Cyber Security News for 16Apr2020

  1. “The Nemty Ransomware is shutting down its public Ransomware-as-a-Service (RaaS) operation and switching to an exclusive private operation where affiliates are hand-selected for their expertise. Nemty has historically been a public RaaS, which is a service where ransomware operators are in charge of developing the ransomware and payment site, and affiliates join to distribute and infect victims.”
  2. “According to Microsoft, the CVE-2020-0935 vulnerability, is a privilege elevation risk that exploits how the OneDrive for Windows desktop app handles symbolic links. If successfully exploited, an attacker could take control of the affected Windows system by overwriting a targeted file and gaining elevated status.”
  3. “Encryption can help protect information stored, received, and sent. Readable information is scrambled through the use of encryption keys, algorithms that can sort through this text and return it to a readable format. Today, the Advanced Encryption Standard (AES) using 128- and 256-bit key lengths, the successor to DES, is in common use worldwide.
  4. “Hacking web applications can sometimes be challenging due to the sheer amount of moving parts they possess. At the core of these apps are HTTP requests and parameters, but these things are often concealed from the user, due to security reasons, convenience, or both. However, a tool called Arjun can be used to discover hidden HTTP parameters in web apps.”
  5. “Tech company Wappalyzer has disclosed a security incident this week after a hacker began emailing its customers and offering to sell Wappalyzer’s database for $2,000.”
  6. “A loophole in a federal student privacy law gives outsiders access to the personal information of K-12 students that is listed in school directories, yearbooks, and other publications, according to a new report. The information—available to data brokers and other private companies—can include student names, birthdates, photos, and home addresses.”
  7. “The Defense Department has lists of ways to prevent cyberattacks, but doesn’t know how well they’re being followed or who’s in charge of putting them into practice, according to a report from the Government Accountability Office. The DoD has three initiatives underway on “cyber hygiene,” or limiting cybersecurity risks, but “these efforts are incomplete or their status is unknown because no one is in charge of reporting on progress,” the GAO said.”
  8. “Smartphone software makers Alphabet’s Google and Apple will have to convince the public that any contact tracing technology to track who has been exposed to the new coronavirus will not lead to a violation of their privacy, Senator Richard Blumenthal said on Wednesday.”
  9. “Individual users must be empowered to follow the guidance provided to them by organizations and respond by taking preventative measures. To that end, organizations need to make sure that employees’ laptops that are connected to the corporate infrastructure are hardened and following foundational security hygiene practices. These include implementing security controls found in hardening standards such as CISISO27001, UAE IA, NIA, and NCA.”
  10. “A Syrian government-backed hacking campaign has begun to distribute coronavirus-themed applications that are actually spyware, according to new research from mobile security firm Lookout.”
  11. “After a lot of deliberation, however, we concluded that the best way to scrutinize the legitimacy of the claims being made was to look at the common challenges and risks faced within cybersecurity, along with the potential that AI and ML have to solve these problems.”
  12. “A study conducted by the UK’s Federation of Small Business in 2016 reveals that social engineering is targeting small businesses to a great extent. The report highlighted that small firms are attacked seven million times every year, costing the UK economy approximately £5.26 billion.”
  13. “Anyone who has had any experience on the offensive side of security has had fun with privilege escalation. There’s something exciting about exploiting a system to the point of getting root-level access. Since I have spent most of my time on the defensive side of the fence, the magic of escalating privileges rested in Exploiting for Privilege Escalation or stealing an administrator’s credentials.”
  14. “The threat is not new, hackers are again attacking clients of Portuguese banking organizations via a specially crafted Android Trojan-Banker from phishing campaigns launched from Brazil. The last occurrence this line was recorded on March 13rd, 2020, where a similar Trojan-Banker was disseminated targeting other clients of different banking organizations.”
  15. “While most of these apps appear harmless to a typical user, researchers from Ohio State University, New York University and CISPA Helmholtz Center for Information Security have analyzed the top 150,000 Android apps, uncovering hidden backdoors and suspicious behavior in 12,706.”
