Cyber Security News for 23Apr2020

  1. “Based on our months of research and years of dark web monitoring experience, we have identified five main reasons dark web and cybercrime markets are booming.”
  2. “A new variant of the Hoaxcalls botnet, which can be marshalled for large-scale distributed denial-of-service (DDoS) campaigns, is spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month.”
  3. “Simply put, malware is software–a computer program–used to perform malicious actions. This term is a combination of the words malicious and software.”
  4. “In response to the Coronavirus pandemic, many companies have adjusted how they do business. As they shift to remote work and establish new policies, some companies find these changes to be challenging undertakings. Many turn to tools like robotic process automation (RPA software) to help make these adjustments.  Like any other major shift, this widespread RPA adoption comes with a few concerns. Not all companies turning to RPA know how to handle the cybersecurity needs that go with it. It’s become evident that many businesses lack the necessary anti-hacking training. ”
  5. “In a recent highly targeted BEC attack, hackers managed to trick three British private equity firms into wire-transferring a total of $1.3 million to the bank accounts fraudsters have access to — while the victimized executives thought they closed an investment deal with some startups.  According to the cybersecurity firm Check Point, who shared its latest investigation with The Hacker News, nearly $700,000 of the total wire transferred amount has permanently lost to the attackers, with the rest of the amount recovered after researchers alerted the targeted firms in time.”
  6. “Google is warning that nation-state actors are exploiting the COVID-19 (Coronavirus) pandemic to target health care organizations and entities involved in the fight against the pandemic.  Google’s Threat Analysis Group (TAG) shared its latest findings related to state-backed attacks and revealed that it has identified more than a dozen state-sponsored groups using COVID-19 lures.”
  7. “On December 16 2019, Check Point’s Incident Response Team (CPIRT) was engaged by three firms in the finance sector to investigate fraudulent wire transfers sent from their joint bank account. Four separate bank transactions attempted to transfer 1.1M GBP to unrecognized bank accounts. Emergency intervention with the banks allowed for the recovery of only £570K, leaving the rest as permanently lost funds.”
  8. “Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded that a cryptocurrency payment be made in exchange for the safe recovery of encrypted data.”
  9. “On Tuesday, the vpnMentor researchers said that Kinomap’s database was lying around starkers, completely unsecured and unencrypted. You might have to pay for the subscription service to immerse you in forest greenery, but if you knew where to look, you wouldn’t need to pay anything at all to get at the 42 million Kinomap users’ records that the researchers found.”
  10. “Cybercriminals are increasingly peddling booby-trapped version of popular apps such as Skype and Signal that contain surveillanceware. Apurva Kumar, security intelligence engineer at Lookout, said that one such surveillanceware family that’s been spotted using this tactic is Monokle, a sophisticated set of custom Android surveillanceware.”
  11. Federal health agencies have adopted innovation as their roadmap to the future — embracing emerging technologies such as Internet of Things-enabled medical devices and interoperable electronic health records. While these technologies have enabled agencies to accelerate delivery and improve their front-line customer experience, a more connected health IT landscape also increases the cyber threat landscape and introduces new challenges for security professionals.”
  12. “Remote workers are being warned of a new phishing campaign targeting their Skype passwords. The phishing emails look “eerily similar” to a legitimate Skype notification alert, according to a report released by Cofense on Thursday. Emails indicate users have 13 pending Skype notifications that can be checked by clicking a “Review” button.”
  13. “Hackers have been using information belonging to groups such as World Health Organization (WHO), the U.S. Centers for Disease Control and Prevention (CDC), the World Bank, the U.S. National Institutes of Health, the Bill and Melinda Gates Foundation and the Wuhan Institute of Virology online in various ways, according to a report by the Washington Post, citing research by the SITE Intelligence Group.”
  14. “For months, the botnet — an army of compromised computers controlled by an attacker — had grown in strength by quietly infecting devices using USB drives, allowing the attackers to mine thousands of dollars in cryptocurrency. The infections reached the Peruvian public sector and financial institutions, adding urgency to the effort to defang it. Now, Slovakian anti-virus company ESET says it helped “sinkhole” — or render innocuous — about a quarter of the malicious subdomains used by the botnet.”
  15. “When in Doubt: Hang Up, Look Up, & Call Back”
  16. “The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) have issued a joint report warning of threat actors increasingly exploiting vulnerable web servers to deploy web shells.  Web shells are malicious tools that hackers can deploy on a compromised internal or internet-exposed server to gain and maintain access, as well as remotely execute arbitrary commands, deliver additional malware payloads, and pivot to other devices within the network.  They can be uploaded onto vulnerable servers in a wide variety of forms, from programs specifically designed to provide web shell features and Perl, Ruby, Python, and Unix shell scripts to app plugins and PHP and ASP code snippets injected within a web app’s pages.”
  17. “Cyber-security firm GreyNoise Intelligence today announced the launch of GreyNoise Alerts, a new free service that will automatically notify you via email when any devices on your organization’s IP address range get hacked and start exhibiting potentially malicious behavior.”
  18. “The ambitious program to build interoperable software for iPhone and Android devices inspired hope in some and privacy concerns in others. New research highlights the potential security implications of using Bluetooth to track smartphone users.”
  19. “SeaChange, a Waltham, Massachusets company with locations in Poland and Brazil, is an on-premise or remotely managed video-on-demand and streaming platform provider. SeaChange’s customers include the BBC, Verizon, DISH, COX, DirecTV, and COX.”
  20. “Juan Andres Guerrero-Saade, a former Kaspersky and Google researcher, uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in 2017.  The campaign was previously attributed to China-linked APT Emissary Panda (aka APT27TG-3390Bronze Union, and Lucky Mouse), it is referenced as SIG37 in one of the documents included in the Shadow Brokers dump.”

#security #cybersecurity #itsecurity #privacy #darkweb #maze #victgorygate #monero #botnet #cryptomining #kinomap #monokle  #who #cdc #vishing #sodinokibi #Hoaxcalls