Cyber Security News for 20Apr2020

Image from Checkpoint 2018 Security Report
  1. “We had to let go of 13 great people who helped make Tor available to millions of people around the world. We will move forward with a core team of 22 people, and remain dedicated to continuing our work on Tor Browser and the Tor software ecosystem.” https://securityaffairs.co/wordpress/101907/digital-id/tor-project-coronavirus-impact.html
  2. “The first step is making sure you always download mobile apps from a safe, trusted source. Cyber criminals have  mastered their skills at creating and distributing infected mobile apps that appear to be legitimate. If you install one of these infected apps, criminals can take complete control of your mobile device. By downloading apps from only well-known, trusted sources, you reduce the chance of installing an infected app. What you may not realize is the brand of mobile device you use determines your options for downloading apps.” https://www.sans.org/security-awareness-training/ouch-newsletter/2017/securely-using-mobile-apps
  3. “It’s hard not to say that 5G technology brings a lot of benefits. 5G entails faster download speeds, and yes, if you have a 5G-enabled handset, you could hear and appreciate the speed increases for videos, gaming, etc. However, 5G provides added benefits that go way above those for the everyday user.” https://www.tripwire.com/state-of-security/vulnerability-management/5g-technology-benefits-outweigh-security-risks/
  4. “Bad news from cryptocurrency industry, hackers have stolen more than $25 million in cryptocurrency from the Uniswap exchange and the Lendf.me lending platform. According to the experts, the two attacks could be linked, the same hacker might have used an exploit shared on GitHub to hack the two services. The issue exploited by the attacker was described in a post published by OpenZeppelini in April 2019, a proof-of-concept exploit code was released in July 2019″ https://securityaffairs.co/wordpress/101895/cyber-crime/uniswap-lendf-me-hacked.html
  5. “Are you aware of the fact that, on average, 30,000 new websites get hacked daily? Yes, this is true, and the second thing that is going to shock you is that most of these sites are small businesses. It is surprising to know, but it is the truth of today. Therefore if you own a small scale online business, then do not think what, hacker, gain by hacking your website.” https://hackercombat.com/how-to-mend-the-damage-caused-to-the-site-by-a-hacker/
  6. “Scams leveraging coronavirus 2019 (COVID-19) as a lure have stolen tens of millions of dollars from their victims. As of April 16, 2020, the Federal Trade Commission (FTC) had received 20,334 consumer reports of fraud attempts pertaining to the coronavirus since the beginning of the year. Those attacks that proved successful had caused their victims more than $15 million in damages at the time of writing.” https://www.tripwire.com/state-of-security/security-awareness/covid-19-scam-roundup-april-20-2020/
  7. “Researchers have uncovered the biggest connected-TV (CTV) ad fraud operation they’ve ever seen, fueled with fake ad views seen by bogus eyeballs that actually belonged to a bot network they named ICEBUCKET.  Bot-mitigation security firm White Ops said on Thursday that at its peak – January 2020 – the ICEBUCKET bot operation impersonated more than 2 million people in over 30 countries.” https://nakedsecurity.sophos.com/2020/04/20/bot-creates-millions-of-fake-eyeballs-to-rip-off-smart-tv-advertisers/
  8. “A data breach was found in the corona app Covid19 Alert. The app is one of the seven possible corona apps for the Netherlands and was presented this weekend to the Ministry of Health, Welfare and Sport.” https://securityaffairs.co/wordpress/101914/digital-id/coronavirus-contact-tracing-app-data-leak.html
  9. “Are you here because you got an email saying that a hacker has a video of you watching porn? Did they threaten to share it with your friends and family unless you paid a ransom into an anonymous Bitcoin wallet? If you did, you’re not alone – in the last two years almost everyone we speak to has seen one in their inbox. But there seems to have been a surge in interest since much of the western world entered lockdown to contain the coronavirus. The good news – every word is a lie. It’s scam. https://nakedsecurity.sophos.com/2020/04/20/new-sextortion-scam-high-level-of-risk-your-account-has-been-hacked/
  10. “No more excuses, Cloudflare says, when it comes to BGP security, with the introduction of a new tool that can hold ISPs to account for their BGP safety measures.” https://www.blackhatethicalhacking.com/news/cloudflare-debuts-border-gateway-protocol-safety-check-tool/
  11.  “Alexa and similar digital assistants have been under scrutiny by the privacy and security community, and many security and privacy concerns are being aired about Amazon Alexa. Is Alexa safe to use in a home office? Should we view a seemingly innocent digital assistant as dangerous?” https://resources.infosecinstitute.com/iot-security-tips-for-remote-employees/
  12.  “Those wacky researchers at Ben-Gurion University of the Negev are at it again. The Israeli scientists, best known for dreaming up ways to transmit software from computers that aren’t networked, have figured out a way to do it using the vibrations in computer fans.” https://nakedsecurity.sophos.com/2020/04/20/fan-vibrations-can-be-used-transmit-data-from-air-gapped-machines/
  13. “If you’ve received an email, letter or call telling you that a larger than usual sum of money is headed your way, but before it can be delivered to your bank, you are required to get a clearance certificate, you are being set up for a scam.” https://www.outliercanada.com/aml-clearance-certificates-are-a-scam/
  14. “North Korea (aka DPRK, The Democratic People’s Republic of Korea) is an escalating cyber threat to the international community, network defenders and the public, a recent advisory issued by the U.S. Departments of State, Treasury and Homeland Security through the Cybersecurity Infrastructure Security Agency, warned.” https://www.msspalert.com/cybersecurity-markets/asia-pacific/dhs-cisa-warn-of-north-korea-cyber-threat/
  15. “Beaumont Health, a network of eight hospitals through the Detroit area, said in a letter Friday that “an unauthorized third party” accessed names, birth dates, Social Security numbers and medical conditions about some 112,000 people. Hackers also accessed bank account data and driver’s license numbers about some of those affected” https://www.cyberscoop.com/beaumont-health-data-breach/
  16. “The U.S. Federal Bureau of Investigation (FBI) warned today of an increasing number of online extortion scam reports because a lot more people are being targeted due to the “stay-at-home” orders issued during the COVID-19 pandemic.” https://www.bleepingcomputer.com/news/security/fbi-extortion-scammers-more-active-due-to-stay-at-home-orders/
  17. “A proof-of-concept remote code execution (RCE) exploit for the Windows 10 CVE-2020-0796 ‘wormable’ pre-auth remote code execution vulnerability was developed and demoed today by researchers at Ricerca Security.” https://www.bleepingcomputer.com/news/security/windows-10-smbghost-rce-exploit-demoed-by-researchers/
  18. “The past few weeks have seen a large number of new domain registrations beginning with the word “reopen” and ending with U.S. city or state names. The largest number of them were created just hours after President Trump sent a series of all-caps tweets urging citizens to “liberate” themselves from new gun control measures and state leaders who’ve enacted strict social distancing restrictions in the face of the COVID-19 pandemic.” https://krebsonsecurity.com/2020/04/whos-behind-the-reopen-domain-surge/

#security #cybersecurity #itsecurity #privacy #cryptocurrency #crypto #icebucket #extortion #bgp #cloudflare #dprk #smbghost #foxitpdf #phantompdf #rce #windowsrce