  16. “The first published double extortion case involved Allied Universal, a large American security staffing company, in November 2019. When the victims refused to pay a ransom of 300 Bitcoins (approximately US$2.3 million), the attackers, who used the Maze ransomware, threatened to use sensitive information extracted from Allied Universal’s systems as well as stolen email and domain name certificates for a spam campaign impersonating Allied Universal. To prove their point, the attackers published a sample of the stolen files including contracts, medical records, encryption certificates and more. In a later post on a Russian hacking forum, the attackers included a link to what they claimed to be 10% of the stolen information as well as a new ransom demand that was 50% higher.”
  17. “The campaign, which White Ops has named Ice Bucket, is an updated version of the notorious Methbot/3ve scheme, in which scammers sold commercial advertising space in videos and websites that were never viewed by real humans. Methbot scammers earned roughly $29 million between 2014 and 2018, according to the Department of Justice, and also used data center traffic to seem legitimate. While White Ops declined to speculate on how much money the scammers may have earned, citing an ongoing investigation, the effort at one point accounted for an estimated 1.9 billion ad requests the company monitored in January.”
  18. “In the latest research shared with The Hacker News, cybersecurity experts at ReversingLabs revealed over 700 malicious gems — packages written in Ruby programming language — that supply chain attackers were caught recently distributing through the RubyGems repository.”
  19. “Crooks continue to launch Coronavirus-themed attacks, in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. In some cases, users were infected with the Oski information-stealing malware. The alarming trend was reported by BleepingComputer researchers and security firm Bitdefender.”
  20. “The recently uncovered CTV operation — named ICEBUCKET by the researchers at White Ops that discovered it – was bent on tricking advertisers into thinking there were real people watching TV on the other side of the screen, when in reality, they were bots pretending to be real people watching TV. In other words, the sellers of the ad inventory were bot-herders; and, they received money in exchange for running the ads – but the ads didn’t actually reach any human eyeballs.”
  21. “When performing a full antivirus scan using Windows Defender, a recent definition update or Windows update is causing the program to crash in the middle of a scan.”
  22. “Zoom’s efforts to improve the video conferencing platform’s privacy and security will continue next week with the introduction of a user report feature aimed at helping prevent future zoom-bombing attacks. Eric S. Yuan, Zoom’s CEO, announced on April 8 that the company will change its long-term focus on addressing the current security and privacy issues as part of a 90-day security plan.”
  23. “While the COVID19 pandemic was spreading a global scale, specific goods became victims of looting and financial speculation. In my first investigation, I focused my searches on masks to avoid contagion and disinfectant products, because these goods quickly disappeared from the official markets due to the high demand.At the time of the first investigation, most of the offers were related to surgical masks, small vendors attempted to generate revenues exploiting the panic of the population. The landscape was characterized by small vendors offering a limited number of pieces for pricing between 5 and 60 euros per each item, and only in a few cases, I observed sellers that were offering certified masks (FFP3 or FFP2)”
  24. “Proof-of-concept (PoC) exploit code has been posted on GitHub for the vulnerability (CVE-2020-3161), which ranks 9.8 out of 10 on the CVSS scale. Cisco issued patches in a Wednesday advisory for the flaw, which affects various versions of its Cisco IP phones for small- to medium-sized businesses.”
  25. “Soon after Valorant entered closed beta on April 7th, malware samples began to be released that targets users who are trying to play the game or get beta keys.  Most of the malware BleepingComputer has seen being installed are information-stealing trojans that will steal a victim’s browser history, saved logins and passwords in browsers, SSH keys, and FTP accounts.”
  26. “Researchers had used the scraping API to scour PasteBin for cybercriminal activity, as hackers frequently posted stolen personal data and malicious code to the site. PasteBin has a lot of legitimate activity, including posts about software tests and blocks of banal code meant for cryptographic network protocols. The malicious activity makes up a fraction of the content, and is difficult to identify without scraping capabilities because of the construction of the site.”
  27. The incident was confined to MSC’s headquarters in Geneva only and affected the availability of some of MSC’s digital tools and for a few days during the Easter holiday long weekend. MSC agencies remained fully functional and continued serving customers as usual during this time.”
  28. “Nation-state hackers have been running cyber-espionage operations against medical research organizations in the U.S. that are studying the novel coronavirus, according to the FBI.”

#security #cybersecurity #itsecurity #privacy #rubygems #linksys #ransomware #ai #ml #pastebin #windowsdefender #dlink #linksys #cisco #nemty