Cyber Security News for 17Apr2020

  1. “Akamai security researcher Larry Cashdollar set up the Docker image to see what kind of notice it might attract from the wider web’s cadre of cyberattackers. He implemented SSH protocol for encryption and implemented a “guessable” root password. Since it was running a standard cloud container configuration, it wouldn’t stand out on the web as an obvious honeypot, he explained, in a blog on Wednesday. Instead, it would simply look like a vulnerable cloud instance.”
  2. “A mysterious set of hackers has in recent months launched data-stealing attacks against Azerbaijan government officials and companies in the country’s wind industry, researchers from Cisco Talos said Thursday.  The attackers are using a new hacking tool, whose code is littered with references to English playwright William Shakespeare, to try to gain remote access to target computers and exfiltrate data automatically.”
  3. “It began with a “Google” security email. But the trail of breadcrumbs traced back to something much, much bigger: a laser-targeted hacking campaign that put its targets’ lives in danger.”
  4. “Syrian hackers are behind a long-running campaign that has been active since January 2018 and that targets Arabic-speaking Android users. The campaign aimed at users in Syria and surrounding regions was spotted by experts from mobile security firm Lookout, threat actors employed tens of Android apps, none of which is available in the official Google Play Store.
  5. “As to current events, the inclusion of pandemic phenomena among major global threats is a normal (and not new) practice for intelligence analysts. Watchful intelligence operators have been long communicating – in strategic documents – the possible outbreak of a pandemic. The outbreak and its consequences were predictable and to some extent they were predicted, at least as a non-specific threat. There is not always a follow-up to strategic communications, as priority is usually given to tactical communications. Regardless of the content. Tactical measures involve less exposure than strategic ones: Decision-makers are reluctant to rely on long-term plans and forecasts.”
  6. “Google has removed 49 malicious Chrome browser extensions from its Web Store that contained codes used for hijacking cryptocurrency and stealing sensitive information.  Cybersecurity researchers at MyCrypto and PhishFort discovered a range of malicious Chrome extensions targeting brands and cryptocurrency users. Google removed the malicious extensions within 24 hours.”
  7. “GitHub users beware: online criminals have launched a phishing campaign to try and gain access to your accounts. The Microsoft-owned source code collaboration and version control service reported the campaign, which it calls Sawfish, on Tuesday 14 April. Users were reporting emails that tried to lure them into entering their GitHub credentials on fake sites for a week before, it said.”
  8. “Every day, Gmail blocks more than 100 million phishing emails. During the last week, we saw 18 million daily malware and phishing emails related to COVID-19. This is in addition to more than 240 million COVID-related daily spam messages.” wrote Gmail Security PM Neil Kumaran and G Suite & GCP Lead Security PM Sam Lugani. “Our ML models have evolved to understand and filter these threats, and we continue to block more than 99.9% of spam, phishing, and malware from reaching our users.”
  9. “The United States Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution (RCE) vulnerability in Pulse Secure VPN servers—even if they have already patched it. The warning comes three months after another CISA alert urging users and administrators to patch Pulse Secure VPN environments to thwart attacks exploiting the vulnerability.”
  10. “Cloud services have become increasingly important to many companies’ daily operations, and the rapid adoption of web apps has allowed businesses to continue operating with limited productivity hiccups, even as global coronavirus restrictions have forced much of the world to work from home. But at the same time, even major corporations have fallen prey to hackers. How can you maintain the integrity of your IT resources and data while still taking advantage of the benefits of software as a service (SaaS)?”
  11. “An internal government letter revealed that Zoom-bombers had disrupted a meeting held by the U.S. House Oversight Committee. In a letter sent to Representative Carolyn B. Maloney (D-N.Y.), chairwoman of the House of Representatives’ Committee on Oversight and Reform, ranking member Jim Jordan (R-Ohio) revealed that the incident took place at the beginning of April”
  12. Designing The Adversary Simulation Lab
  13. “Hackers have updated the age-old Excel malware attack technique with a new passwordless twist. Researchers have identified a new method that no longer requires victims to enter a password to open a danger document, more readily exposing them to potential malware infection.”
  14. “Ursnif is one of the most and widespread threats, it is delivered through malspam campaigns aimed at multiple industries across Italy and Europe.  Recently, we have identified a new variant that is targeting Italian organizations. The malspam messages use attachments with subjects like “Avviso di Pagamento_xxxx_date” where xxxx is a number and date is a date reported in the format “dd-mm-yyyy” (i.e. “Avviso di Pagamento_14326_15_04_2020”). We spotted some major changes in the techniques employed in the Ursnif/ISFB droppers used in the campaign. Operators behind the campaign have adopted new techniques to avoid detection and propose important changes in the Ursnif infection chain.”
  15. “A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition.”
  16. “Microsoft says that its Digital Crimes Unit (DCU) discovered and helped take down a botnet of 400,000 compromised devices controlled with the help of an LED light control console. The botnet was used by the threat actors who controlled it for a wide variety of purposes ranging from phishing campaigns, malware distribution, ransomware payloads delivery, and launching distributed denial-of-service (DDoS) attacks.”
  17. “A leading accounting firm in Canada forced a company-wide shutdown of their systems after getting hit with a cyberattack last weekend, BleepingComputer has learned.  Canadian accounting firm MNP’s systems were impacted last weekend in what BleepingComputer was told was a ransomware attack.”
  18. Critical bug in Google Chrome – get your update now
  19. “Nearly three years after one of the largest data breaches in history, state attorneys general still are making Equifax pay. Massachusetts Attorney General Maura Healy announced Friday the credit processing company has agreed to pay $18.2 million and update its cybersecurity protocols. The settlement will end claims filed in connection with the company’s failure to stop a 2017 data breach that affected roughly 145 million Americans, including roughly 3 million Massachusetts residents.” 
  20. “Based on Office 365 ATP data, Trickbot is the most prolific malware operation using COVID-19 themed lures,”

#security #cybersecurity #itsecurity #privacy #docker #azerbaijan #google #syria #android #arabic #chrome #sawfish #github #cisa #pulsevpn #passwordless #ursnif #microsoft #DCU #botnet #ransomware #equifax #trickbot