March 2020, the criminals published on their website records from some of our volunteers’ screening visits.  The website is not visible on the public web, and those records have since been taken down.  The records were from some of our volunteers with surnames beginning with D, G, I or J.  “ https://securityaffairs.co/wordpress/101247/data-breach/maze-ransomware-hmr-leak.html
  6. “Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage ‘distributed denial-of-service‘ attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. The botnet, named “dark_nexus” by Bitdefender researchers, works by employing credential stuffing attacks against a variety of devices, such as routers (from Dasan Zhone, Dlink, and ASUS), video recorders, and thermal cameras, to co-opt them into the botnet.”  https://thehackernews.com/2020/04/darknexus-iot-ddos-botnet.html
  7. “Cybersecurity experts found a solution for the unremovable xHelper malware that manages to re-install itself even after users delete it or factory-reset the infected devices, making it almost impossible to destroy. The malware was first spotted back in March 2019, and by August, it managed to infect more than 32,000 devices. It was reported in October that it had infected over 45,000 android devices.” https://www.threathunting.se/2020/04/08/the-xhelper-malware-can-now-be-permanently-deleted/
  8. WhatsApp implements limitations on message forwarding to curb the spread of misinformation about the Coronavirus pandemic. https://securityaffairs.co/wordpress/101256/social-networks/whatsapp-limits-forwarding.html
  9. “Yes, your continuous health monitoring Internet of Things (IoT) wrist wrapper well may track your sleep quality and how many calories you burn, but answer me this: does it stick artificial intelligence (AI) sensors up in your business to capture your urine flow and the Sistine Chapel-esque glory of the unique-as-a-fingerprint biometric that is your anus?” https://nakedsecurity.sophos.com/2020/04/08/as-if-the-world-couldnt-get-any-weirder-this-ai-toilet-scans-your-anus-to-identify-you/
  10. “Imagine a computer user from 2010 dreaming of a world in which Microsoft is not only an enthusiastic proponent of open source software but actively contributes to it with its own ideas. It would have sounded fanciful and yet a decade on and this is exactly the world a growing number of Microsoft’s in-house developers find themselves working towards. The latest twist in the romance arrived this week when the company published details of Integrity Policy Enforcement (IPE), a Linux Security Module (LSM) designed to check the authenticity of binaries at runtime.” https://nakedsecurity.sophos.com/2020/04/08/microsoft-project-proposed-to-aid-linux-iot-code-integrity/
  11. “The update that came out over the weekend was an emergency patch, issued for a security hole that was found because it was already in use by criminals in real life – what’s known in the trade as a zero day because there were zero days on which you could have patched in advance. This one is a bit less dramatic, being a scheduled update of the sort you expect to see issued on a regular basis.” https://nakedsecurity.sophos.com/2020/04/08/update-firefox-again-more-rces-and-an-android-takeover-bug-too/
  12. Malwarebytes learned of the campaign when someone notified the security firm that someone was abusing its brand using the lookalike domain “malwarebytes-free[.]com.” Registered on March 29 via REGISTRAR OF DOMAIN NAMES REG.RU LLC, this domain was hosted in Russia at 173.192.139[.]27 at the time of discovery. Researchers at Malwarebytes subsequently examined the source code of the fake website. Through these efforts, they confirmed that someone had stolen the source code of the firm’s website. Those actors had then injected a JavaScript snipped into this code that specifically redirected visitors using Internet Explorer to a malicious URL hosting the Fallout exploit kit.” https://www.tripwire.com/state-of-security/security-data-protection/fake-malwarebytes-site-used-by-malvertising-attack-to-spread-raccoon/
  13. “Refusing to pay a ransom no matter the circumstances is a position Kaspersky supports. “When it comes to the question of paying a ransom, our recommendation is to never pay a ransom, and there are a few reasons for this,” said Brian Bartholomew, the security provider’s principal security researcher in its global research and analysis team. “First, paying a ransom will never guarantee that all of your data will be returned – it might be partially returned or not at all. There is also no way to tell if your information has been sold in underground markets once obtained,” he said. “Second, paying a ransom only encourages cyber criminals to further carry out these attacks as they are one of the most financially profitable attacks malefactors can perform. The more business organizations give in to ransomware attacks, the more we will see them continue to trend in the threat landscape.”” https://www.msspalert.com/cybersecurity-research/never-pay-ransomware-findings/
  14. “Researchers at Talos, Cisco’s threat intelligence arm, demonstrated how to use 3D printing and other methods to forge fingerprints and unlock eight models of devices ranging from the iPhone 8 and Samsung S10 smartphones to laptops and padlocks.” https://www.cyberscoop.com/fingerprints-biometrics-talos-intelligence-agencies/
  15. “A Zoom shareholder has filed a lawsuit against the video-conferencing company for allegedly covering up security vulnerabilities in its app.” https://www.cyberscoop.com/zoom-shareholder-accuses-executives-fraud-security-practices/
  16. “A Russian information operation relied on forged diplomatic emails and planted articles on a number of social media sites in an attempt to undermine multiple governments and impersonate U.S. lawmakers, according to a new analysis of recent social media activity.” https://www.cyberscoop.com/russia-disinformation-operation-pinball-georgia-moldova/
  17. “Popular conferencing apps have become a major cybercrime lure during the COVID-19 work-from-home era – and Skype is the undisputed leader when it comes to being impersonated by malicious downloads, researchers have found. An April analysis from Kaspersky uncovered a total of 120,000 suspicious malware and adware packages in the wild masquerading as versions of the video calling app” https://threatpost.com/skype-apps-hide-malware/154566/

