Cyber Security News for 2Apr2020

  1. “If you use Firefox for browsing Twitter’s platform, media files you privately shared within direct messages or Twitter data archive downloads could have been stored within the browser’s cache. This means that threat actors could have stolen your private data using malicious tools designed to go through Firefox’s cache, while anyone could have got their hands on your personal information if you ever logged in on Twitter from a public computer.” https://www.bleepingcomputer.com/news/security/twitter-reveals-that-firefox-cached-private-data-for-up-to-7-days/
  2. “Owners of WordPress sites who use the Contact Form 7 Datepicker plugin are urged to remove or deactivate it to prevent attackers from creating rogue admins or taking over admin sessions after exploiting an authenticated stored cross-site scripting (XSS) vulnerability.” https://www.bleepingcomputer.com/news/security/wordpress-plugin-bug-can-be-exploited-to-create-rogue-admins/
  3. “The Internal Revenue Service (IRS) today issued a warning to alert about a surge in coronavirus-related scams over email, phone calls, or social media requesting personal information while using economic impact payments as a lure. This scam wave that can lead to identity theft and tax-related fraud is using the SARS-CoV-2 pandemic to trick vulnerable targets into giving away their sensitive info in exchange for help to speed up the COVID-19 economic impact payments.” https://www.bleepingcomputer.com/news/security/irs-warns-of-surge-in-economic-stimulus-payment-scams/
  4. “Researchers at WordFence, a company that provides cybersecurity services for WordPress users, has warned of two security problems in a popular WordPress plugin called Rank Math.” https://nakedsecurity.sophos.com/2020/04/02/dont-get-locked-out-of-your-own-website-update-this-wordpress-plugin-now/
  5. “Corona Virus themed MBR Lockers: MBRLockers are programs that replace the ‘master boot record’ of a computer so that it prevents the operating system from starting and displays a ransom note or other message instead. Some MBRLockers such as Petya and GoldenEye also encrypt the table that contains the partition information for your drives, thus making it impossible to access your files or rebuild the MBR without entering a code or paying a ransom.” https://www.bleepingcomputer.com/news/security/new-coronavirus-themed-malware-locks-you-out-of-windows/
  6. “Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered a complex campaign with several different executable payloads, all focused on providing financial benefits for the attacker in a slightly different way. The first payload is a Monero cryptocurrency miner based on XMRigCC, and the second is a trojan that monitors the clipboard and replaces its content. There’s also a variant of the infamous AZORult information-stealing malware, a variant of Remcos remote access tool and, finally, the DarkVNC backdoor trojan.” https://blog.talosintelligence.com/2020/04/azorult-brings-friends-to-party.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+feedburner%2FTalos+%28Talos%E2%84%A2+Blog%29
  7. “FBI’s warning mentions over 1,200 complaints related to coronavirus scams being received and reviewed since March 30, 2020, with threat actors engaging in phishing campaigns targeting first responders, launching Distributed Denial of Service (DDoS) attacks against government agencies, deployed ransomware on health care facilities, as well as creating fake COVID-19 landing pages to be used in attacks that infect victim’s devices with malware.” https://www.bleepingcomputer.com/news/security/fbi-warns-of-attacks-on-remote-work-distance-learning-platforms/
  8. “Nevertheless, the incidence of Zoombombing has skyrocketed over the past few weeks, even prompting an alert by the FBI on how to secure meetings against eavesdroppers and mischief-makers. This suggests that many Zoom users have disabled passwords by default and/or that Zoom’s new security feature simply isn’t working as intended for all users.  Earlier this week, KrebsOnSecurity heard from Trent Lo, a security professional and co-founder of SecKC, Kansas City’s longest-running monthly security meetup. Lo and fellow SecKC members recently created zWarDial, which borrows part of its name from the old phone-based war dialing programs that called random or sequential numbers in a given telephone number prefix to search for computer modems.” https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/
  9. “Crooks target Android users working from home due to the Coronavirus outbreak with a Trojanized version of the popular video messaging app Zoom.” https://securityaffairs.co/wordpress/100931/malware/trojanized-zoom-android-version.html
  10. “This article will detail five key findings from the Dragos report and will explore the vulnerability of power outages, the threat of supply chain compromise, solar generation utility communications outage in the United States, recommendations for asset owners and operators and the relative position of the United States. We’ll take a closer look at the report and leave you with a more solid understanding of the industrial cybersecurity threat landscape. ” https://resources.infosecinstitute.com/the-state-of-threats-to-electric-entities-4-key-findings-from-the-2020-dragos-report/
  11. “The FCC says STIR/SHAKEN should help to protect consumers against malicious caller ID spoofing, often used in robocall scams to trick us into answering our phones so telemarketers and/or scammers can bleat at us. You know their spiels: home improvement and remodeling services, robots rattling off messages in fast Chinese, or “apply for coronavirus testing here” scams, among so, so many more.” https://nakedsecurity.sophos.com/2020/04/02/phone-carriers-must-authenticate-calls-to-fight-robocalls-says-fcc/
  12. “Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers. According to a report published today and shared with The Hacker News, RiskIQ researchers spotted a new digital skimmer, dubbed “MakeFrame,” that injects HTML iframes into web-pages to phish payment data.” https://thehackernews.com/2020/04/magecart-digital-skimmer.html
  13. “In one of the strangest stories of the year, the COVID-19 virus has halted plans by major browsers to drop support for the ageing and insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols.” https://nakedsecurity.sophos.com/2020/04/02/covid-19-forces-browser-makers-to-continue-supporting-tls-1-0/
  14. “Federal, state and local governments through the Centers for Disease Control and Prevention (CDC) are receiving geolocation metadata from mobile advertising aggregators and companies to understand people’s movements during the coronavirus (COVID-19) pandemic, the Wall Street Journal reported.” https://www.msspalert.com/cybersecurity-breaches-and-attacks/compliance/us-mobile-location-data-coronavirus-pandemic/
#firefox #twitter #wordpress #contactform7datepicker #irs #wordfence #rankmath #petya #goldeneye #mbrlockers #coronavirus #azorult #darkvnc #xmrigcc #remcos #fbi #covid-19scam #office365 #zoombombing #dragos #cybersecurity #security #itsecurity #stirshaken #vishing #calleridspoofing #spoofing #makeframe #magecart