Cyber Security News for 28Apr2020

Malware
  1. “A website that gives advice on privacy regulation compliance has fixed a security issue that was exposing MySQL database settings — including passwords — to anyone on the internet. The website, GDPR.EU, is an advice site for organizations that are struggling to comply with the General Data Protection Regulation (GDPR) laws that were imposed by the EU in 2018. The website is operated by Proton Technologies AG, the company behind end-to-end encrypted mail service ProtonMail. While it isn’t an official EU commission site, it is partly co-funded by the Horizon 2020 Framework Programme of the European Union, an EU research and innovation program.” https://threatpost.com/data-leak-gdpr-advice-site/155199/
  2. “WordPress owners are advised to secure their websites by updating the Real-Time Find and Replace plugin to prevent attackers from injecting malicious code into their sites and creating rogue admin accounts by exploiting a Cross-Site Request Forgery flaw. The security vulnerability is a Cross-Site Request Forgery (CSRF) that leads to Stored Cross-Site Scripting (Stored XSS) attacks and it impacts all Real-Time Find and Replace versions up to 3.9.” https://www.bleepingcomputer.com/news/security/wordpress-plugin-bug-lets-hackers-create-rogue-admin-accounts/
  3. “As people socially isolate and work from home, shopping online and home deliveries have increased.  Scammers are capitalizing on this by creating new scams using Coronavirus delivery issues as a lure to get people to visit malicious links or open malware.  In a new report by Kaspersky, researchers see a new wave of phishing scams that utilize a COVID-19 theme and impersonate well-known shipping carriers such as FedEx, UPS, and DHL.” https://www.bleepingcomputer.com/news/security/fake-fedex-and-ups-delivery-issues-used-in-covid-19-phishing/
  4. “Formjacking, where cybercriminals inject malicious JavaScript code to hack a website and take over the functionality of the site’s form page to collect sensitive user information, is one of the fastest growing forms of cyber attack. It is designed to steal credit card details and other personal information from payment forms that are captured on the “checkout” pages of e-commerce websites.” https://unit42.paloaltonetworks.com/anatomy-of-formjacking-attacks/
  5. “The details come from a newly published research titled “Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and Devices” by a group of academics from the University of Liverpool, New York University, The Chinese University of Hong Kong, and University at Buffalo SUNY.” From <https://thehackernews.com/2020/04/deanonymize-device-biometrics.html>
  6. “When downloaded, Lucy now encrypts files on the infected device and displays a ransom note in the browser window which claims to be an official message from the US FBI, accusing the victim of possessing pornographic content on his device. The message also states that as well as locking the device, the user’s details have been uploaded to the FBI Cyber Crime Department’s Data Center, accompanied by a list of legal offenses that the user is accused of committing.  The victim is then instructed to pay a US$500 “fine” – unusually, by providing their credit-card information, and not via the more common method of using BitCoin.” https://research.checkpoint.com/2020/lucys-back-ransomware-goes-mobile/
  7. “Germany on Sunday pulled an about-face regarding the best way to use smart phones to trace people’s contacts with those infected by COVID-19, embracing a decentralized Bluetooth-based approach instead of the more invasive location tracking proposed in other approaches.  The Bluetooth approach – which keeps data local on people’s phones instead of being stored on a centralized database that could be used for mass state surveillance or to track people – is supported by Apple, Google and other European countries, Reuters reported.” https://nakedsecurity.sophos.com/2020/04/28/coronavirus-tracking-tool-from-apple-and-google-embraced-by-germany/
  8. “The Outlaw Hacking Group was first spotted by TrendMicro in 2018 when the cyber criminal crew targeted automotive and financial industries. The Outlaw Botnet uses brute force and SSH exploit (exploit Shellshock Flaw and Drupalgeddon2 vulnerability) to achieve remote access to the target systems, including server and IoT devices. The first version spotted by TrendMicro includes a DDoS script that could be used by botmaster to set-up DDoS for-hire service offered on the dark web.” https://securityaffairs.co/wordpress/102406/cyber-crime/outlaw-crypto-botnet.html
  9. “For years now, we have been told that when disposing of desktops, laptops, servers, and printers, we need to watch out for hard drives, as they contain critical information that could put your business or personal identity at risk. The solution to this problem has been to remove those hard drives and physically destroy them, or overwrite every bit of data with zeros at least three or more times.  This has been sound advice and has helped us to greatly reduce the risk to our organizations and protect our personal information. However, times are changing, and we need to take this a step further. One area that’s often overlooked is embedded technology. Most embedded devices do not have hard drives, but they still have memory storage.” https://blog.rapid7.com/2020/04/28/risks-in-disposing-of-iot-embedded-technology-2/
