Cyber Security News for 24Apr2020

  1. “California Attorney General (“AG”) Xavier Becerra recently issued an alert emphasizing the rights of California consumers under the California Consumer Privacy Act (“CCPA”) during the COVID-19 pandemic. The alert follows media reports that the AG’s office is “committed to enforcing the law upon finalizing the rules or [by] July 1, whichever comes first,” even with the “new reality created by COVID-19.”” https://www.huntonprivacyblog.com/2020/04/24/california-attorney-general-emphasizes-ccpa-rights-during-covid-19/
  2. “On April 16, 2020, the Centre for Information Policy Leadership (“CIPL”), in collaboration with the Centro de Estudos de Direito, Internet e Sociedade of Instituto Brasiliense de Direito Público (“CEDIS-IDP”), published a White Paper (the “White Paper”) on the Role of the Brazilian Data Protection Authority (“ANPD”) under Brazil’s New Data Protection Law (“LGPD”). The White Paper is accompanied by two infographics: 1) the priorities of the Agência Nacional de Proteção de Dados, and 2) the case for an effective Brazil DPA – the ANPD.” https://www.huntonprivacyblog.com/2020/04/24/cipl-publishes-paper-highlighting-the-need-for-a-brazilian-data-protection-authority/
  3. “Learn to hijack an RDP session using various methods. This is a part of Lateral movement which is a technique that the attacker uses to move through the target environment after gaining access.” https://www.hackingarticles.in/rdp-session-hijacking-with-tscon/
  4. “Mozilla announced some major changes to its bug bounty program that was first launched in 2004. The organization paid out $965,750 for roughly 350 vulnerabilities, the average payout for each issue was approximately $2,700.” https://securityaffairs.co/wordpress/102152/security/mozilla-firefox-bug-bounty.html
  5. “A team of 13 analysts at the Internet Watch Foundation (IWF) have used machine learning to help them figure out what secret code words are used by online communities of perverts to covertly talk about child sexual abuse images.” https://nakedsecurity.sophos.com/2020/04/24/ai-helps-experts-find-thousands-of-child-sexual-abuse-imagery-keywords/
  6. “More evidence that a group of conservative political activists is operating a network of websites meant to inflame pandemic-related tension in the U.S. and solicit donations has been uncovered by a Seattle-based cybersecurity company.” https://www.cyberscoop.com/coronavirus-protests-dorr-brothers-reopen-websites-domain-tools/
  7. “The Shadow Brokers published their stolen NSA files online in several batches. One of the largest was batch number five, which got the nickname ‘lost in translation’. In March 2018, Budapest University’s Laboratory of Cryptography and System Security (CrySys Lab) published a report picking apart this file drop. It focused on a file called sigs.py which contained 45 file signatures that government operatives could use to scan machines for infection. Each file signature could be linked to a different attack group. Some of the signatures, like Flame and Stuxnet, were already known. Others were less common. The lab identified one of them, a file called godown.dll in signature 37, as IronTigerASPXSpy. It got this reference from a file listing on VirusTotal.” https://nakedsecurity.sophos.com/2020/04/24/shadow-broker-leaked-nsa-files-point-to-unknown-apt-group/
  8. “101 malicious apps, for a combined 69 million installs, are reportedly committing fraudulent activities. The apps are developed by a total of 27 developers which are believed to be connected.  According to the report published by the Cybernews, these apps are asking for an immense amount of unnecessary, dangerous permissions that could put users’ safety in danger.” https://www.threathunting.se/2020/04/24/delete-these-101-malicious-android-apps-immediately/
  9. Group-IB, a Singapore-based cybersecurity company, has detected a dump containing details for nearly 400,000 payment card records uploaded to a popular darknet cardshop on April 9.  The database was comprised almost entirely of the payment records related to banks and financial organizations in South Korea and the US. It should be noted that it is the biggest sale of South Korean records on the dark web in 2020, which contributes to the growing popularity of APAC-issued card dumps in the underground.” https://securityaffairs.co/wordpress/102188/cyber-crime/payment-card-details-darkweb.html
  10. “Scammers have been sending out emails that impersonate the U.S. Federal Reserve and lure recipients with financial relief options through the Payment Protection Program.  This phishing theme is becoming common these days as the U.S. government is offering funding options to citizens and businesses to overcome the problems created by the new coronavirus outbreak.” https://www.bleepingcomputer.com/news/security/phishing-spoofs-us-federal-reserve-to-steal-online-bank-accounts/
