Cyber Security News for 12May2020

/ Compliance, cyber security, cybersecurity, Privacy, Risk Management, Security / By
  1. “Microsoft is working on expanding the capability to revoke encrypted email messages sent using the Office 365 Message Encryption (OME) service to regular users as part of a larger effort to prevent data leaks and enterprise data theft. OME is built on Microsoft Azure Rights Management (Azure RMS) and it combines rights management with email encryption capabilities.” https://www.bleepingcomputer.com/news/microsoft/office-365-to-let-regular-users-revoke-encrypted-messages/
  2. “Unit 42 has observed activity over the last 4 months involving the BackConfig malware used by the Hangover threat group (aka Neon, Viceroy Tiger, MONSOON). Targets of the spear-phishing attacks, using local and topical lures, included government and military organizations in South Asia.  The BackConfig custom trojan has a flexible plug-in architecture for components offering various features, including the ability to gather system and keylog information and to upload and execute additional payloads.” https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/
  3. “Multiple vulnerabilities have been discovered in VMware’s vRealize Operations Manager (vROP), the most severe of which could allow for arbitrary code execution. These vulnerabilities are due to SaltStack being a component of vROP since version 7.5. Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution. ” https://www.cisecurity.org/advisory/ms-isac-cybersecurity-advisory-multiple-vulnerabilities-in-vmware-vrop-could-allow-for-arbitrary-code-execution-tlp-white_2020-064/
  4. “Iranian officials announced on sunday that hackers damaged a small number of systems at the port of Shahid Rajaei in the city of Bandar Abbas.  Bandar Abbas is the capital of Hormozg?n Province on the southern coast of Iran, on the Persian Gulf. The city occupies a strategic position on the narrow Strait of Hormuz, and it is the location of the main base of the Iranian Navy. Bandar Abbas is also the capital and largest city of Bandar Abbas County.” https://securityaffairs.co/wordpress/103088/cyber-warfare-2/iran-strait-hormuz-port-cyberattack.html
  5. “More than 4,000 Android apps that use Google’s cloud-hosted Firebase databases are ‘unknowingly’ leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store.” https://thehackernews.com/2020/05/android-firebase-database-security.html
  6. “Data protection has always been important for the people, but the main distinction between the past and today’s data is that today’s data are digital and significantly more in volume.”  https://www.blackhatethicalhacking.com/articles/free-access/data-privacy-data-protection-historically-important-interconnected-but-one-doesnt-ensure-the-other-at-defending-your-data/
  7. “A security researcher collected in a span of a few weeks over 1,000 domains infected with payment card skimmers, showing that the MageCart continues to be a prevalent threat that preys on insecure webshops.  MageCart was first spotted over a decade ago by cybersecurity company RiskIQ but attacks have grown rampant over the past two years when big-name companies were hit – British AirwaysTicketmasterOXONewegg.” https://www.bleepingcomputer.com/news/security/researcher-finds-1-236-websites-infected-with-credit-card-stealers/
  8. “The circulating information, contained in several documents known as malware analysis reports (MARs), details activity from Hidden Cobra hackers, an advanced persistent threat group that the U.S. government has previously linked with the North Korean government.” https://www.cyberscoop.com/north-korea-hacking-hidden-cobra-dhs-fbi/
  9. “The Anubis malware, which threat actors use to persistently attack Google’s Android-based smartphones, is set to evolve once again, this time adding a feature that allows the malware to identify if a victim is looking at his or her screen.” https://threatpost.com/anubis-malware-upgrade-victims-screens/155644/
  10. “Whether it’s the General Data Protection Regulation (GDPR) or the New York Stop Hacks and Improve Electronic Data Security Act (NY SHIELD), nearly every regulation or industry standard that touches the IT department incorporates “security by design” or “privacy by design.” Meanwhile, organizations increasingly recognize that compliance is not equal to security or privacy. With that in mind, organizations should think about taking a “security first” approach to managing unauthorized access to sensitive data. This is a way to flip the model to “compliance by design.”” https://resources.infosecinstitute.com/security-first-compliance-by-design/
  11. “Patch Tuesday updates are now rolling out to all supported versions of Windows 10. Like every Patch Tuesday release, the cumulative update comes with security fixes and is rolling out to PCs with November 2019 Update, May 2019 Update and October 2018 Update.  In the latest cumulative update for Windows 10 version 1909, 1903, and version 1809, there are only security enhancements for Internet Explorer, Edge browser, Xbox app, core components and other basic functions.” https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4556799-and-kb4551853-released/
  12. “Today is Microsoft’s May 2020 Patch Tuesday, and as many system administrators are working remotely, so please be patient as they may not be able to respond quickly.  With the release of the May 2020 Patch Tuesday security updates, Microsoft has released fixes for 111 vulnerabilities in Microsoft products. Of these vulnerabilities, 13 are classified as Critical, 91 as Important, 3 as Moderate, and 4 as Low.” https://www.bleepingcomputer.com/news/microsoft/may-2020-patch-tuesday-microsoft-fixes-111-vulnerabilities-13-critical/
  13. “US Government cybersecurity agencies and specialists today have released a list of the top 10 routinely exploited security vulnerabilities between 2016 and 2019.  Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader US Government issued the AA20-133A alert through the National Cyber Awareness System to make it easier for organizations from the public and private sector to prioritize patching in their environments.” https://www.bleepingcomputer.com/news/security/us-govt-shares-list-of-most-exploited-vulnerabilities-since-2016/
  14. “The Windows Developer Team today detailed the new Windows 10 SDK additions developers should be aware of with the impending release of Windows 10, version 2004 (20H1), now known as Windows 10 May 2020 Update. “The Windows 10 SDK for Windows 10, version 2004 is now available with a go-live license,” as Microsoft said in a blog post published today.” https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-is-almost-here-what-developers-need-to-know/
  15. “Fortune 500 company Magellan Health Inc announced today that it was the victim of a ransomware attack on April 11, 2020, which led to the theft of personal information from one of its corporate servers.” https://www.bleepingcomputer.com/news/security/healthcare-giant-magellan-health-hit-by-ransomware-attack/

#security #cybersecurity #itsecurity #privacy #risk #compliance #ome #microsoft #spearphishing #backconfig #trojan #hangover #magecart #vrop #hiddencobra #anubis #windows10 #patchtuesday #magellanhealth