Cyber Security News for 11May2020

  1. “The 4 Stages to a Successful Vulnerability Management Program”
  2. “One of the more interesting new features of REvil version 2.2 is the use of the Windows Restart Manager to terminate processes and services that can lock files targeted for encryption. If a process has an open file handle for a specific file, then writes to that file by another process (in this case, a ransomware) it will be prevented by the Windows operating system (OS).”
  3. “Microsoft really wants to secure the Internet of Things (IoT), and it’s enlisting citizen hackers’ help to do it. The company has launched a $100,000 bug bounty for people who can break into Azure Sphere, its security system for IoT devices.”
  4. “Clearview AI – the web-scraping, faceprint-amassing biometrics company that’s being sued over collecting biometrics without informed consent – says it’s no longer going to sell access to its program to a) private entities or b) any entity whatsoever that’s located in Illinois.”
  5. “As of today, IANA has allocated out IPv6 address space across the world to the various Regional Internetworking Registries which consist of ARIN, RIPE NCC, APNIC, AFRINIC, LACNIC.”
  6. “We studied the practical benefits of applying deep transfer learning from computer vision to static malware classification. Recall that in the transfer learning scheme, we borrowed knowledge from natural images or objects and applied it to the target domain of static malware detection. The training time of deep neural networks is accelerated while high classification performance is still maintained.” reads the research paper on STAMINA. “In this paper, Intel Labs and the Microsoft Threat Intelligence Team have demonstrated the effectiveness of this approach on a real-world user dataset and have shown that transfer learning from computer vision for malware classification can achieve highly desirable classification performance. For this collaboration, we called this approach STAtic Malware-as-Image Network Analysis (STAMINA)”
  7. “On December 30, 2019, the United States Marshals Service (USMS), Information Technology Division (ITD) received notification from the Department of Justice Security Operations Center (JSOC) of a security breach affecting a public-facing USMS server that houses information pertaining to current and former USMS prisoners. You have been identified as an individual whose personally identifiable information (PII) may have been compromised as a result of this breach.”
  8. “Chatbooks, a Utah-based company that sells albums of digital photos, told customers on May 8 it was victimized on March 26 by attackers who accessed Chatbooks login credentials, including names, email addresses and individually salted and hashed passwords, and, for some customers, phone numbers and Facebook ID data.”
  9. “Researchers discovered two security flaws impacting Oracle’s iPlanet Web Server, tracked as CVE-2020-9315 and CVE-2020-9314, that could cause sensitive data exposure and limited injection attacks.  The flaws have been discovered by experts at Nightwatch Cybersecurity on January 19, 2020, both resides in the web administration console of the enterprise server management system. ”
  10. “The advisory that DHS’s Cybersecurity and Infrastructure Security Agency sent states on Friday is perhaps the federal government’s sternest warning yet against online voting. It comes as officials weigh their options for conducting elections during a pandemic and as digital voting vendors see an opportunity to hawk their products.”
  11. “Researchers identified 300+ COVID-19 themed malware samples that communicated with 20 unique IP addresses and domain indicators of compromise (IOCs). After querying Prisma Cloud for network connections to these 20 suspicious IOCs between March 1 and April 7, 2020, researchers found a total of 453,074 unique network connections across 27 unique cloud environments”
  12. “The threat landscape is littered with various malware families being delivered in a constant wave to enterprises and individuals alike. The majority of these threats have one thing in common: money. Many of these threats generate revenue for financially motivated adversaries by granting access to data stored on end systems that can be monetized in various ways. To maximize profits, some malware authors and/or malware distributors go to extreme lengths to evade detection, specifically to avoid automated analysis environments and malware analysts that may be debugging them. The Astaroth campaigns we are detailing today are a textbook example of these sorts of evasion techniques in practice.”
  13. “Attackers who gain physical access to Windows, Linux, or macOS devices can access and steal data from their hard drives by exploiting 7 vulnerabilities found in Intel’s Thunderbolt hardware interface and collectively known as Thunderspy. Thunderbolt is a hardware interface designed by Intel and Apple in collaboration to help connect external peripherals that need high-speed connections (RAID arrays, network interface, video capture devices, and others) to a computer.”
  14. “Sphinx re-emerged in December but saw a big spike in March via the use of coronavirus themes. Since April, it has been seen attacking U.S. targets with a few changed processes. The main upgrades in the latest version, which harvests user credentials and other personal information from online banking sessions, can be found in the process-injection and bot-configuration aspects if the malware’s operations, according to researchers.”
  15. “Global business services company Pitney Bowes recently stopped an attack from Maze ransomware operators before the encryption routine could be deployed but the actor still managed to steal some data.  This attack comes less than months since the company recovered from another ransomware attack, with Ryuk, which was announced on October 14.”
  16. Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. The company says the hackers never touched its ATMs or customer networks, and that the intrusion only affected its corporate network.”
  17. “Two high severity vulnerabilities found in the Page Builder WordPress plugin installed on more than 1,000,000 sites can let hackers create new admin accounts, plant backdoors, and ultimately take over the compromised websites.  The vulnerabilities are a Cross-Site Request Forgery (CSRF) leading to Reflected Cross-Site Scripting (XSS) attacks and they affect all Page Builder versions up to and including 2.10.15.”
  18. “Maintainers of the vBulletin project recently announced an important patch update but didn’t reveal any information on the underlying security vulnerability, identified as CVE-2020-12720.  Written in PHP programming language, vBulletin is a widely used Internet forum software that powers over 100,000 websites on the Internet, including forums for some Fortune 500 and many other top companies.”
  19. ” In a blog post, Twitter’s head of site integrity, Yoel Roth, and director of public policy strategy, Nick Pickles, said that depending on the severity of the erroneous information, tweets will be accompanied by a link encouraging readers to “Get the facts about COVID-19.” More obvious examples of wrong information will be hidden entirely behind a note saying “Some or all of the content shared in this Tweet conflicts with guidance from public health experts regarding COVID-19.””
  20. “Microsoft has announced today that users can signup to preview their Family Safety parental control app on Android and iOS devices. Family Safety features have always been a part of Windows 10 and Xbox and these tools are finally available on mobile devices, which should allow users to manage their family safety features on the go.”
  21. “On Friday, May 8th, the Office of Court Administration (OCA), the information technology (IT) provider for the appellate courts and state judicial agencies within the Texas Judicial Branch, identified a serious security event in the branch network, which was later determined to be a ransomware attack,”
  22. “Ironically, the database for the defunct hacker forum and data breach marketplace called is being sold on the dark web and exposes the private conversations of hackers who used the site. was a hacker forum and marketplace that primarily focused on discussing, trading, and selling databases stolen during data breaches and combolists that are used in credential stuffing attacks.”

#security #cybersecurity #itsecurity #privacy #risk #compliance #sodinokibi #revil #micosoft #iot #bugbounty #clearviewai #ipv6 #stamina #chatbooks #oracle #iplanet #onlinevoting #dhs #cisa #astaroth #thunderbolt #thunderspy #sphinx #zeus #maze #csrf #xss #vbulletin #oca