Cyber Security News for 22May2020

1. “Apple and Google have rolled out the first phase of their COVID-19 contact tracing framework. It makes it possible for public health authorities across the world to connect their apps with data that could help them identify people at risk from the virus.” https://nakedsecurity.sophos.com/2020/05/22/apple-and-google-launch-covid-19-contact-tracing-api/
2. “During our Cyber Threat Intelligence monitoring we spotted new malicious activities targeting some Italian companies operating worldwide in the manufacturing sector, some of them also part of the automotive production chain.  The group behind this activity is the same we identified in the past malicious operations described in Roma225 (12/2018), Hagga (08/2019), Mana (09/2019), YAKKA (01/2020). This actor was first spotted by PaloAlto’s UNIT42 in 2018 during wide scale operations against technology, retail, manufacturing, and local government industries in the US, Europe and Asia. They also stated the hypothesis of possible overlaps with the Gorgon  APT group, but no clear evidence confirmed that.” https://securityaffairs.co/wordpress/103639/hacking/cyber-espionage-italian-manufacturing.html
3. “A banking malware called ZLoader, last seen in early 2018, has been spotted in more than 100 email campaigns since the beginning of the year.  The trojan is under active development with 25 versions seen in the wild since its comeback in December 2019, the latest one observed this month.” https://www.bleepingcomputer.com/news/security/zloader-banking-malware-is-back-deployed-in-over-100-campaigns/
4. “A data breach broker is selling a database that allegedly contains 25 million Mathway user records on a dark web marketplace.  Mathway is a calculator that allows users to type in math questions and receive an answer for free through their website or via Android and iOS apps.” https://www.bleepingcomputer.com/news/security/mathway-investigates-data-breach-after-25m-records-sold-on-dark-web/
5. “According to an investigative journalist team, the Israeli authors of the infamous Pegasus mobile spyware, NSO Group, have been using a spoofed Facebook login page, crafted to look like an internal Facebook security team portal, to lure victims in.”  https://threatpost.com/nso-group-impersonates-facebook-security/156021/
6. “The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload,” said the researchers in a series of tweets. “For several months now, we’ve been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns. In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lures.” https://threatpost.com/coronavirus-emails-netsupport-rat-microsoft/156026/
7. “A vulnerability has been discovered in Cisco Unified Contact Center Express which could allow for remote code execution. Cisco Unified Contact Center Express is an IP-based automated call distribution system that handles call routing, management, and administration features. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code as the root user on an affected device. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” https://www.cisecurity.org/advisory/a-vulnerability-in-cisco-unified-contact-center-express-could-allow-for-remote-code-execution_2020-070/
8. “Ragnar Locker is deploying Windows XP virtual machines to encrypt victim’s files while evading detecting from security software installed on the host.  Ragnar Locker is a relatively new ransomware launched at the end of December 2019 that targets corporate networks in company-wide attacks.” https://www.bleepingcomputer.com/news/security/ransomware-encrypts-from-virtual-machines-to-evade-antivirus/
9. “Docker Desktop for Windows suffers from a privilege escalation vulnerability to SYSTEM.  The core of the issue lies with the fact that the Docker Desktop Service, the primary Windows service for Docker, communicates as a client to child processes using named pipes.”  https://securityaffairs.co/wordpress/103645/hacking/docker-desktop-privilege-escalation.html
10. “A threat actor has shared the 2014 voter information for close to 2 million Indonesians on a well-known hacker forum and claims they will release a total of 200 million at a later date.  In the forum post, the threat actor states that the voter records are stored in individual PDF files that they took from the KPU, the general election commission of Indonesia.” https://www.bleepingcomputer.com/news/security/voter-info-for-millions-of-indonesians-shared-on-hacker-forum/
11. “The Department of Homeland Security’s cybersecurity wing says it has put heightened defense measures for health-care-focused organizations and research facilities in place as foreign government-backed hackers continue to try to steal U.S. coronavirus research.” https://www.cyberscoop.com/coronavirus-cybersecurity-dhs-cisa-bryan-ware/
12. “Microsoft has updated the support bulletin for the Windows 10 KB4556799 cumulative update to say they are investigating reports of issues.  Since this update was released on May 12th, Windows users have been reporting that they are experiencing issues installing the latest KB4556799 update or have some problems after it is installed.” https://www.bleepingcomputer.com/news/microsoft/microsoft-is-investigating-issues-in-latest-windows-10-update/
13. 6 Ways to Beat Hackers from Invading Your Phone  https://hackercombat.com/6-ways-to-beat-hackers-from-invading-your-phone/

#security #cybersecurity #itsecurity #privacy #risk #compliance #zloader #roma225 #hagga #mana #yakka #gorgon #apt #nsogroup  #networksupport #rat #cisco #ragnar #indonesia