#security #cybersecurity #itsecurity #nerc #smb #threathunting #maze #doppelpaymer #darknexus #xhelper #trojan #malware #whatsapp #smarttoilet #anus #lsm #linux #firefox #malwarebytes #raccoon #ransomware

└ Tags: , , , , , , , , , , , , , , , , , , , ,
 Comment 

Cyber Security News for 7Apr2020

Apr07
by Shahid Sharif on April 7, 2020 at 4:37 pm
Posted In: cyber security, cybersecurity, Security
shutterstock_1081937600-compressor
  1. “The INTERPOL (International Criminal Police Organisation) is warning of ransomware attacks against hospitals despite the currently ongoing Coronavirus outbreak. Attackers are targeting organizations in the healthcare industry via malspam campaigns using malicious attachments. The attachments used as lure appear to be sent by health and government agencies, they promise to provide information on the Coronavirus pandemic and the way to avoid the contagion.” https://securityaffairs.co/wordpress/101178/cyber-crime/interpol-warns-hospitals-attacks.html
  2. “We breached Email.it Datacenter more than 2 years ago and we plant ourself like an APT. We took any possible sensitive data from their server and after we choosen to give them a chance to patch their holes asking for a little bounty. They refused to talk with us and continued to trick their users/customers. They didn’t contacted their users/customers after breaches!” https://www.blackhatethicalhacking.com/news/email-provider-got-hacked-data-of-600000-users-now-sold-on-the-dark-web/
  3. “CISO Checklist for Secure Remote Working” (download here) that has been built to assist CISOs in navigating through this noise, providing them with a concise and high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times.” https://thehackernews.com/2020/04/ciso-checklist-remote-work.html
  4. “Using a sophisticated static analysis tool called InputScope developed for the purpose, the team analyzed the behavior of 150,000 apps, comprising the 100,000 most popular on Google Play in April 2019, plus 30,000 apps pre-installed on Samsung devices, and 20,000 taken from the alternative Chinese market Baidu.” https://nakedsecurity.sophos.com/2020/04/07/thousands-of-android-apps-contain-undocumented-backdoors-study-finds/
  5. “Two schoolchildren have sued Google, alleging that it’s illegally collecting their voiceprints, faceprints and other personally identifiable information (PII). The students were identified only as HK and JC in the complaint, which was filed on Thursday in San Jose, CA, in the US District Court of Northern California. The children are suing through their father, Clinton Farwell.” https://nakedsecurity.sophos.com/2020/04/07/two-schoolkids-sue-google-for-collecting-biometrics/
  6. “Iran-backed nation-state hackers recently tried to hijack the personal email accounts of a number of World Health Organization (WHO) staffers, reports said. It’s not clear what the hackers were after other than targeting top executives in a spear phishing expedition, Reuters reported. A WHO spokesperson confirmed the attempting infiltration but did not identify the attackers behind the incidents. At this point, officials don’t yet know if any of the email accounts have been compromised. “To the best of our knowledge, none of these hacking attempts were successful,” the spokesperson said.”” https://www.msspalert.com/cybersecurity-breaches-and-attacks/phishing/iran-hackers-allegedly-target-who/
  7. “A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then, cybersecurity researchers have been trying to unfold how the malware survives factory reset and how it infected so many devices in the first place.” https://thehackernews.com/2020/04/how-to-remove-xhelper-malware.html
  8. “A rash of COVID-19 Android mobile apps have emerged that are aimed at helping citizens in Iran, Italy and Colombia track symptoms and virus infections. However, they’re also putting people’s privacy and the security of their data at risk, researchers have found. Security researchers at the ZeroFOX Alpha Team have uncovered various privacy concerns and security vulnerabilities – including a backdoor in various apps. The apps are either created and endorsed by countries or invented as one-offs by threat actors to take advantage of the current pandemic, according to a blog post published Monday. https://threatpost.com/official-government-covid-19-apps-threats/154512/
