Cyber Security News for 27May2020

#security #cybersecurity #itsecurity #privacy #risk #compliance #livejournal #facebook #telematics #grayshift #hideui  #qihoo360 #baidu #botnet #shuangqiang #doublegun #spearphishing #Grandoreiro #Huawei #dridex
Image by https://bleepingcomputer.com
  1. “A database containing over 26 million unique LiveJournal user accounts, including plain text passwords, is being shared for free on multiple hacker forums.  For some time, rumors have been circulating that LiveJournal was breached in 2014 and account credentials for 33 million users were stolen.  Since approximately May 8th, 2020, links to a data dump allegedly containing 33,717,787 unique accounts have been circulating on various hacker forums.” https://www.bleepingcomputer.com/news/security/26-million-livejournal-accounts-being-shared-on-hacker-forums/
  2. “Telematics is an operational goldmine. Whether it is with a fleet management services provider or an internal fleet management team, businesses can easily gather measurable, actionable data that can help control operating expenses, improve driver safety, and communicate with drivers in real time.  But with great power comes great responsibility. Whenever new technology is introduced, vulnerabilities are exposed, and hacking threats become real. No business is immune.” https://www.tripwire.com/state-of-security/security-data-protection/iot/protecting-fleet-data-security-threats/
  3. “Whether it is to keep track of your children’s activities or to monitor an unfaithful spouse or partner. These apps will answer your questions on how to spy on someone’s cell phone without target phone.” https://hackercombat.com/5-simple-ways-to-spy-on-someones-phone-without-touching-it/
  4. “Even if you have absolutely nothing to hide, you still have to protect the privacy of your data. Increasingly, our whole life fits in a series of short data that is sold on the internet. Think carefully before allowing any application to access your contact list or friend profiles. So, monitoring your online activity is important to protect not only information about yourself but also your own identity and the security of your loved ones.” https://hackercombat.com/how-to-secure-your-personal-data-while-online/
  5. “The security research team, led by Anurag Sen, at Safety Detectives has uncovered a significant leak of Facebook data. As much as 3 gigabytes of scraped Facebook user data was found on an Elastic server, which raises additional concerns regarding the company’s security measures.” https://www.safetydetectives.com/blog/facebook-scraped-leak-report/
  6. “Software called Hide UI, created by Grayshift, a company that makes iPhone-cracking devices for law enforcement, can track a suspect’s passcode when it’s entered into a phone, according to two people in law enforcement, who asked not to be named out of fear of violating non-disclosure agreements.” https://www.nbcnews.com/tech/security/iphone-spyware-lets-cops-log-suspects-passcodes-when-cracking-doesn-n1209296#anchor-Thesoftware
  7. ” 9to5Google has analyzed the source code of the latest update to Google Messages and found a slew of clues that strongly suggest that Google’s finally planning to add e2ee to the chat app’s rich communication services (RCS).” https://nakedsecurity.sophos.com/2020/05/27/google-may-soon-add-end-to-end-encryption-for-rcs/
  8. “Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems.  The botnet was traced back to a group it calls ShuangQiang (also called Double Gun), which has been behind several attacks since 2017 aimed at compromising Windows computers with MBR and VBR bootkits, and installing malicious drivers for financial gain and hijack web traffic to e-commerce sites.” https://thehackernews.com/2020/05/chinese-botnet-malware.html
  9. “Adversaries can use Control Panel items as execution payloads to execute arbitrary commands. Malicious Control Panel items can be delivered via Spearphishing Attachment campaigns or executed as part of multi-stage malware. [4] Control Panel items, specifically CPL files, may also bypass application and/or file extension whitelisting.” https://www.threathunting.se/2020/05/27/detect-malicious-control-panel-items-free-splunk-detection-rule/
  10. “For fast-moving security teams today, it’s about doing more with less—in other words, leveraging the tools and resources you use for vulnerability management to their maximum extent to keep your organization lean and extract the full value from your investments. According to Forrester, this is called flexibility, and refers to the additional capacity or capability that can be turned into a business benefit for future additional investment.” https://blog.rapid7.com/2020/05/27/finding-flexibility-in-your-vulnerability-management-solution/
  11. “Ransomware has become one of the most insidious threats in the past couple of years, with actors scaling up their operations to the point that the average ransom demand increased more than 10 times in one year. There are well over a dozen operators in the ransomware-as-a-service (RaaS) game, each with a host of affiliates that focus on enterprise targets across the world. Since the infamous GandCrab group called it quits in mid-2019, the ransomware landscape changed drastically. The RaaS model they introduced is now the norm, paving the way for professional attackers with a clear strategy to make money.” https://www.bleepingcomputer.com/news/security/ransomwares-big-jump-ransoms-grew-14-times-in-one-year/
  12. “The threat category risk (TCR) framework — which builds on work by Douglas Hubbard and Richard Seiersen — is a practical, quantitative cyber risk framework. It’s designed to help security teams identify the likelihood and scale of annual financial loss posed by different cyber threats.” https://www.recordedfuture.com/threat-category-risk-framework/
