Cyber Security News for 20May2020

#security #cybersecurity #itsecurity #privacy #risk #compliance #scada #ics #xforce #wolfrat #dendroid #nitropropdf #sanix #cyberkillchain #verizonDBIR #microsoft #zeroday #o365 #google #chrome #homechef #iran #israel #NXNSAttack #scatteredcanary #japan #mitsubishi #milkmanvictory #snake #ransomware
Image by
  1. “IBM X-Force found that digital attacks targeting industrial control systems (ICSes) and operational technology increased by over 2000%. Many of those attacks involved a combination of exploiting known vulnerabilities in supervisory control and data acquisition (SCADA) and ICS hardware components along with password spraying attacks leveraging brute force login techniques.”
  2. “Cisco Talos has discovered a new Android malware based on a leak of the DenDroid malware family. We named this malware “WolfRAT” due to strong links between this malware (and the command and control (C2) infrastructure) and Wolf Research, an infamous organization that developed interception and espionage-based malware and was publicly described by CSIS during Virus Bulletin 2018. We identified infrastructure overlaps and string references to previous Wolf Research work. The organization appears to be shut down, but the threat actors are still very active.”
  3. “The Security Service of Ukraine has identified and detained a hacker known as Sanix. Early last year, it caught the attention of global cybersecurity experts by posting on one of the forums the sale of a database with 773 million e-mail addresses and 21 million unique passwords.”
  4. “An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.”
  5. “To understand and repel cyber-attacks, security breaches, and advanced persistent attacks (APTs), Lockheed Martin introduced a new “Cyber Kill Chain” framework or model in 2011. Derived from a military model, the cyber kill chain is a 7-step model that exhibits the stages of a cyber-attack from early reconnaissance to the final data exfiltration.”
  6. “Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown targeted websites.  Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker’s choice, potentially causing a botnet-scale disruption to online services.”
  7. “The FBI said on Monday that it figured out how to unlock the iPhones of the shooter who killed three young US Navy students and injured eight at a Pensacola, Florida naval base in December 2019.  No thanks to you, Apple, Attorney General William P. Barr said”
  8. “The 13th edition of the annual Verizon Data Breach Investigations Report is out.  This year, the report analyzes 32,000 incidents, out of which 3,950 were confirmed data breaches. What’s new in this edition is that the findings are broken down into 16 industry verticals and aligned with the MITRE ATT&CK framework and CIS Controls.”
  9. “Four vulnerabilities are classified as high-risk severity, three of them are zero-day vulnerabilities tracked as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915. The flaws could allow an attacker to escalate privileges on the affected system, they received a CVSS score of 7.0.”
  10. “Now Microsoft has suffered its own smaller version of the same phenomenon on the Office 365 platform (or Microsoft 365 as its business versions are now called).  The Register reported that an admin was told that their company’s internal search results had been made visible when queries were run by users from another company. The glitch was temporary, and any files displayed were not accessible.”
  11. “The regulations described earlier have, in most cases, evolved overtime as a reaction to certain cybersecurity threats. However, cybersecurity threats are constantly changing at pace that even regulations struggle to match. Here are five critical security concerns that should be on any financial security leader’s radar. Understanding and mitigating these threats will help prevent breaches, fraud and noncompliance.”
  12. “Google released Chrome 83 yesterday, and with it came numerous features such as a new Incognito cookie control, a Security check feature, new Security settings page, the Tabs Group feature, a new extensions menu, and redesigned cookie controls.  The problem, though, is that many of these features in this massive update have not been enabled yet by Google and will be slowly rolled out over time.  If you are like me and want to play with all the new goodies, the good news is that you can use some Chrome flags to enable these features now.”
  13. “Home Chef, a US-based meal kit and food delivery service, announced a data breach today after a hacker sold 8 million user records on a dark web marketplace.  Last week, BleepingComputer reported that a hacking group actor named Shiny Hunters was selling the user records for eleven companies on a dark web marketplace. The threat actor was selling these databases for $500 to $2,500. The user records for Home Chef was one of the databases being sold and allegedly contained 8 million user records.”
  14. “This was a very unordinary cyberattack against civilian water facilities which is against every ethic and every code even in times of war,” a senior Israeli official told Channel 13. “We didn’t expect this even from the Iranians. It is just not done.”Iran reported three cyberattacks within one week back in December. At least one of the attacks was allegedly “state-sponsored.”
  15. “Microsoft has released a security advisory to mitigate the NXNSAttack vulnerability in DNS servers that could be used to amplify a single DNS request into a DDoS attack against authoritative DNS servers. ”
  16. “We’re tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments”
  17. “Malware analysts received unrestricted access to the components of GhostDNS exploit kit after the malware package essentially fell into their lap.  GhostDNS is a router exploit kit that uses cross-site request forgery (CSRF) requests to change the DNS settings and send users to phishing pages to steal their login credentials, for various online services (banking, news, video streaming).”
  18. “An infamous business email compromise (BEC) gang has submitted hundreds of fraudulent claims with state-level U.S. unemployment websites and coronavirus relief funds. Researchers who tracked the fraudulent activity said cybercriminals may have made millions so far from the fraudulent activity. Behind the attacks is Scattered Canary, a highly-organized Nigerian cybergang that employs dozens of threat actors to target U.S. enterprise organizations and government institutions.”
  19. “Adobe has released an out-of-band security update for Adobe Character Animator that fixes a critical remote code execution vulnerability. Security updates for information disclosure vulnerabilities in Adobe Premiere Pro, Adobe Audition, and Adobe Premiere Rush were also released.”
  20. “Japan is investigating a possible breach of sensitive defense contracting data following a cyberattack last year on electronics giant Mitsubishi Electric, officials said Wednesday.  Data likely stolen in the hack, which Mitsubishi disclosed earlier this year, included specifications of hypersonic missile prototypes that Japan is developing, according to a report in Asahi Shimbun, a Japanese newspaper. The Ministry of Defense had sent the specifications to multiple companies, including Mitsubishi, interested in bidding on the missile contract, the report said.”
  21. “Medical data and personally identifiable information belonging to patients at a Fresenius Medical Care unit are currently available online on a paste website. Fresenius is a large private hospital operator in Europe and its systems were compromised as part of a massive campaign from Snake ransomware that targeted organizations across all verticals.”
  22. “A hacker has been taking justice into their own hands by targeting “scam” companies with ransomware and denial of service attacks.  Last week a new ransomware was discovered called MilkmanVictory that a hacking group stated they created to attack scammers.”