  9. “The approaches we give should be usable with any threat hunting software, including home-grown tools and using a SIEM. If you’re evaluating a threat hunting package, use these steps as a way to 1) confirm that it works at all, 2) confirm that it can detect each of the threats, 3) evaluate its ability to sort threats with the most likely malicious ones at the top, and 4) evaluate the amount of manual effort needed to find the threats. 3) and 4) are important – a threat hunting package could technically detect a threat, but it may be buried 27 pages down in a list of other potential threats. Worse yet is a threat hunting package that simply cannot detect one of these threat types, such as C2 communication over DNS. This series will be posted to our blog on Tuesdays and Thursdays with the last post on April 16th, 2020.” https://www.activecountermeasures.com/threat-simulation-overview-and-setup/
  10. “A news release issued Monday notes that business email compromise (BEC) attacks — scams in which the perpetrators pose as co-workers or friends, then ask for money — have targeted U.S. municipalities that are trying to purchase supplies to mitigate the COVID-19 pandemic. The warning coincided with a bulletin Monday noting that U.S. businesses have reported $2.1 billion in losses from BEC scams between January 2014 and October last year carried out through just two email services, which the bureau did not identify by name.” https://www.cyberscoop.com/coronavirus-bec-email-scams-fbi-warning/
  11. “The Australian Signals Directorate (ASD) “has mobilized its offensive cyber capabilities to disrupt foreign cyber criminals responsible for a spate of malicious activities during COVID-19,” the Australian defense ministry said in a statement Tuesday.” https://www.cyberscoop.com/australia-coronavirus-hacking-criminals/
  12. “With roughly 360,000 jobless or financially affected Australians due to the current pandemic having already applied for an early superannuation release per the ABC, cybercriminals are trying their best to trick them into handing over the info needed to get illegal access to those funds.” https://www.bleepingcomputer.com/news/security/scammers-target-australians-financially-affected-by-pandemic/
  13. “FIN6 fingerprints were spotted in recent cyberattacks that initially infected victims with the TrickBot trojan, and then eventually downloaded the Anchor backdoor malware.” https://threatpost.com/fin6-and-trickbot-combine-forces-in-anchor-attacks/154508/
  14. “Hammersmith Medicines Research LTD (HMR), a research company on standby to perform live trials of Coronavirus vaccines, has started emailing data breach notifications after having their data stolen and published in a ransomware attack. This attack occurred on March 14th, 2020, when the Maze Ransomware operators stole data hosted on HMR’s network and then began to encrypt their computers.” https://www.bleepingcomputer.com/news/security/drug-testing-firm-sends-data-breach-alerts-after-ransomware-attack/
  15. “In a lengthy report on remote access trojans (RAT), BlackBerry Cylance researchers detail an Android malware variant, which they call PWNDROID4, that can be used to monitor targets’ phone calls, record audio, send and receive text messages, and track victims’ GPS location. Researchers believe it has been used by suspected Chinese government-linked hackers known as the Winnti group.” https://www.cyberscoop.com/world-wired-labs-winnti-netwire-china-blackberry-cylance/
  16. “NASA has seen “significantly increasing” malicious activity from both nation-state hackers and cybercriminals targeting the US space agency’s systems and personnel working from home during the COVID-19 pandemic. Mitigation tools and measures set in place by NASA’s Security Operations Center (SOC) successfully blocked a wave of cyberattacks, the agency reporting double the number of phishing attempts, an exponential increase in malware attacks, and double the number of malicious sites being blocked to protect users from potential malicious attacks.” https://www.bleepingcomputer.com/news/security/nasa-under-significantly-increasing-hacking-phishing-attacks/

#security #cybersecurity #itsecurity #interpol #doppelpaymer #maze #ryuk #group-ib #silence #ta505 #yara #erebus #ransomware #email.it #xhelper #zerofox #fin6 #trickbot #nasa #covid-19 #nasa

