Cyber Security News for 21May2020

#security #cybersecurity #itsecurity #privacy #risk #compliance #siem #bluetooth #epfl #chafer #apt #apt39 #remixkitten #tick #bronzebutler #mitsubishi #osint #pipemon #winnti #google #firebase #military #veterans #o365 #phishing #ttp #pii #bec #iran #israel #maas #silentnight #zeus #blockfi #cryptocurrency #wishbone
Image by https://thehackernews.com/
  1. “Today and in the evolving digital world, cyber-attacks are becoming more common and the amount of data organizations generate is too much to handle manually; therefore, organizations need a solution to monitor the systems and report suspicious activities. Among the array of security solutions available today, SIEM solutions are the most comprehensive choice for building threat intelligence capabilities.” https://www.threathunting.se/2020/05/21/what-is-siem-why-important-to-organizations/
  2. “The Bluetooth specification contains vulnerabilities enabling to perform impersonation attacks during secure connection establishment,” the researchers outlined in the paper. “Such vulnerabilities include the lack of mandatory mutual authentication, overly permissive role switching, and an authentication procedure downgrade.”  https://thehackernews.com/2020/05/hacking-bluetooth-vulnerability.html
  3. “Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known for its attacks on telecommunication and travel industries in the Middle East to collect personal information that serves the country’s geopolitical interests. “Victims of the analyzed campaigns fit into the pattern preferred by this actor, such as air transport and government sectors in the Middle East,” the researchers said in a report (PDF) shared with The Hacker News, adding at least one of the attacks went undiscovered for more than a year and a half since 2018.” https://thehackernews.com/2020/05/iran-hackers-kuwait.html
  4. “In January, the two media outlets attributed the cyber attack to a China-linked cyber espionage group tracked as Tick (aka Bronze Butler).” https://securityaffairs.co/wordpress/103547/data-breach/mitsubishi-data-breach.html
  5. “It is probably safe to assume you have heard of OSINT at some point (Open Source INTelligence). However, if you have not, it can very generally be described as the collection and analysis of data gathered from publicly accessible sources. People who perform OSINT have a wide variety of sources they can pull from and many different techniques they can use. ” https://www.trustedsec.com/blog/a-beginners-guide-to-staying-safe-anonymous-online/
  6. “A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google’s cloud infrastructure to dupe victims and skate by secure email gateways.” https://threatpost.com/crooks-tap-google-firebase-in-fresh-phishing-tactic/155967/
  7. “Military veterans have a variety of in-demand skill sets that make them highly desirable candidates for some of the fast-rising cybersecurity positions in the industry. Along with the years of experience with problem-solving, discipline and mental and physical rigor, veterans often have another ace in their hand — security clearance — that can push them to the top of the pile for some of the best entry-level cybersecurity jobs today.” https://resources.infosecinstitute.com/best-entry-level-cybersecurity-jobs-for-veterans-with-security-clearance/
  8. “A highly-targeted phishing attack pretends to deliver subpoenas, but actually ends up collecting victims’ Office 365 credentials. The ongoing campaign has slipped by Office 365 and gateway security controls to hit several C-Suite level victims thus far. The phishing emails spoof the U.S. Supreme Court, aiming to capitalize on scare tactics to convince targets to click on an embedded link. The email tells victims that it contains a writ issued by the Supreme Court, to compel them to attend a hearing. To view the subpoena, victims must click on the link” https://threatpost.com/supreme-court-phish-targets-office-365-credentials/155955/
  9. “Adobe has released an update for Adobe Character Animator for Windows and macOS. This update resolves a stack-based buffer overflow vulnerability that could lead to remote code execution.” https://nakedsecurity.sophos.com/2020/05/21/adobe-out-of-band-critical-patch-get-your-update-now/
  10. “Microsoft has started to roll out a new version of the Windows 10 Intel Microcode KB4497165 update that is not optional, will automatically be installed, and your computer will be restarted. Yesterday, one of our readers left a comment that a new Intel microcode update was being rolled out via Windows Update, but it was not being offered when I checked.” https://www.bleepingcomputer.com/news/microsoft/new-windows-10-intel-microcodes-released-in-forced-kb4497165-update/