  13. “A British law firm, PGMBM, announced Tuesday it filed a lawsuit against EasyJet, the largest airline in the U.K., in connection with a security incident in which details about 9 million people were exposed. The firm is seeking up to £18 billion ($22 billion), including up to 30% in fees, or roughly £5.4 billion ($6.6 billion), for itself. The suit in London’s High Court follows similar legal action against British Airways, which announced its own data breach in 2018.” https://www.cyberscoop.com/easyjet-lawsuit-data-breach-settlement/
  14. “Germany’s federal cybersecurity agency today urged iOS users to immediately install the iOS and iPadOS security updates released by Apple on May 20 to patch two actively exploited zero-click security vulnerabilities impacting the default email app.  “Due to the criticality of the vulnerabilities, the BSI recommends that the respective security update be installed on all affected systems immediately,”” https://www.bleepingcomputer.com/news/security/german-govt-urges-ios-users-to-patch-critical-mail-app-flaws/
  15. “Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution” https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2020-071/
  16. “The number of ransomware attacks increased by 40 percent last year, according to Group-IB’s incident response engagements and industry researchers data, while devious techniques employed by the attackers helped them to push the average ransom grow over tenfold in just one year. The greediest ransomware families with highest pay-off were RyukDoppelPaymer and REvil. The findings come as highlights of Group-IB whitepaper titled “Ransomware Uncovered: Attackers’ Latest Methods,” closely examining the evolution of the ransomware operators’ strategies over the past year, issued today. ” https://securityaffairs.co/wordpress/103840/breaking-news/evolution-of-ransomware-2019.html
  17. “Unlike the previous Windows 10 1909 feature update, which felt more like a service pack, the May 2020 Update is full of new features, improvements, and performance enhancements.  With this released, the latest version of Windows is Windows 10, version 2004 build 19041.264.  For those who do not want to rush to install a new Windows 10 feature update, you can follow the open and resolved issues to determine when you feel comfortable installing it.” https://www.bleepingcomputer.com/news/microsoft/windows-10-may-2020-update-released-here-are-the-new-features/
  18. “The CyberNews research team uncovered an unsecured Amazon Simple Storage Service bucket of confidential user chat logs belonging to Real estate app Tellus, a US-based software company.  Tellus is a software company based in Palo Alto, California, backed by “well-known investors” that aims to “reimagine Real Estate for the modern era.” The company’s app portfolio includes the Tellus App, a real estate loan, management and investing program. Its target users are American landlords and tenants who can receive and pay rent money, as well as keep all of their ownership and rent related data like rental listings, personal information, and correspondence between tenants and landlords in one place.” https://securityaffairs.co/wordpress/103846/breaking-news/real-estate-app-data-leak.html
  19. “Windows 10’s built-in network packet sniffer Pktmon has been updated with real-time monitoring and PCAPNG capture file format support with today’s release of Windows 10 2004.  Since the October 2018 update, Microsoft has quietly included a built-in packet sniffer called Pktmon in Windows 10.  Today, Microsoft released Windows 10 2004, the May 2020 Update, and with it, Pktmon has been upgraded to include two essential features; real-time monitoring and support for the PCAPNG file format.” https://www.bleepingcomputer.com/news/microsoft/windows-10-s-pktmon-sniffer-gets-real-time-monitoring-pcap-support/
  20. ” Grandoreiro is a Latin American banking trojan targeting Brazil, Mexico, Spain, Peru, and has now extended to Portugal. Cybercriminals attempt to compromise computers to generate revenue by exfiltrating information from victims’ devices, typically banking-related information. During April and May 2020, a new Grandoreiro variant was identified. This piece of malware includes improvements in the way it is operating. The threat has been disseminating via malscam campaigns, as in the past, and the name of the victim is used as a part of the malicious attachment name” https://securityaffairs.co/wordpress/103853/malware/grandoreiro-malware-q2-2020.html
  21. “A Canadian judge has ruled that extradition proceedings to the U.S. should continue for an executive of Chinese telecommunications giant Huawei.” https://www.cyberscoop.com/huawei-meng-wanzhou-extradition-canada/
  22. “Hackers are sending spoofed emails that appear to be from FedEx, UPS and DHL as part of a mass emailing campaign meant to infect victims’ computers, according to research initially published on May 5 by the security vendor Votiro. The messages appear to include package tracking updates, though at least some of them aim to infect recipients with a strain of malware known as Dridex, which is typically used to steal bank account data.” https://www.cyberscoop.com/fedex-ups-dridex-email-scam-votiro/
  23. “The hack-for-hire campaign, which has targeted healthcare companies, consulting firms, and financial services entities primarily in the U.S., Slovenia, Canada, Iran, Bahrain, and Cyprus, uses Gmail accounts imitating the WHO to direct victims to lookalike WHO websites. From there, victims are urged to sign up for healthcare alerts related to the coronavirus pandemic, according to Google. When signing up, however, users are prompted to reveal their Google account credentials or other personal information such as their cell phone numbers.” https://www.cyberscoop.com/coronavirus-phishing-scheme-google-india-world-health-organization/

#security #cybersecurity #itsecurity #privacy #risk #compliance #livejournal #facebook #telematics #grayshift #hideui  #qihoo360 #baidu #botnet #shuangqiang #doublegun #spearphishing #Grandoreiro #Huawei #dridex