└ Tags:
 Comment 

Cyber Security News for 6Apr2020

Apr06
by Shahid Sharif on April 6, 2020 at 5:07 pm
Posted In: cyber security, cybersecurity, Security
  1. “Researcher has found a security issue in the Windows client of the popular video conferencing service, Zoom, that can be used for limited remote code execution and, worse, to capture and replay security tokens to access network resources. The app has vulnerability [1] in handling of Uniform Resource Identifier paths, which can result in Universal Naming Convention (UNC) [2] injection.” https://www.andreafortuna.org/2020/04/01/be-careful-a-windows-flaw-lets-zoom-leak-network-credentials-and-run-code-remotely/
  2. ““wininit.exe” stands for Windows Initialization. This process is an essential part of the Windows OS and it runs in the background. “wininit.exe” is responsible for launching the Windows Initialization process.” https://www.threathunting.se/2020/04/06/wininit-exe-the-most-important-windows-processes-for-threat-hunting/
  3. “As the coronavirus pandemic continues to worsen, remote-collaboration platforms – now fixtures in many workers’ “new normal” – are facing more scrutiny. Popular video-conferencing app Zoom may currently be in the cybersecurity hot seat, but other collaboration tools, such as Slack, Trello, WebEx and Microsoft Teams, are certainly not immune from cybercriminal attention.” https://threatpost.com/beyond-zoom-safe-slack-collaboration-apps/154446/
  4. “A rival hacking forum has yet again hacked OGUsers – the second time in a year – and yet again doxxed its database for one and all to grab, fast on the heels of the attack.  OGUsers is a forum devoted to trading stolen Instagram, Twitter and other accounts, with a special place in its dark heart for hackers who like to trade SIM swappers’ stolen phone numbers and Bitcoin accounts.” https://nakedsecurity.sophos.com/2020/04/06/hackers-forum-hacked-ogusers-database-dumped-again/
  5. “Mozilla patched two critical zero-days in Firefox 74.0.1. The vulnerabilities were exploited in the wild through targeted attacks. Mozilla is now urging users to update their Firefox browsers to fix the two bugs. The two vulnerabilities, tracked as CVE-2020-6819 and CVE-2020-6820, are both use-after-free. Use-after-free flaws are a type of memory corruption that could lead to corruption of valid data and also attackers could exploit these types of vulnerabilities to execute arbitrary codes.” https://www.threathunting.se/2020/04/06/firefox-patches-critical-vulnerabilities-exploited-in-the-wild/
  6. “As the Guardian reported that Zoom is Malware, some experts believe so. But no, Zoom is not malware. Rather, it’s a piece of legitimate software that’s, unfortunately, just full of security vulnerabilities and we’re just now getting to know about it as the app was never scrutinized this thoroughly before” https://thehackernews.com/2020/04/zoom-cybersecurity-hacking.html
  7. “These are extraordinary times, but human rights law still applies. Indeed, the human rights framework is designed to ensure that different rights can be carefully balanced to protect individuals and wider societies. States cannot simply disregard rights such as privacy and freedom of expression in the name of tackling a public health crisis. On the contrary, protecting human rights also promotes public health. Now more than ever, governments must rigorously ensure that any restrictions to these rights is in line with long-established human rights safeguards.” https://nakedsecurity.sophos.com/2020/04/06/rights-groups-appeal-to-governments-over-covid-19-surveillance/
  8. “Adequate web server security requires proper understanding, implementation and use of a variety of different tools. In this article, we will take a look at some command line tools that can be used to manage the security of web servers. The tools reviewed will demonstrate how to perform tasks such as hashing strings in the Base64 hashing algorithm, hexdump for file analysis, gzip for file compressions and decompression, tcpdump for traffic analysis and several others.” https://resources.infosecinstitute.com/category/certifications-training/web-server-security/command-line-fu-for-web-server-protection/
  9. “Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai. State-sponsored hackers used a zero-day vulnerability in Sangfor SSL VPN servers to gain access to victims’ networks. The first Darkhotel espionage campaign was spotted by experts at Kaspersky Lab in late 2014, according to the researchers the APT group has been around for nearly a decade while targeting selected corporate executives traveling abroad.” https://securityaffairs.co/wordpress/101151/apt/darkhotel-hit-china.html
  10. “There’s been a bit of a buzz in the news lately over an “epic new feature” in the next Apple iPad model – the one that’s supposed to come out this year. A microphone switch!” https://nakedsecurity.sophos.com/2020/04/06/will-apples-microphone-switch-stop-your-ipad-getting-bugged/
  11. “The INTERPOL (International Criminal Police Organisation) warns that cybercriminals are increasingly attempting to lockout hospitals out of critical systems by attempting to deploy ransomware on their networks despite the currently ongoing COVID-19 outbreak. This doesn’t come as a surprise even though some operators behind various ransomware strains have told BleepingComputer last month that they will stop targeting health and medical organizations during the pandemic.” https://www.bleepingcomputer.com/news/security/interpol-ransomware-attacks-on-hospitals-are-increasing/
  12. “Knowing this, threat actors have started distributing Zoom client installers bundled with malware such as Coinminers, Remote Access Trojans, and adware bundles.” https://www.bleepingcomputer.com/news/security/psa-fake-zoom-installers-being-used-to-distribute-malware/
  13. “In total, five S3 buckets belonging to Key Ring were exposed, all containing valuable, private information that could have serious security implications for millions of people,” https://securityaffairs.co/wordpress/101163/data-breach/key-ring-data-leak.html
  14. “There were more zero-days exploited in 2019 than any of the previous three years, according to telemetry from FireEye Mandiant. The firm said that’s likely due to more zero-days coming up for sale by cyber-weapons dealers like NSO Group; a growing commercial market has made such tools much more widely available.” https://threatpost.com/brisk-private-trade-zero-days/154502/
  15. “Over 350,000 of all Microsoft Exchange servers currently exposed on the Internet haven’t yet been patched against the CVE-2020-0688 post-auth remote code execution vulnerability affecting all supported Microsoft Exchange Server versions.” https://www.bleepingcomputer.com/news/security/80-percent-of-all-exposed-exchange-servers-still-unpatched-for-critical-flaw/

