Cyber Security News for 26May2020

#security #cybersecurity #itsecurity #privacy #risk #compliance #soc #comrat #rat #turla #snake #agentBTZ #contacttracing #covid19 #anarchygrabber #containers #rootless #docker #privesc #strandhogg #ncsc #huawei #venomousbear #waterbug #uroboros #ke3chang #ketrum #ketrican #okrum #funicorn
Image by https://thehackernews.com
  1. “To repel attacks, organizations must stay alert and conscious of potential threats, detect incidents promptly, and respond quickly. According to cybersecurity experts, the best and most effective way to coordinate your organization’s security defenses is with a Security Operations Center (SOC).” https://www.threathunting.se/2020/05/26/a-comprehensible-introduction-to-security-operations-center-soc/
  2. “Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail’s web interface to covertly receive commands and exfiltrate sensitive data.” https://thehackernews.com/2020/05/gmail-malware-hacker.html
  3. “The City of Hangzhou is planning to make a contact tracing system developed to fight the COVID-19 pandemic permanent for its citizens.” https://securityaffairs.co/wordpress/103785/digital-id/hangzhou-contact-tracing-covid-19.html
  4. “The AnarchyGrabber version flexed this new capability when its victim first started up Discord. At this stage, the threat loaded “inject.js” from a new 4n4rchy folder. This file loaded another script called “discordmod.js” that together with inject.js logged the user out and prompted them to log back in.  Once they logged back in, the new AnarchyGrabber variant attempted to disable two-factor authentication (2FA) on its victim’s account. It then got to work stealing its victim’s information including their user name, plaintext password and user token.” https://www.tripwire.com/state-of-security/security-data-protection/updated-anarchygrabber-steals-passwords-spreads-to-discord-friends/
  5. “Rootless containers is a new concept of containers that don’t require root privileges in order to formulate. Many solutions have been proposed to overcome the technological challenges of creating a container with an unprivileged user, some of them are still under development and some are production-ready. While rootless containers present some advantages, mainly from a security perspective, they are still in their early stages.” https://unit42.paloaltonetworks.com/rootless-containers-the-next-trend-in-container-security/
  6. “Everyone has read over and over again about how important information sharing is for cybersecurity. The idea is certainly not new. It’s definitely not cool. It’s also hard. No one has completely nailed it even after talking about it for decades.” https://www.cyberscoop.com/cyber-threat-alliance-information-sharing-neil-jenkins-op-ed/
  7. “Recorded Future noted a spike in the relative number of credential leaks from the pharmaceutical and biotechnology sector compared to all credential leaks between November of 2019 and March of 2020. The number of credentials that are leaked vary greatly from month to month — a large credential dump can cause numbers for a given month to increase dramatically, and many of those credentials may be repackaged from previous leaks.” https://www.recordedfuture.com/pharmaceutical-biotech-credential-leaks/
  8. “Docker has fixed a vulnerability that could have allowed an attacker to gain control of a Windows system using its service. The bug, discovered by Ceri Coburn, a researcher at security consultancy Pen Test Partners, exposed Docker for Windows to privilege elevation.” https://nakedsecurity.sophos.com/2020/05/26/docker-desktop-danger-discovered-patch-now/
  9. “Dubbed ‘Strandhogg 2.0,’ the new vulnerability affects all Android devices, except those running the latest version, Android Q / 10, of the mobile operating system—which, unfortunately, is running on only 15-20% of the total Android-powered devices, leaving billions of rest of the smartphones vulnerable to the attackers. StrandHogg 1.0 was resided in the multitasking feature of Android, whereas the new Strandhogg 2.0 flaw is basically an elevation of privilege vulnerability that allows hackers to gain access to almost all apps.” https://thehackernews.com/2020/05/stranhogg-android-vulnerability.html
  10. “Following the U.S. announcement of additional sanctions against Huawei, the NCSC is looking carefully at any impact they could have to the U.K.’s networks,” the NCSC said in a statement to CyberScoop on Tuesday. “The security and resilience of our networks is of paramount importance.” https://www.cyberscoop.com/uk-huawei-ncsc-5g-networks/
  11. “The Ke3chang hacking group historically believed to be operating out of China has developed new malware dubbed Ketrum by merging features and source code from their older Ketrican and Okrum backdoors.  The cyber-espionage activities of the Ke3chang advanced persistent threat (APT) group (also tracked as APT15, Vixen Panda, Playful Dragon, and Royal APT) go as far as 2010 according to FireEye researchers.” https://www.bleepingcomputer.com/news/security/hacking-group-builds-new-ketrum-malware-from-recycled-backdoors/
  12. “This week, the US House of Representatives is expected to consider the act that reauthorizes that warrantless data collection: the USA Freedom Reauthorization Act. The House already passed the reauthorization act, sent it to the Senate, and will this week consider the Senate’s tweaks before sending it to President Trump for his signature. Mozilla, Engine, Reddit, Reform Government Surveillance, Twitter, i2Coalition, and Patreon are asking legislators to amend the bill in order to limit government access to internet browsing and search history without a warrant.” https://nakedsecurity.sophos.com/2020/05/26/internet-giants-unite-to-stop-warrantless-snooping-on-web-histories/
  13. “A new ransomware threat called [F]Unicorn has been encrypting computers in Italy by tricking victims into downloading a fake contact tracing app that promises to bring real-time updates for COVID-19 infections.” https://www.bleepingcomputer.com/news/security/new-f-unicorn-ransomware-hits-italy-via-fake-covid-19-infection-map/
  14. “Starting last year, ransomware operators have escalated their extortion strategies by stealing files from victims before encrypting their data. These stolen files are then used as further leverage to force victims to pay.  Many ransomware operators have created data leak sites to publicly shame their victims and publish the files they stole.” https://www.bleepingcomputer.com/news/security/list-of-ransomware-that-leaks-victims-stolen-files-if-not-paid/
  15. “A Ukrainian national was arrested last week in Seattle for his alleged involvement in hacking operations run by FIN7, a syndicate known stealing approximately $1 billion from its victims in the United States.” https://www.cyberscoop.com/fin7-hacking-arrest-financial/
  16. “International multi-level marketing (MLM) firm Arbonne International exposed the personal information and credentials of thousands after its internal systems were breached by an unauthorized party last month.  Arbonne is a privately held California-based company acquired by Groupe Rocher in 2018, with annual revenues of over $500 million and a network of more than 200,000 independent consultants from the United States, the United Kingdom, Canada, Australia, Poland, and New Zealand.” https://www.bleepingcomputer.com/news/security/arbonne-mlm-data-breach-exposes-user-passwords-personal-info/

#security #cybersecurity #itsecurity #privacy #risk #compliance #soc #comrat #rat #turla #snake #agentBTZ #contacttracing #covid19 #anarchygrabber #containers #rootless #docker #privesc #strandhogg #ncsc #huawei #venomousbear #waterbug #uroboros #ke3chang #ketrum #ketrican #okrum #funicorn