Cyber Security News for 27Apr2020

  1. “The operators behind the Shade Ransomware (Troldesh) have shut down their operations, released over 750,000 decryption keys, and apologized for the harm they caused their victims.  The Shade Ransomware has been in operation since around 2014. Unlike other ransomware families that specifically avoid encrypting victims in Russia and other CIS countries, Shade targets people in Russia and Ukraine predominantly.” https://www.bleepingcomputer.com/news/security/shade-ransomware-shuts-down-releases-750k-decryption-keys/
  2. “A pre-auth SQL injection bug leading to remote code execution is at the heart of a data-stealing campaign against XG firewalls, using the Asnarok trojan.  Attackers have been targeting the Sophos XG Firewall (both physical and virtual versions) using a zero-day exploit, according to the security firm – with the ultimate goal of dropping the Asnarok malware on vulnerable appliances.” https://threatpost.com/hackers-zero-day-attacks-sophos-firewalls/155169/
  3. ” More than 150,000 emails spreading the Hupigon RAT that use adult dating as a lure have been uncovered, with almost half being sent to U.S. university and college email addresses.  Several U.S. universities have been targeted in a widespread spear-phishing attack that uses adult dating as a lure. In reality, the emails spread the Hupigon remote access trojan (RAT), known to be leveraged by state-sponsored threat actors.” https://threatpost.com/us-universities-adult-dating-spear-phishing-attack/155170/
  4. “Ransomware attacks often rely on victims making a few basic mistakes that are often quite uncomfortable to confront – it’s natural to assume you haven’t made any (or, at least, not many), and it can feel both tired and tiring to keep going through the basics. 5 simple phrases, each starting with P so they’re easy to remember.” https://nakedsecurity.sophos.com/2020/04/27/5-common-mistakes-that-lead-to-ransomware/
  5. “Email is still the access vector of choice for attackers, as malicious actors serve up cleverly crafted emails that feed on our fear of the unknown and our desire to be informed. Many of those emails are scams, and others deliver something even more nefarious: ransomware.”  https://blog.rapid7.com/2020/04/27/the-healthcare-security-pros-guide-to-ransomware-attacks/
  6. “Microsoft Teams, the technology giant’s professional collaboration tool, included a software bug that could have made it possible for hackers to steal data. Hackers could have used a malicious GIF to scrape user data from Microsoft Teams user accounts, spreading through an organization’s entire roster of employees who use the service, researchers from CyberArk announced Monday. The issue existed for three weeks between the end of February through mid-March, when much of the U.S. started to telework in response to the coronavirus pandemic.” https://www.cyberscoop.com/microsoft-teams-security-flaw-cyberark-gif/
  7. “As of this morning, reports have been received in the National Cyber ??Arrangement about assault attempts on control and control systems of wastewater treatment plants, pumping stations and sewers.” reads the alert issued by the Israeli government. “The system calls on companies and entities in the energy and water sectors to immediately exchange passwords from the Internet to the control systems, reduce Internet connectivity and ensure that the most up-to-date version of controllers is installed.”  https://securityaffairs.co/wordpress/102361/hacking/israeli-water-facilities-attacked.html
  8. “Firewalls are easy to misconfigure. While the security consequences of such errors may be acceptable for some firewalls, the accumulated risks of misconfigured firewalls in a defense-in-depth OT network architecture are generally unacceptable. Most industrial sites deploy firewalls as the first line of defense for their Operations Technology (OT) / industrial networks. However, configuring and managing these firewalls is a complex undertaking. Configuration and other mistakes are easy to make.” https://threatpost.com/waterfall-eight-common-ot-industrial-firewall-mistakes/155061/
  9. “The victim receives a USB drive that at some point was connected to an infected machine,” explained ESET Researcher Alan Warburton. “It seemingly has all the files with the same names and icons that it contained before being infected. Because of this, the content will look almost identical at first glance. However, all the original files were replaced by a copy of the malware. When an unsuspecting user attempts to open one of these files, the script will open both the file that was intended and the malicious payload.” https://securityaffairs.co/wordpress/102331/malware/victorygate-mining-botnet.html
  10. “In the second article of our CTI analyst series, we’ll cover the unique benefits a CTI analyst brings to an organization by enhancing: Strategy and planning of IT and security by taking a holistic view; Intelligence on the cybersecurity landscape and industry trends; Collaboration with the recognized bodies and regulations” https://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/osint-using-threat-intelligence-secure-organisation/
  11. “Microsoft is investigating Bluetooth issues, failures to install, and blue screen reports received from users who have installed or attempted to install the KB4549951 cumulative update released during this month’s Patch Tuesday. KB4549951 provides customers with security fixes for devices running Windows 10, version 1909, and Windows 10, version 1903, and it can be installed automatically by checking for updates via Windows Update or manually from the Microsoft Update Catalog.” https://www.bleepingcomputer.com/news/microsoft/microsoft-investigating-windows-10-kb4549951-bsod-reports/
  12. “We review existing methods used by ransomware to delete shadow copies in order to give defenders a recap of the techniques they need to protect themselves and their digital resources against. Additionally, we expose new methods that can potentially be used by ransomware. Sharing these methods will allow defenders to deploy appropriate detections for these potential future techniques, as it’s only a matter of time before we’ll encounter them in the wild. https://www.fortinet.com/blog/threat-research/stomping-shadow-copies-a-second-look-into-deletion-methods.html
  13. “Twitter announced today that it has turned off the Twitter via SMS service because of security concerns, a service which allowed the social network’s users to tweet using text messages since its early beginnings.” https://www.bleepingcomputer.com/news/security/twitter-kills-sms-based-tweeting-in-most-countries/

#security #cybersecurity #itsecurity #privacy #troldesh #shaderansomware #sophosxg #sophos #asnarok #rat #hupigon #spearphishing #scada #ics #victorygate #osint