#zoom #rce #replayattack #threathunting #winnit #collaboration  #rostelecom #cdn #bgphijack #as12389 #surveillance #Qihoo 360 #darkhotel #sangforsslvpn #aptc06 #sangfor #zeroday #microsoftexchange #cve-2000-0688 #nsogroup

└ Tags: , , , , , , , , , , , , , , , , , , ,
 Comment 

Cyber Security News for 5Apr2020

Apr05
by Shahid Sharif on April 5, 2020 at 5:48 pm
Posted In: cyber security, cybersecurity, Security
  1. Jope virus is a ransomware infection that belongs to the STOP Ransomware family of cryptoviruses. It’s main goal is to encrypt your files and ask you to pay ransom so that you can open and use them again. This video is a removal and file recovery guide for the .jope files virus from your computer.” https://sensorstechforum.com/jope-virus-file-remove/
  2. “For the past few months, an organized attack campaign is targeting misconfigured open Docker Daemon API ports to spread the Kinsing malware which is designed for cryptomining. https://www.threathunting.se/2020/04/05/attackers-are-exploiting-docker-containers-to-deliver-cryptomining-malware/
  3. “As the federal agency overseeing relief to small businesses during the coronavirus pandemic was preparing to ramp up its lending, some of the Small Business Administration’s loan applicants may have had their personally identifiable information exposed to others, an agency spokeswoman tells CyberScoop.” https://www.cyberscoop.com/sba-data-exposure-covid-19-loan-program-small-business-administration/
  4. “Malware or “malicious software” is a broad term to describe any sort of software developed with the intention to cause damage or gain access to a computer or network.” https://www.blackhatethicalhacking.com/articles/free-access/the-evolution-of-malware/
  5. “Researchers from The Ohio State University, New York University, and CISPA Helmholtz Center for Information Security analyzed thousands of mobile applications for Android and discovered dangerous behavior, including backdoors and blacklists.” https://securityaffairs.co/wordpress/101094/malware/android-apps-hidden-backdoors.html
  6. “If you’re on the regular version of Firefox, you’re looking to upgrade from 74.0 to 74.0.1 and if you’re using the Extended Support Release (ESR), you should upgrade from ESR 68.6.0 to ESR 68.6.1.” https://nakedsecurity.sophos.com/2020/04/05/firefox-zero-day-in-the-wild-patch-now/
  7. “The ransomware operators have been incredibly active in the last few weeks. The infamous DoppelPaymer group has leaked the files of Commercial Development Company, Inc — a real estate acquisition and development company. CDC’s North American accumulative acquisition and development portfolio includes over 85-million-square feet under roof located on over 300 sites throughout the United States and Canada. Their clients’ list includes some heavy names such as BHP, Citi, Armco Steel, Wells Fargo and others.” https://medium.com/@cyble/doppelpaymer-ransomware-operators-breached-commercial-development-inc-a43a6840a0e3

