Cyber Security News for 22Apr2020

Image by Sophos
  1. “On April 9, 2020 the U.S. Senate Committee on Commerce, Science and Transportation held a “paper hearing” entitled Enlisting Big Data in the Fight Against Coronavirus. A “paper hearing” consists of the committee members submitting opening statements and witnesses submitting testimony, which were posted on the Committee’s website. Witnesses were required to submit answers to member questions last week.”
  2. “A recently uncovered banking trojan aims to steal Android victims’ online banking credentials and take over their bank accounts, using “elaborate” overlay attack capabilities. The malware, dubbed “Banker.BR” by researchers with IBM X-Force, was spotted in messages targeting users in countries that speak Spanish or Portuguese (including Spain, Portugal, Brazil and other parts of Latin America). Researchers said the malware is under continual development, and they warned of extended overlay capabilities and code enhancements in the coming months.”
  3. “A volunteer group of cybersecurity professionals formed to protect computer networks during the coronavirus pandemic says it has helped dismantle nearly 3,000 malicious internet domains and identified more than a 2,000 software vulnerabilities in health care institutions around the world.”
  4. “A bipartisan group of senators sent a letter to both the Department of Defense and Department of Homeland Security on Monday urging them to take more action to defend the U.S. healthcare sector against hackers that have been exploiting the coronavirus pandemic.”
  5. “Microsoft has released an out-of-band security update that fixes remote code execution vulnerabilities in an Autodesk FBX library integrated into Microsoft Office and Paint 3D applications. Last month, Autodesk issued security updates for their Autodesk FBX Software Development Kit that resolves remote code execution and denial of service vulnerabilities caused by specially crafted FBX files.”
  6. “Passwords are something you use almost every day, from accessing your email or banking online to purchasing goods or accessing your smartphone.  However, passwords are also one of your weakest points; if someone learns or guesses your password they can access your accounts as you, allowing them to transfer your money, read your emails, or steal your identity. That is why strong passwords are essential to protecting yourself.”
  7. “Alberta’s privacy commissioner is launching two investigations into the controversial Babylon virtual health-care app by Telus Health, as concerns emerge over privacy compliance.”
  8. “As time goes on, application owners need to make modifications to their applications and the underlying infrastructure to continuously improve the product they provide to their customers. These customers can be internal to the business or external. As those modifications and changes happen, the configuration of the applications and infrastructure changes. These changes might be benign, or they might take the systems out of a hardened state. This is known as “configuration drift.””
  9. “Security experts from QuoIntelligence (QuoINT) firm reported that China-linked Winnti cyberespionage group targets South Korean video gaming company Gravity.  The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007.  The experts believe that under the Winnti umbrella there are several APT groups, including  Winnti, Gref, PlayfullDragon, APT17, DeputyDog, Axiom, BARIUM, LEADPassCV, Wicked Panda, Group 72, Blackfly, and APT41, and ShadowPad.”
  10. “Are you also among the 1.3 billion website owners across the globe? If yes, then you might know how vital it is to keep your site away from these mischievous hackers. Yes, it is undoubtedly a sad reality that sometimes the sites get hacked, losing the confidential data. So if you own a WordPress site, then you might know how stressful this situation can become when the data of the users are on stake.”
  11. “A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China’s autonomous region of Xinjiang.  The findings, published by digital forensics firm Volexity, reveal that the exploit — named “Insomnia” — works against iOS versions 12.3, 12.3.1, and 12.3.2 using a flaw in WebKit that was patched by Apple with the release of iOS 12.4 in July 2019.”
  12. “A technique that abuses legacy Firefox functionality to achieve command execution in enterprise environments. These capabilities can be used for lateral movement, persistence and defense evasion during penetration testing and red team operations. All testing was performed on the latest version of Firefox browser.”
  13. “Did you receive one of those “porn scam” emails in the past week or so? Millions of people did – in fact, the number was probably more like tens or even hundreds of millions, with some Naked Security readers reporting phlegmatically that they’d had two, three and even five different flavours of scam in the past few days.”
  14. “One possibility, it turns out, is in the radio spectrum. With a radio, antenna, and his own computer script, Davidov figured out how to use a signal emitted by an air-gapped computer’s graphics processing unit (GPU) to exfiltrate data. Davidov, the lead security researcher at Duo Labs, published a paper with his findings Wednesday and shared them exclusively with CyberScoop.”
  15. “To protect customers of Palo Alto Networks, Unit 42 researchers monitor user interest in trending topics and newly registered domain names related to these topics, as miscreants often leverage them for malicious campaigns. Accompanying the growth in user interest, we observed a 656% increase in the average daily coronavirus-related domain name registrations from February to March. In this timeframe, we witness a 569% growth in malicious registrations, including malware and phishing; and a 788% growth in “high-risk” registrations, including scams, unauthorized coin mining, and domains that have evidence of association with malicious URLs within the domain or utilization of bulletproof hosting. As of the end of March, we identified 116,357 coronavirus-related newly registered domain names. Out of these, 2,022 are malicious and 40,261 are “high-risk”.”
  16. “A Windows 10 kernel bug made it possible to escape Google Chrome’s sandbox, a security researcher with Google Project Zero found. The vulnerability was introduced with version 1903 of the operating system on May 21, 2019. Google Chrome’s sandbox is a secure environment that downgrades browser processes to low permissions and cuts them from the rest of the system to prevent damage if hijacked by a malicious actor.”
  17. “The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims. The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.”
  18. “Nearly 25,000 email credentials allegedly from NIH, WHO, Gates Foundation and other organizations involved in the containment of COVID-19 pandemic are dumped online. While the principal organizations engaged in the fight against COVID-19 are the targets of conspiracy theories, a data dump containing email credentials from the Gates Foundation, World Health Organization (WHO), Center for Disease Control and Prevention (CDC), and a virology center based in Wuhan, appeared online.”
  19. “Hackers working on behalf of the Vietnamese government have been targeting Chinese government organizations tasked with managing the country’s response to the coronavirus pandemic, according to FireEye research published Wednesday.  The attackers specifically sent spearphishing emails laced with METALJACK malware to employees at China’s Ministry of Emergency Management and the government of Wuhan, where the virus is believed to have originated. The malware, which was delivered via phishing emails, eventually gets loaded into memory.”
  20. “Three different connected home hubs – Fibaro Home Center Lite, Homematic Central Control Unit (CCU2) and Elko’s eLAN-RF-003 – are vulnerable in their older versions to serious bugs that would allow information disclosure, man-in-the-middle (MiTM) attacks and unauthenticated remote code execution (RCE), according to researchers.”
  21. “TAG has specifically identified over a dozen government-backed attacker groups using COVID-19 themes as lure for phishing and malware attempts—trying to get their targets to click malicious links and download files,”
  22. “The next version of Zoom, to be released this week, will have stronger encryption for data sent between participants in a meeting to prevent tampering, the Silicon Valley-based company said. The software will also allow Zoom account administrators to choose which parts of the world they route their data through. The upgrade follows a report from the University of Toronto’s Citizen Lab that found Zoom routed some meeting encryption keys through China.”

#security #cybersecurity #itsecurity #privacy #bankerbr #malware #trojan #android #telus #telushealth #winti #gref #playfulldragon #wordpress #uyghurs #china #insomnia #spyware #unit42 #apple #citizenlab #zoom