Cyber Security News for 30Apr2020

  1. “Multiple vulnerabilities have been discovered in Magento CMS, the most severe of which could allow for arbitrary code execution. Magento is a web-based e-commerce application written in PHP. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.” https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-magento-cms-could-allow-for-remote-code-execution-apsb20-22_2020-057/
  2. “Over the last several weeks, a group of unidentified hackers have been methodically testing a new piece of code designed to steal credentials people use to log into banks and other financial institutions. Like many a product developer, the hackers have been fine-tuning the malicious software to make it more effective in siphoning off data from a mobile phone.” https://www.cyberscoop.com/eventbot-banking-trojan-android-malware-cybereason/
  3. “Researchers have disclosed critical-severity flaws in three popular WordPress plugins used widely by colleges and universities: LearnPress, LearnDash and LifterLMS. The flaws, now patched, could allow students to steal personal information, change their grades, cheat on tests and more.” https://threatpost.com/critical-wordpress-e-learning-plugin-bugs-cheating/155290/
  4. “As reported by TechCrunch, digital attackers succeeded in stealing 700 records associated with current and former Chegg employees. Those records contained individuals’ personally identifiable information (PII) including their names and Social Security Numbers.” https://www.tripwire.com/state-of-security/security-data-protection/chegg-confirmed-data-breach-of-employee-records/
  5. “To drive down risk while achieving meaningful operational outcomes, intelligence must be embedded into the core of every security workflow, function, and decision. This requires a unified approach for collecting, analyzing, and automating data and insights.” https://www.recordedfuture.com/security-intelligence-definition/
  6. “The ways that supplier imposter scams work, point out some potential red flags and explain the most effective remedial measures to prevent supplier imposter scams.” https://resources.infosecinstitute.com/overview-of-phishing-techniques-urgent-limited-supplies/
  7. “How to use the array of security features that accompany Edge in Windows 10, including sandboxing, plugins and extensions, SmartScreen, Application Guard and App & Browser control.” https://resources.infosecinstitute.com/category/certifications-training/securing-windows-ten/web-browser-security-in-windows-10/how-to-use-microsoft-edge-security-features/
  8. “Starting in 2012 and on up to his arrest while mulling a menu in a Czech restaurant in 2016, Yevgeniy Nikulin allegedly triggered mega-breaches at big-name online companies LinkedInDropbox and Formspring.Justice has already been slow in this case, and the pandemic isn’t helping: His trial has been postponed for a third time.” https://nakedsecurity.sophos.com/2020/04/30/coronavirus-delays-trial-of-alleged-russian-hacker-a-third-time/
  9. “Third-party risk management is an essential element of information security. It is common to see news about a large company being breached, and after learning more, you find out the breach was the result of a vendor. When you depend on another organization for a critical business process and allow them access to your network, facility, or data, there is risk to your organization—and it is essential to manage that risk.” https://www.trustedsec.com/blog/vendor-enablement-rethinking-third-party-risk/
  10. “In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany, the UK, Netherlands, Hong Kong, and Singapore.  Dubbed ‘PerSwaysion,’ the newly spotted cyberattack campaign leveraged Microsoft file-sharing services—including Sway, SharePoint, and OneNote—to launch highly targeted phishing attacks.” https://thehackernews.com/2020/04/targeted-phishing-attacks-successfully.html
  11. “A hacking group known as Pirate Panda, which has possible ties to the Chinese government, is trying to trick Vietnamese government officials into clicking on malicious Microsoft Excel documents attached to emails purportedly detailing festivities for Vietnamese holidays, according to research the threat intelligence firm Anomali shared with CyberScoop.” https://www.cyberscoop.com/south-china-sea-maritime-hacking-vietnam/
  12. “Clop ransomware leaked files stolen from U.S pharmaceutical company ExecuPharm after ransom negotiations allegedly failed.  ExecuPharm is a contract research organization (CRO) that provides clinical research support services to companies from the pharmaceutical industry.” https://www.bleepingcomputer.com/news/security/clop-ransomware-leaks-execupharms-files-after-failed-ransom/
  13. “In a court filing made public this week, Facebook asked a federal judge to disqualify law firm King & Spalding from representing NSO Group because the firm previously represented Facebook-owned WhatsApp in a different sealed case that is “substantially related” to the NSO Group one. King & Spalding, an Atlanta-based firm with a range of big corporate clients, has denied there is a conflict of interest, according to the filing.” https://www.cyberscoop.com/nso-group-lawsuit-whatsapp-conflict-of-interest-king-spalding/
  14. “Kaspersky has released an updated decryptor for the Shade Ransomware (Troldesh) that allows all victims who have their files encrypted to recover them for free.  Shade Ransomware, otherwise known as Troldesh, is an old ransomware that has been infecting victims since 2014 and was known to be the most distributed ransomware via email.” https://www.bleepingcomputer.com/news/security/shade-ransomware-decryptor-can-now-decrypt-over-750k-victims/
  15. “The open-source Salt management framework contains high-severity security vulnerabilities that allow full remote code execution as root on servers in data centers and cloud environments. And in-the-wild attacks are expected imminently.” https://threatpost.com/salt-bugs-full-rce-root-cloud-servers/155383/
  16. “US government agencies’ chief information officers were recommended today to disable third-party encrypted DNS services until an official DNS resolution service with DNS over HTTPS (DoH) and DNS over TLS (DoT) support is ready.” https://www.bleepingcomputer.com/news/security/us-govt-agencies-to-disable-doh-until-federal-service-is-ready/

#security #cybersecurity #itsecurity #privacy #magento #php #learnpress #learndash #lifterlms #wordpress #eventbot #android #perswaysion #doh #dot #dns