#jopevirus #stopransomware #ransomware #cryptovirus #privacybreach  #privacy #firefox #doppelpaymer

└ Tags: , , , , , , ,
 Comment 

Cyber Security News for 4Apr2020

Apr04
by Shahid Sharif on April 4, 2020 at 5:17 pm
Posted In: cyber security, cybersecurity, Security
  1. “2020 is going to be a rough year. In my judgment, there are five major trends to watch out for in 2020” https://www.recordedfuture.com/ransomware-trends-2020/
  2. “A new version of the popular AnarchyGrabber Discord malware has been released that modifies the Discord client files so that it can evade detection and steal user accounts every time someone logs into the chat service.” https://www.bleepingcomputer.com/news/security/discord-turned-into-an-account-stealer-by-updated-malware/
  3. “Mozilla released Firefox 74.0.1 and Firefox ESR 68.6.1 earlier to address two critical vulnerabilities actively abused in the wild that could lead to remote code execution on vulnerable machines. The two security flaws fixed today could potentially allow attackers to execute arbitrary code or trigger crashes on machines running vulnerable Firefox versions.” https://www.bleepingcomputer.com/news/security/mozilla-patches-two-actively-exploited-firefox-zero-days/
  4. “A hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame.” https://www.blackhatethicalhacking.com/news/a-hacker-has-wiped-defaced-more-than-15000-elasticsearch-servers/
  5. “A group of tech giants – including Akamai, Amazon Web Services, Cloudflare, Facebook, Google, Microsoft and Netflix – are banding together to battle route hijacking, route leaks and IP address-spoofing attacks targeting internet users. They’re coming together under a program was introduced this week by the Mutually Agreed Norms for Routing Security (MANRS) global initiative. MANRS over the past six years has worked to build up a team of 300 network operators, internet exchange points (IXPs) and other companies to provide “crucial fixes to reduce the most common routing threats.”” https://threatpost.com/cloud-cdns-team-internet-routing-attacks/154434/
  6. “The Facebook representatives specifically told NSO Group they wanted to monitor users on Apple devices, NSO Group CEO Shalev Hulio said, according to court documents obtained by CyberScoop.” https://www.cyberscoop.com/facebook-nso-group-lawsuit-onavo/
  7. “On March 23, 2020, I found a publicly exposed and editable Google Sheets document that provided information to various NBC-owned local news stations. I reached out to the Data Visualization and Multimedia team at NBCUniversal Media, and they responded very quickly; the document was locked down by close of business the same day! Kudos to NBC for acting quickly and resolving this issue!” https://www.contrastsecurity.com/security-influencers/google-sheets-stored-xss-vulnerability-covid-19-table
  8. “Security researcher Bill Demirkapi found ten different vulnerabilities within the HP Support Assistant software, including five local privilege escalation flaws, two arbitrary file deletion vulnerabilities, and three remote code execution vulnerabilities.” https://www.bleepingcomputer.com/news/security/windows-pcs-exposed-to-attacks-by-critical-hp-support-assistant-bugs/
  9. “The vulnerability exists in OpenWrt’s package manager used to install or update OpenWrt.  A security researcher has found that the process used to ensure the integrity of update files is not working properly.  This means that a hostile cyber actor could sneak malicious code into the update process.” https://protocol46.com/critical-flaw-in-openwrt-software/
  10. “The Department of Justice and Offices of the United States Attorneys are warning that ‘Zoom-bombing’ is illegal and those who are involved can be charged with federal and state crimes.” https://www.bleepingcomputer.com/news/software/doj-says-zoom-bombing-is-illegal-could-lead-to-jail-time/
  11. “Security experts at FortiGuard Labs discovered a new Coronavirus-themed campaign using alleged messages from the World Health Organization (WHO) to deliver the LokiBot trojan. The campaign was uncovered on March 27 when the researchers noticed messages claiming to be WHO communications to address misinformation related to the COVID19 outbreak.” https://securityaffairs.co/wordpress/101058/malware/coronavirus-campaign-who-lokibot.html

#ransomware #discord #anarchygrabber #malware #elasticsearch #routehijacking #routeleaks #ipaddressspoofing #manrs #openwrt #lokibot

└ Tags: , , , , , , , , , ,
 Comment