Cyber Security News for 13May2020

Malware
Taintedscribe
Copperhedge
Pebbledash
  1. “Messaging attacks (sometimes called Smishing, a play on the word Phishing) are when cyber attackers use SMS, texting or messaging technologies to reach out to you and try to trick you into taking an action you should not take. Perhaps they want to fool you into clicking on a malicious link, or get you to call a phone number so they can get your banking information.” https://www.sans.org/security-awareness-training/resources/messaging-smishing-attacks
  2. “The Cyber Security Body of Knowledge project or CyBOK is a collaborative initiative mobilised in 2017 with an aspiration to “codify the foundational and generally recognized knowledge on Cyber Security.” Version 1.0 of the published output of this consultative exercise was quietly released last year and then more publicly launched in January 2020.” https://www.tripwire.com/state-of-security/security-data-protection/icybok-introduction-cybersecurity-body-knowledge-project/
  3. “Macs do have built-in security settings, but they’re often not used effectively — leaving your data and privacy vulnerable to attacks. Even if you turn on all of Apple’s security features, it’s not enough to keep your Mac 100% secure against the latest malware. Here are a few things you should be doing to secure your Mac and personal information from the most advanced cybersecurity threats in 2020.” https://www.safetydetectives.com/blog/keep-mac-computer-secure/
  4. “On May 12, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) released three Malware Analysis Reports (MARs) on malware variants used by the North Korean government.” https://securityaffairs.co/wordpress/103127/apt/uscybercom-north-korea-malware-samples.html
  5. “In fact, according to the security company that verified its authenticity, Cyble, this is data that a specialised group of internet users will find far more interesting – a database of criminal account holders of the now defunct WeLeakData.com breach data trading forum” https://nakedsecurity.sophos.com/2020/05/13/criminal-forum-trading-stolen-data-suffers-ironic-data-breach/
  6. “Also pretty much all the time, the app – which lets users share their short videos – is being investigated for how it handles children’s data. This time around, it’s the Dutch privacy watchdog’s turn.  On Friday, the Dutch Data Protection Authority (DPA) announced that it’s launched an investigation into how TikTok handles user privacy.”  https://nakedsecurity.sophos.com/2020/05/13/tiktoks-handling-of-child-privacy-gets-another-watchdogs-attention/
  7. “Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers. Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the malware variants are capable of remote reconnaissance and exfiltration of sensitive information from target systems, according to a joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD).” https://thehackernews.com/2020/05/fbi-north-korean-malware.html
  8. “On 23 December 2015, hackers successfully penetrated three Ukrainian power distribution companies. They struck the “Prykarpattyaoblenergo” power distribution center and switched off 30 substations ? seven 110kv substation and 23 35kv substation; hackers also attacked two other power grid companies leaving more than 230,000 residents in the dark for one to six hours.  In this article, you will read a comprehensible summary of the steps and stages of the attack and how the attackers used the BlackEnergy malware to carry out the “December 2015 Ukraine power grid cyberattack”.” https://www.threathunting.se/2020/05/13/black-out-in-ukraine-blackenergy-in-power-grid-cyberattack/
  9. “A Progressive Web App (PWA) represents a special kind of a web page that looks, feels, and functions as a native mobile application. PWAs are accessible via a browser, and they are stored mainly on the company’s servers instead of the user’s phone. Since all users run the same version of the page’s code, no updating on the client’s side is necessary.” https://hackercombat.com/the-rise-of-progressive-web-apps/
  10. “Acknowledging this surge in attacks, it’s no wonder that 94% of survey respondents said that they’re more concerned about their organization’s digital security now than they were before COVID-19.” https://www.tripwire.com/state-of-security/security-data-protection/survey-nearly-two-thirds-orgs-experienced-covid-19-related-attacks/
