Cyber Security News for 15May2020

security cybersecurity itsecurity privacy risk compliance evilginx compfun rat turlaapt apt raticate botsight diicot wordpress paloalto
  1. “Elexon, a company that facilitates transactions on the British electricity market, said Thursday that a cyberattack had hit its internal computers, cutting off email access for employees.  The company grappled with the digital attack throughout Thursday, tweeting that it had identified the “root cause” of the incident.” https://www.cyberscoop.com/elexon-cyberattack-uk-electricity-market/
  2. “EvilGinx is a prime example of some of the amazing tools out there that came be used for Phishing. If you haven’t heard of it, EvilGinx was release a few years back and showed us a weak point in 2FA. For most back then, MFA was a sure way to thwart the bad guys and it make the system or user account “impenetrable”.” https://securethelogs.com/2020/05/14/phishing-web-core-windows-net/
  3. Microsoft decided to open up its feed in order to boost awareness about attackers’ changing techniques during the pandemic — especially for those who may not have the expansive visibility the company possesses.” https://www.cyberscoop.com/microsoft-coronavirus-threat-intelligence/
  4. “Much like America’s aging physical infrastructure, the coronavirus crisis has revealed the decrepit state of America’s digital infrastructure.  To fix these urgent problems, local, state, and federal governments could turn to best practices used in the private sector to develop more reliable software.” https://www.rand.org/blog/2020/05/covid-19-highlights-the-shortcomings-of-americas-digital.html
  5. “Microsoft is the latest browser vendor to join the encrypted DNS club by supporting DNS over HTTPS in Windows 10. In Build 19628 and higher, you’ll be able to encrypt your DNS traffic to prevent your geeky flatmate, that hoodie-wearing person in your local coffee shop, and possibly your ISP from snooping on your browsing destinations.” https://nakedsecurity.sophos.com/2020/05/15/microsoft-joins-encrypted-dns-club-with-windows-10-option/
  6. “A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe.” https://thehackernews.com/2020/05/malware-http-codes.html
  7. “An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama’s management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this issue.” https://securityaffairs.co/wordpress/103265/security/palo-alto-networks-pan-os-flaws.html
  8. “Microsoft is in the process of expanding the Office 365 Advanced Threat Protection (ATP) capabilities with attack flow overviews of malware attacks targeting organizations.  This new feature builds upon the Office 365 ATP Campaign Views feature that rolled out in public preview back in December 2019 and it provided security pros with inside info in phishing attacks starting their organizations.” https://www.bleepingcomputer.com/news/security/microsoft-office-365-atp-getting-malware-campaign-analysis/
  9. “In some browsers, like Firefox or Safari, Google search results don’t lead directly to the listed websites. Instead, Google links to itself. When you click on a search result link you’re bounced through another Google URL, which then redirects you to your destination. It does this so it can log which link you’ve clicked on. (If you use Chrome, or Chrome-based browsers like Brave, you aren’t redirected like this, but the same link back to Google tracks you via the rarely-seen ping parameter.)” https://nakedsecurity.sophos.com/2020/05/15/how-scammers-abuse-google-searchs-open-redirect-feature/
  10. “Security researchers from Sophos have identified a hacking group that abused NSIS installers to deploy remote access tools (RATs) and information-stealing malware in attacks targeting industrial companies. Sophos discovered that RATicate’s attacks have been targeting industrial companies from Europe, the Middle East, and the Republic of Korea as part of five separate campaigns between November 2019 and January 2020, although the researchers suspect that they were behind other similar campaigns in the past.” https://www.bleepingcomputer.com/news/security/raticate-drops-info-stealing-malware-and-rats-on-industrial-targets/
  11. “Britain’s Ministry of Defence contractor Interserve has been hacked, intruders have stolen up to 100,000 past and present employees’ details.” https://securityaffairs.co/wordpress/103285/data-breach/interserve-data-breach.html
  12. “Samsung and South Korean telecom giant SK Telecom have debuted the Galaxy A Quantum 5G smartphone, sporting a quantum random number generation (RNG) chipset. It’s the first commercialization of quantum technology for mobile phones, and it will serve as a significant bellwether for full quantum encryption’s chances of going mainstream.” https://threatpost.com/quantum-security-samsung-galaxy/155783/
  13. “Law enforcement in Romania today arrested a group of individuals that were planning ransomware attacks against healthcare institutions in the country. Three were arrested in Romania and a fourth in the Republic of Moldova after executing home search warrants. Ironically, the group operated under the name PentaGuard Hackers Crew.” https://www.bleepingcomputer.com/news/security/wannabe-ransomware-operators-arrested-before-hospital-attacks/
  14. “The hackers intended to pose as government officials and send malicious emails to public health institutions that purported to contain information on the coronavirus, according to the Directorate for Investigating Organized Crime and Terrorism (DIICOT), one of Romania’s top law enforcement agencies. Such ransomware attacks could disrupt the IT systems of hospitals, DIICOT said.” https://www.cyberscoop.com/romania-ransomware-hospitals-coronavirus/
  15. “Attackers can exploit a critical vulnerability in the WP Product Review Lite plugin installed on over 40,000 WordPress sites to inject malicious code and potentially take over vulnerable websites.  WP Product Review Lite helps site owners to quickly create custom review articles using pre-defined templates. The plugin comes with support for including affiliate links, rich snippets, review widgets, as well as for buy buttons for additional monetization streams.” https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-bug-allows-for-automated-takeovers/
  16. “Researchers at website security firm Sucuri have discovered a new WordPress malware used by threat actors to scan for and identify WooCommerce online shops with a lot of customers to be targeted in future Magecart attacks.  WooCommerce is an open-source WordPress plugin with over 5 million active installs and designed to make it easy to run e-commerce sites that can be used to “sell anything, anywhere.”  https://www.bleepingcomputer.com/news/security/wordpress-malware-finds-woocommerce-sites-for-magecart-attacks/
  17. “Multiple vulnerabilities have been discovered in Palo Alto PAN-OS, the most severe of which could allow for session fixation attacks. PAN-OS is an operating system for Palo Alto Network Appliances. An attacker can exploit this issue using maliciously crafted URI. The attacker uses email or other means to distribute the malicious URI and entices an unsuspecting user to follow it hijacking the user session ID. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated remote attacker to gain unauthorized access to the affected application.” https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-palo-alto-pan-os-could-allow-for-session-fixation-attacks_2020-067/

#security #cybersecurity #itsecurity #privacy #risk #compliance #evilginx #compfun #rat #turlaapt #apt #raticate #botsight #diicot #wordpress #paloalto #magecart