Cyber Security News for 1May2020

  1. “Hackers claim to have gained access to the network of Banco BCR, the state-owned Bank of Costa Rica, and stolen 11 million credit card credentials along with other data. This attack was allegedly conducted by the operators of the Maze Ransomware, who have been behind numerous cyberattacks against high-profile victims such as IT services giant Cognizant, cyber insurer Chubb, and drug testing facility Hammersmith Medicines Research LTD.” https://www.bleepingcomputer.com/news/security/hackers-say-they-stole-millions-of-credit-cards-from-banco-bcr/
  2. “The developers behind the Ninja Forms WordPress plugin have addressed a Cross-Site Request Forgery (CSRF) vulnerability that could lead to Stored Cross-Site Scripting (Stored XSS) attacks. Ninja Forms is a drag and drop form builder plugin for WordPress builder that allows users to easily create complex forms within just a few minutes.” https://securityaffairs.co/wordpress/102568/breaking-news/ninja-forms-wordpress-plugin-csrf.html
  3. “Europol published a report that highlights how criminals organizations are adapting their operations attempting to take advantage of the COVID-19 pandemic. The trend is similar to the one observed during previous financial crises, but the speed of the criminal phenomena is higher. Immediately after the pandemic started criminal organizations attempted to monetize their efforts with Coronavirus-themed attacks and by selling COVID-19 products in the underground markets.” https://securityaffairs.co/wordpress/102574/cyber-crime/europol-criminal-operations-covid-19.html
  4. “Developers use a number of ways to breed extensions like a bunch of spam bunnies in Google’s Chrome Web Store, which is the biggest extension catalog online. For example, sometimes they stuff the store with multiple extensions that do the same thing. Like, say, wallpaper extensions that have different metadata but provide the exact same wallpaper when installed.” https://nakedsecurity.sophos.com/2020/05/01/google-fights-spammy-extensions-with-new-chrome-web-store-policy/
  5. Barracuda Networks explained that malicious actors are starting to outfit their phishing attempts with reCaptcha walls so that they can shield their landing pages from automated URL analysis tools as well as add a sense of legitimacy to their operations.  Some of these efforts have consisted of deploying a fake checkbox and form. Yet the security firm revealed that it’s increasingly seeing fewer fake reCaptcha boxes as attackers continue to embrace the actual API. Indeed, it spotted just one fake box compared to 100,000 phishing emails using the real deal.” https://www.tripwire.com/state-of-security/security-data-protection/phishers-increasingly-incorporating-recaptcha-api-into-campaigns/
  6. “Threat actors are using people’s interest in the Department of Labor’s Family and Medical Leave Act (FMLA) to spread what appears to be the TrickBot trojan in a new spam campaign that security researchers discovered recently.  Recent analysis from spam honeypots set by IBM X-Force discovered actors targeting email recipients with fake messages that claim to be from the department to inform people of changes to the FMLA, which gives employees the right to family-leave medical benefits, according to a post by IBM security analyst Ashkan Via. Instead, the emails include malicious attachments aimed at installing what researchers believe is the TrickBot malware, they said.” https://threatpost.com/trickbot-attack-covid-19docusign-themed-malw/155391/
  7. “A federal judge in New York has agreed to postpone the trial of a former U.S. government official accused of abusing his position at the Securities and Exchange Commission to access information about his new employer.  U.S. prosecutors last year charged Michael Cohn, a former examiner for the SEC, with unauthorized access of a computer and obstruction of justice. During negotiations for a job at a private equity firm, GPB Holdings, Cohn told the company he possessed inside information about an SEC investigation into their behavior, according to an indictment. The exact technical nature of the alleged crime is not clear, based on the indictment.” https://www.cyberscoop.com/sec-computer-hacking-trial-delayed/
  8. “French daily newspaper Le Figaro exposed roughly 7.4 billion records containing personally identifiable information (PII) of reporters and employees, as well as of at least 42,000 users.  The data was exposed by an unsecured database owned by Le Figaro and containing over 8TB of data which was publicly accessible because of a misconfigured Elasticsearch server.” https://www.bleepingcomputer.com/news/security/french-daily-le-figaro-database-exposes-users-personal-info/
  9. “A highly convincing phishing campaign is using cloned imagery from automated Microsoft Teams notifications in attacks that attempt to harvest Office 365 credentials.  The Microsoft Teams cloud collaboration platform has experienced a huge usage spike since the start of the COVID-19 pandemic, with Microsoft announcing on March 30 that the platform has reached 75 million daily active users (DAUs), with a 70% increase since March 19 when it reported 44 million DAUs.”  https://www.bleepingcomputer.com/news/security/convincing-office-365-phishing-uses-fake-microsoft-teams-alerts/
  10. “President Donald Trump on Friday issued an executive order barring federal agencies and companies under U.S. jurisdiction from installing foreign-owned equipment in the electric sector that might pose “an unacceptable risk to national security.”  The sweeping directive authorizes Trump’s energy secretary, Dan Brouillette, to work with U.S. national security agencies and the energy industry to vet equipment before it gets installed, and to identify vulnerable gear already in place. It is the latest move by the administration to clamp down on foreign-sourced software and hardware, following an order last year covering U.S. companies’ procurement of telecommunications gear.” https://www.cyberscoop.com/executive-order-bulk-power-system-hacking-threats/
  11. “A new phishing campaign is distributing a double-punch of a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware.  By using this malware combo, the attackers first steal saved user names and passwords stored in a variety of applications and then deploy the Jigsaw Ransomware to try and get a small ransom to sweeten the attack.” https://www.bleepingcomputer.com/news/security/new-phishing-campaign-packs-an-info-stealer-ransomware-punch/
  12. “Oracle WebLogic Server is a Java EE application server with tens of thousands of servers running online.The CVE-2020-2883 flaw was reported to Oracle through the Zero Day Initiative, it is a remote code execution issue that could be exploited by attackers by sending a malicious payload to a WebLogic server, via its proprietary T3 protocol. The bug could be exploited by an unauthenticated attacker and doesn’t require victims’ interaction.” https://securityaffairs.co/wordpress/102610/hacking/oracle-weblogic-attacks.html
  13. “The US Federal Communications Commission (FCC) today issued an order saying that it will no longer warn robocallers before fining them for harassing consumers and violating the law. Today’s order also extends the timeframe within which the FCC can penalize robocallers for Telephone Consumer Protection Act (TCPA) and spoofing calls violations, and increases the penalties for intentional unlawful robocalls.” https://www.bleepingcomputer.com/news/security/fcc-no-more-warnings-for-robocallers-before-fines/

#security #cybersecurity #itsecurity #privacy #bancobcr #maze #ransomware #wordpress #csrf #lokibot #recaptcha #trickbot #o365

Medium: https://medium.com/@shahidsharif/cyber-security-news-for-1may2020-359050a28b66?sk=7df8b6004914c8b0aafb85104cac8577

LinkedIn: https://www.linkedin.com/pulse/cyber-security-news-1may2020-shahid-sharif