Cyber Security News for 29May2020

/ Compliance, cyber security, cybersecurity, Privacy, Risk Management, Security / By
#security #cybersecurity #itsecurity #privacy #bithub #octopusscanner #ics #scada #steganography #c2 #microsoft #tag #himera #absent-loader
Image by https://threatpost.com
  1. “GitHub has issued a security alert on Thursday warning about a new malware strain that’s been spreading on its site via boobytrapped Java projects. The malware, which GitHub’s security team has named Octopus Scanner, has been found in projects managed using the Apache NetBeans IDE (integrated development environment), a tool used to write and compile Java applications.”  https://www.blackhatethicalhacking.com/news/github-warns-java-developers-of-new-malware-poisoning-netbeans-projects/
  2. “Phishing emails, used as the initial attack vector, were tailored and customized under the specific language for each specific victim. The malware used in this attack performed destructive activity only if the operating system had a localization that matched the language used in the phishing email.” reads the report published by Kaspersky. “For example, in the case of an attack on a company from Japan, the text of a phishing email and a Microsoft Office document containing a malicious macro were written in Japanese. “ https://securityaffairs.co/wordpress/103971/hacking/industrial-enterprises-attacks-steganography.html
  3. “Designing a robust command and control infrastructure involves creating multiple layers of command and control. This can be described as tiers. Each tier offers a level of capability and covertness. The idea of using multiple tiers is the same as not putting all your eggs in one basket. If c2 is detected and blocked, having a backup allows operations to continue. C2 tiers generally fall into three categories: Interactive, Short-Haul, and Long-Haul. These are sometimes labeled as Tier I, 2, or 3. There is nothing unique to each tier other than how they are used.” https://www.threathunting.se/2020/05/29/command-control-c2-tier/
  4. “A few weeks ago, our researchers came across a leaked database on the darkweb where a known and reputable actor ‘Toogod” dropped the database of “Taiwan Whole Country Home Registry DB” comprising of 20 Million+ records.” reads a post published by Cyble. https://securityaffairs.co/wordpress/103990/deep-web/taiwan-db-dark-web.html
  5. “Windows 10 release 2004 is out, with a slew of new features. They include several updates to its security and privacy. Here’s what you get when you download it, as outlined in the company’s blog post. Microsoft has updated its System Guard Firmware Measurement. This feature, launched in Windows 10 1903, helps guarantee the integrity of a system when it starts by checking system firmware, and it’s part of a broader System Guard protection feature.”  https://nakedsecurity.sophos.com/2020/05/29/windows-10-adds-new-security-and-privacy-features-in-may-update/
  6. “Criminals have been quick to adapt to the global coronavirus pandemic. Sophos threat researchers have shown how cybercriminals have taken advantage of COVID-19 in myriad ways, and the FBI has warned us about criminals profiteering with advance fee and business email compromise scams.” https://nakedsecurity.sophos.com/2020/05/29/covid-19-tests-ppe-and-antivirual-drugs-find-a-home-on-the-dark-web/
  7. “The American Civil Liberties Union (ACLU) has sued a New York-based startup for amassing a database of biometric face-identification data of billions of people and selling it to third parties without their consent or knowledge” https://threatpost.com/aclu-sues-clearview-ai-over-faceprint-collection-sale/156117/
  8. “Researchers with Google’s Threat Analysis Group (TAG) warned that they’ve spotted a spike in activity from several India-based firms that have been creating Gmail accounts that spoof the World Health Organization (WHO) to send coronavirus-themed phishing emails.” https://threatpost.com/hack-hire-spoof-who-google-credentials/156100/
  9. “Attackers looking to steal employee credentials from organizations tied to the industrial sector deployed highly-targeted operations that delivered malicious PowerShell scripts in images.  The technique is called steganography and in these incidents the actors used public hosting imaging services to evade network traffic scanners and control tools that would flag the malicious download.” https://www.bleepingcomputer.com/news/security/highly-targeted-attacks-on-industrial-sector-hide-payload-in-images/
  10. “Vitalii Antonenko was charged in Massachusetts on multiple counts of conspiracy – to commit computer hacking, launder money and traffic in stolen payment card numbers – in connection with a scheme to sell stolen data on cybercriminal markets. The U.S. Department of Justice announced on Wednesday that Antonenko, 28, was apprehended in March upon his arrival at John F. Kennedy Airport from Ukraine. He was charged Tuesday.”  https://www.cyberscoop.com/hacker-arrest-nyc-jfk-airport/
  11. “Microsoft acknowledged and mitigated a new Windows 10 known issue affecting the Deployment Image Servicing and Management (DISM) tool used to service Windows images prior to deployment.  DISM can be used to prepare images in the Windows image (.wim) or a virtual hard disk (.vhd or .vhdx) formats for Windows PE, Windows Recovery Environment (Windows RE), and Windows Setup.” https://www.bleepingcomputer.com/news/microsoft/microsoft-mitigates-windows-10-2004-known-issue-impacting-dism/
  12. “Researchers at ZLab spotted a new phishing campaign using Covid19 lures to spread Himera and Absent-Loader.  “  https://securityaffairs.co/wordpress/104015/malware/himera-absent-loader-covid19-lures.html

#security #cybersecurity #itsecurity #privacy #bithub #octopusscanner #ics #scada #steganography #c2 #microsoft #tag #himera #absent-loader