  11. “Nintendo said over 160,000 accounts have been hacked, due to attackers abusing a legacy login system.  Over the past few weeks, Nintendo gamers have been reporting suspicious activities on their accounts. According to the complaints, aired out on Twitter and Reddit, unauthorized actors were logging into victims’ accounts and abusing the payment cards connected to the accounts to buy digital goods on Nintendo’s online stores, such as V-Bucks, in-game currency used in Fortnite.” https://threatpost.com/nintendo-confirms-breach-of-160000-accounts/155110/
  12. “Lawyers for WhatsApp’s parent company alleged in documents filed Thursday that NSO Group, the Israeli software surveillance firm accused of spying on over a thousand WhatsApp users, has used U.S.-based servers to launch its attacks.” https://www.cyberscoop.com/nso-group-us-servers-whatsapp-lawsuit/
  13. “Polish security services on Thursday suggested the Russian government could be behind a cyberattack against an elite Polish military academy and an ensuing effort to undermine U.S.-Polish relations.” https://www.cyberscoop.com/poland-cyberattack-russia-us-military/
  14. “Faculty and students at several U.S. colleges and universities were targeted in phishing attacks with a remote access Trojan (RAT) previously used by Chinese state-sponsored threat actors.  The malware used in this mid-sized is the Hupigon RAT, a RAT well-known for being employed by Chinese APTs such as APT3 (also tracked as Gothic Panda, UPS, and TG-011 and active since at least 2010) during multiple campaigns.” https://www.bleepingcomputer.com/news/security/us-universities-targeted-with-malware-used-by-state-backed-actors/
  15. “Many of the same shadowy organizations that pay people to promote male erectile dysfunction drugs via spam and hacked websites recently have enjoyed a surge in demand for medicines used to fight malaria, lupus and arthritis, thanks largely to unfounded suggestions that these therapies can help combat the COVID-19 pandemic.” https://krebsonsecurity.com/2020/04/unproven-coronavirus-therapy-proves-cash-cow-for-shadow-pharmacies/
  16. “A new phishing campaign is delivering a new stealthy backdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks.  In advanced network attacks such as enterprise-targeting ransomware, corporate espionage, or data exfiltration attacks, quietly gaining access to and control over a corporate network is a mandatory step.” https://www.bleepingcomputer.com/news/security/bazarbackdoor-trickbot-gang-s-new-stealthy-network-hacking-malware/
  17. “An increase of 30,000% in pandemic-related malicious attacks and malware was seen in March by security researchers at cloud security firm Zscaler when compared to the beginning of 2020 when the first threats started using COVID-19-related lures and themes.” https://www.bleepingcomputer.com/news/security/researchers-30-000-percent-increase-in-pandemic-related-threats/
  18. “The report evaluates the extent to which DOD has implemented key cyber hygiene initiatives and practices and to what degree senior DOD leaders received information on the department’s efforts to address these initiatives and cyber hygiene practices. Failing to complete the recommended tasks could result in grave consequences. Roughly 90 percent of cyber attacks could be “defeated by implementing basic cyber hygiene and sharing best practices,” the DOD’s principal cyber advisor said. “Until DOD completes its cyber hygiene initiatives and ensures that cyber practices are implemented, the department will face an enhanced risk of successful attack,” GAO said in the report.”  https://www.msspalert.com/cybersecurity-markets/verticals/u-s-department-of-defense-cyber-hygiene-audit-raises-concerns/
  19. “Sindhi is an official language used in Pakistan. The bug affects iPhone, iPad, Macs and Apple Watches, and arises from macOS and iOS failing to properly render a Unicode symbol used when writing in the language. Because the symbol confuses the operating systems, according to a Friday post from researcher Graham Cluley at Bitdefender, the devices simply spontaneously crash when it shows up in a viewing window.” https://threatpost.com/apple-text-bomb-crashes-iphones-message-notifications/155144/
  20. “Zoom users are targeted by a new phishing campaign that uses fake Zoom meeting notifications to threaten those who work in corporate environments that their contracts will either be suspended or terminated. So far this series of phishing attacks that spoof automated Zoom meeting alerts has landed in the mailboxes of over 50,000 targets according to researchers as email security company Abnormal Security.” https://www.bleepingcomputer.com/news/security/phishing-uses-lay-off-zoom-meeting-alerts-to-steal-credentials/

#security #cybersecurity #itsecurity #privacy #ccpa #CIPL #anpd #bugbounty #mozilla #rat #hupigon #apt3 #gothicpanda #ups #tg011 #trojan #zscalar #zoom