Cyber Security News for 10Apr2020

Cyberlock
  1. “A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer’s webcam. The attackers then demand $1,900 in bitcoins or the video will be sent to family and friends.” https://www.bleepingcomputer.com/news/security/large-email-extortion-campaign-underway-dont-panic/
  2. “The Tails OS allows to use the Internet anonymously and circumvent censorship by using the Tor Network, it leaves no trace on the computer users are using and uses the state-of-the-art cryptographic tools to encrypt files, emails and instant messaging.” https://securityaffairs.co/wordpress/101356/security/tails-os-4-5-secure-boot.html
  3. “Never send an email when you are emotionally upset. The email could harm you in the future, perhaps even costing you a friendship or a job. Instead, take a moment and calmly organize your thoughts. If you need to vent your frustration, open up a new email (make sure there is no name or email address in the To section) and type exactly what you feel like saying. Then get up and walk away from your computer” https://www.sans.org/security-awareness-training/resources/email-oops-and-how-avoid-them
  4. “On Thursday, the vulnerability disclosure platform said the investment round was led by Rally Ventures and will help the company accelerate its growth, of which there has been a 100% increase in bookings across the US enterprise market.  Total funding is now over $80 million. Previous investors include Paladin Capital Group, Blackbird Ventures, Industry Ventures, and Hostplus. ” https://www.blackhatethicalhacking.com/news/bugcrowd-vulnerability-bounty-platform-snags-30-million-in-fresh-funding-round/
  5. Time to change your zoom password, “Thousands of compromised Zoom credentials were discovered in underground forums as cybercriminals look to tap into the burgeoning remote workforce.” https://threatpost.com/compromised-zoom-credentials-underground-forums/154616/
  6. “DoppelPaymer hackers leaked online internal confidential documents belonging to some of the largest aerospace companies in the world.” https://securityaffairs.co/wordpress/101371/cyber-crime/doppelpaymer-aerospace-data-leak.html
  7. “Where do malware payloads come from? It’s a question with an apparently trivial answer. Usually these sit on dedicated servers owned by the campaign managers, and occasionally on a legitimate website that has been broken into and commandeered. But, as we were recently reminded, there is a third option: keeping payloads at accounts on cloud services such as Dropbox and Google Drive.” https://research.checkpoint.com/2020/threat-actors-migrating-to-the-cloud/
  8. “Cryptocurrency exchange Bisq stopped trading activities due to a cyberattack, crooks have stolen $250,000 worth of virtual currency from the company.” https://securityaffairs.co/wordpress/101377/cyber-crime/bitcoin-exchange-bisq-hack.html
  9. “VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service (vmdir) for authentication.”  https://securityaffairs.co/wordpress/101388/security/cve-2020-3952-vmware-vcenter-server.html
  10. “A 19-year old man from Breda, Netherlands, was arrested today for allegedly carrying out distributed denial-of-service (DDoS) attacks that caused two Dutch government websites to shut down for several hours on March 19, 2020.” https://www.bleepingcomputer.com/news/security/dutch-police-arrests-suspect-behind-ddos-attacks-on-government-sites/
  11. “The sandbox was developed by Ronen Tzur and released on June 26, 2004, he sold the solution to Invincea in 2013. In 2017, Sophos acquired Invincea and included the sandbox-based isolation program in its product portfolio. Releasing the tool as the open-source, Sophos aims at engaging malware researchers to improve its Sandboxie with knowledge of the community.” https://securityaffairs.co/wordpress/101397/malware/sandboxie-sandbox-open-source.html
  12. “San Francisco International Airport (SFO) disclosed a data breach after two of its websites, SFOConnect.com and SFOConstruction.com, were hacked during March 2020.” https://www.bleepingcomputer.com/news/security/san-francisco-intl-airport-discloses-data-breach-after-hack/
  13. “Two financial traders accused of using nonpublic information to enrich themselves have settled with the U.S. Securities and Exchange Commission more than a year after the allegations were made public.” https://www.cyberscoop.com/sec-hack-settled-edgar/
  14. “A Pakistani cybersecurity company has discovered a data dump of 115 million Pakistani mobile users’ data, which have been put up for sale on the dark web on Friday.” https://www.brecorder.com/2020/04/10/588270/personal-data-of-115mn-pakistani-mobile-users-go-on-sale-on-dark-web/
  15. “Firefox users have recently started to notice that YouTube does not display videos properly when they enable the browser’s anti-fingerprinting technology for better privacy.” https://www.bleepingcomputer.com/news/google/youtube-borked-when-users-enable-firefox-anti-fingerprinting/
  16. “Credit-card-stealing criminals have set their sights on the WordPress plugin known as WooCommerce, an e-tailer platform, with a JavaScript-based card-skimming malware.” https://threatpost.com/woocommerce-card-skimmer-malware/154699/
  17. “Apple and Google are teaming up to launch technology that traces the spread of the coronavirus, via apps for iOS and Android users. Despite the companies’ insistence that privacy will be “of utmost importance,” some in the security space remain wary of data privacy concerns around the newly announced technology.” https://threatpost.com/apple-google-coronavirus-tracking-privacy-fears/154689/

#security #cybersecurity #itsecurity #privacy #extortion #tails #bugcrowd #zoom #doppelpaymer #bisq #cryptocurrency #vmware #vcenter #sandboxie #pakistan #firefox #woocommerce