  11. “Kwampirs, has been observed using supply chain compromise during this time of crisis. Kwampirs has been taken so seriously by the FBI that they have issued multiple alerts warning impacted industries of its risk. This article will detail Kwampirs and explore what it is, how it works and how to prevent Kwampirs from impacting your organization.” https://resources.infosecinstitute.com/kwampirs-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/
  12. “A cybersecurity researcher at ESET today published an analysis of a new piece of malware, a sample of which they spotted on the Virustotal malware scanning engine and believe the hacker behind it is likely interested in some high-value computers protected behind air?gapped networks.  Dubbed ‘Ramsay,’ the malware is still under development with two more variants (v2.a and v2.b) spotted in the wild and doesn’t yet appear to be a complex attacking framework based upon the details researcher shared.” https://thehackernews.com/2020/05/airgap-network-malware.html
  13. German Chancellor Angela Merkel revealed that she is the target of an “outrageous” cyber espionage campaign carried out by Russia. https://securityaffairs.co/wordpress/103172/intelligence/russian-hackers-targeted-merkel.html
  14. “Microsoft has discovered a new COVID-19 themed phishing campaign using economic concerns to target businesses with the LokiBot information-stealing Trojan.  In tweets published today by Microsoft Security Intelligence and shared prior with BleepingComputer, Microsoft explains that a recent phishing campaign was detected using COVID-19 lures to spread the LokiBot information-stealing Trojan.” https://www.bleepingcomputer.com/news/security/microsoft-warns-of-covid-19-phishing-spreading-info-stealing-malware/
  15. “Microsoft announced that initial support for DNS over HTTPS (DoH) is now available in Windows 10 Insider Preview Build 19628 for Windows Insiders in the Fast ring.  The DoH protocol addition in a future Windows 10 release was advertised by Redmond in November 2018, with the inclusion of DNS over TLS (DoT) to also stay on the table.” https://www.bleepingcomputer.com/news/microsoft/windows-10-gets-dns-over-https-support-how-to-test/
  16. “A COVID-19 contact-tracing app to be rolled out by the UK’s National Health Service (NHS) has been thrust into the spotlight thanks to sensitive documents being leaked via a public Google Drive link. Contact tracing has emerged as a top idea for dealing with the coronavirus pandemic and is considered by many to be an important step towards reopening economies worldwide. However, with several initiatives underway to use mobile phone apps to carry it out, privacy concerns have come to the forefront.” https://threatpost.com/leaked-nhs-docs-roadmap-concerns-contact-tracing-app/155719/
  17. “In a tweet Wednesday, Zerodium said it will stop accepting Apple iOS bugs that lead to “local privilege escalation,” which attackers use to dig deeper into an infected device, remote code execution bugs in the the company’s Safari web browser, or “sandbox escape” tools, which enable attackers to move from an app to other areas of a device.”  https://www.cyberscoop.com/ios-zero-day-zerodium-high-supply/
  18. “Microsoft has stated that future versions of Windows 10, starting with the May 2020 Update, will no longer be available as 32-bit builds on new OEM computers. An update to the Windows 10 Minimum hardware requirements document, Microsoft states that starting with Windows 10 2004, new OEM computers will be required to use 64-bit builds of the operating system.” https://www.bleepingcomputer.com/news/microsoft/rip-microsoft-to-drop-support-for-windows-10-on-32-bit-systems/
  19. “A critical bug found in Google’s official WordPress plugin with 300,000 active installations could allow attackers to gain owner access to targeted sites’ Google Search Console.  Site Kit is a WordPress plugin designed by Google to help site owners to gain insight on how their visitors use and find their website via official stats collected from multiple Google tools and displayed directly in the WordPress dashboard.” https://www.bleepingcomputer.com/news/security/google-wordpress-plugin-bug-can-be-exploited-for-black-hat-seo/

#security #cybersecurity #itsecurity #privacy #risk #compliance #smishing #cybok #copperhedge #taintedscribe #pebbledash #blackenergy #kwampirs #hiddencobra #ramsay #doh #dot #sitekit #google #seo