  10. “A sophisticated, ongoing espionage campaign aimed at Android users in Asia is likely the work of the OceanLotus advanced persistent threat (APT) actor, researchers said this week. Dubbed PhantomLance by Kaspersky, the campaign is centered around a complex spyware that’s distributed via dozens of apps within the Google Play official market, as well as other outlets like the third-party marketplace known as APKpure.” https://threatpost.com/sophisticated-android-spyware-google-play/155202/
  11. “Timetv.live is the latest Azeri news site targeted by Denial of Service attacks. The 21st of March, the website received a Denial of Service attack after the publishing of an article about Mubariz Mansimov, a businessman who has been imprisoned and claims that the arrest was ordered by the head of SOCAR – State Oil Company of Azerbaijan Rovnag Abdullayev and his cousin Anar Alizade. This report focuses on the forensics of the attack in an attempt to attribute the attack.” https://securityaffairs.co/wordpress/102424/hacking/sandman-ddos-timetv-live.html
  12. “ExecuPharm, a Pennsylvania-based subsidiary of the U.S. biopharmaceutical giant Parexel, provides clinical trial management tools for biopharmaceutical companies. According to a recent data breach notice, various ExecuPharm servers were hit in a ransomware attack on March 13, which compromised “select corporate and personnel information.”  The attack was initiated through phishing emails that were sent to ExecuPharm employees.” https://threatpost.com/hackers-leak-biopharmaceutical-firms-data-stolen-in-ransomware-attack/155237/
  13. “Internet scammers are conducting the kind of business that would probably get them in trouble with the inhabitants of the Continental Hotel.  Tens of thousands of internet users in Spain, Mexico and South America have downloaded pirated copies of “John Wick 3” and other movies that come bundled with malicious software, according to a forthcoming Microsoft security warning viewed by CyberScoop.” https://www.cyberscoop.com/john-wick-3-torrent-malware-contagion-torrent-microsoft/
  14. “Microsoft warned today of ongoing human-operated ransomware campaigns targeting healthcare organizations and critical services and shared tips on how to block new breaches by patching vulnerable internet-facing systems. Many such attacks start with the human operators first exploiting vulnerabilities found in internet-facing network devices or by brute-forcing RDP servers and then deploying the ransomware payloads.” https://www.bleepingcomputer.com/news/security/microsoft-releases-guidance-on-blocking-ransomware-attacks/
  15. “Adobe has released security updates for Adobe Illustrator, Bridge, and Magento that fix numerous vulnerabilities, including ones that could allow remote code execution.  Remote code execution vulnerabilities are considered Critical as they could allow a remote attacker to exploits bugs in public-facing software to execute commands in the security context of the exploited process.” https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-vulnerabilities-in-magento-and-illustrator/
  16. “Multiple vulnerabilities have been discovered in Adobe Bridge that could allow for arbitrary code execution. Adobe Bridge is a file management application that manages files across multiple Adobe programs. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.” https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-bridge-could-allow-for-arbitrary-code-execution-apsb20-19_2020-056/
  17. “Rogue security software affiliates are sending emails that falsely tell recipients that their antivirus software is expiring and then prompt them to renew their license so that the affiliate can earn a commission from the sale. A software affiliate is a third-party that refers visitors to a software company to earn a commission from the sale of their software.” https://www.bleepingcomputer.com/news/security/rogue-affiliates-are-running-fake-antivirus-expiration-scams/
  18. “The American Civil Liberties Union and the Electronic Frontier Foundation argue that the public has a right to know about how U.S. prosecutors tried to force Facebook to decrypt the calls in a 2018 investigation of the MS-13 gang, and why a judge rejected the prosecutors’ effort. The Department of Justice is urging the court to keep the ruling sealed, arguing that making it public could compromise ongoing criminal investigations.” https://www.cyberscoop.com/facebook-encryption-doj-eff-aclu/
  19. “The work-from-home (WFH) paradigm that has become the new normal in the age of coronavirus comes with exacerbated network security risk – as evidenced by growing a number of botnets and automated attacks that are taking advantage of known vulnerabilities in both consumer and corporate IT gear. The situation is forcing IT to adopt new strategies to gain visibility into their network environments.” https://threatpost.com/enterprise-security-woes-explode-home-networks/155280/

#security #cybersecurity #itsecurity #privacy #gdpr #wordpress #blackroselucy #lucy #malware #outlaw #phantomlance #aclu #eff #formjacking

Medium: https://medium.com/@shahidsharif/cyber-security-news-for-28apr2020-c68f8991e8be?sk=bd3a534763d816762f62f3d378ae39cf

LinkedIn: https://www.linkedin.com/pulse/cyber-security-news-28apr2020-shahid-sharif