  11. “With the number of affected victims growing every year, some of today’s most serious threats to organizations are database breaches and releases. These breaches compromise millions of pieces of sensitive information like personally identifiable information (PII), credentials, payment information, and proprietary data. Criminals gain access to the data through various tactics, techniques, and procedures (TTPs), such as phishing, malware, exploiting existing vulnerabilities in software, insider threats, password reuse, and a number of other methods, taking advantage of holes in security infrastructure. After breaching an organization’s network, criminals may access the data themselves or sell the access off at dark web auctions. The information gathered as a result in turn frequently leads to further breaches through techniques like business email compromise (BEC).” https://www.recordedfuture.com/database-breaches-analysis/
  12. “Early this morning we detected a widespread cyber attack against many websites stored on our servers. It is a case of a malicious and far-ranging attack carried out by anti-Israel (Iranian) sources. We detected a weakness in a WordPress add on that enabled the hack and are working closely with the National Cyber Bureau to research the breach and fix the affected sites.” https://securityaffairs.co/wordpress/103570/hacktivism/israeli-websites-defaced.html
  13. “A descendant of the infamous Zeus banking trojan, dubbed Silent Night by the malware’s author, has emerged on the scene, with a host of functionalities available in a spendy malware-as-a-service (MaaS) model. Custom builds can run as much as $4,000 per month to use, which researchers say is now placing the code out of the range of any but large cybercriminal groups looking to mount mass campaigns.” https://threatpost.com/silent-night-banking-trojan/155981/
  14. “While conducting a recent penetration test of a connected vehicle, an integer underflow vulnerability was identified within an embedded web server. This embedded web server was found to be externally exposed through a vehicle’s Wi-Fi network, meaning that anyone with access to the network would be able to access this web server. While this integer underflow ultimately allowed for achieving remote code execution on the vehicle, the behavior of the memcpy() function on the embedded device was far more interesting.” https://blog.talosintelligence.com/2020/05/cve-2020-6096.html
  15. “The vulnerability is due to insecure deserialization of user-supplied content by the affected software,” according to Cisco, in a Wednesday security alert. “An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device.” https://threatpost.com/critical-cisco-rce-flaw-unified-ccx/155980/
  16. “An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass, resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability.” https://blog.talosintelligence.com/2020/05/vuln-spotlight-epson-project-authentication-may-2020.html
  17. “For just under 90 minutes last Thursday, hackers were able to compromise the systems of cryptocurrency lending platform BlockFi, and gain unauthorised access to users’ names, email addresses, dates of birth, address and activity history.” https://www.tripwire.com/state-of-security/featured/blockfi-hacked-following-sim-swap-attack-says-no-funds-lost/
  18. “A hacker has leaked 40 million Wishbone user records that contain a treasure trove of information that could be used to perform phishing campaigns, account takeovers, and credential stuffing attacks.  BleepingComputer has been able to independently confirm that the data is legitimate as it contains user records for people we know have used the app and who have confirmed the accuracy of the data.” https://www.bleepingcomputer.com/news/security/hacker-shares-40-million-wishbone-user-records-for-free/
  19. “Threat actors attempted to exploit a zero-day (CVE-2020-12271) in the Sophos XG firewall to spread ransomware to Windows machines, the good news is that the attack was blocked by a hotfix issued by Sophos.” https://securityaffairs.co/wordpress/103590/malware/sophos-xg-firewall-0day.html

#security #cybersecurity #itsecurity #privacy #risk #compliance #siem #bluetooth #epfl #chafer #apt #apt39 #remixkitten #tick #bronzebutler #mitsubishi #osint #pipemon #winnti #google #firebase #military #veterans #o365 #phishing #ttp #pii #bec #iran #israel #maas #silentnight #zeus #blockfi #cryptocurrency #wishbone