Cyber Security News for 31Mar2020

  1. “The FBI has issued an alert on Monday about state-sponsored hackers using the Kwampirs malware to attack supply chain companies and other industry sectors as part of a global hacking campaign.” https://www.zdnet.com/article/fbi-re-sends-alert-about-supply-chain-attacks-for-the-third-time-in-three-months/
  2. “Smartphone tracking is becoming the front-end for coronavirus population tracking—be that individuals confined to their homes, curfews, contact tracing or aggregated analysis on the impact of social distancing. A smartphone is a proxy for a person. Track the phones and you track the people. Each device can be uniquely tied to its owner, whether in Beijing or Boston, Shanghai or Seattle.” https://www.forbes.com/sites/zakdoffman/2020/03/30/forget-chinas-excessive-coronavirus-surveillance-this-is-americas-surprising-alternative/?subId3=xid%3Afr1585637143842ijd#21bea677773c
  3. “We like to track Magecart attacks, and though there seem to be endless reports of persistent Magecart infections, the vast majority are low grade spray-and-pray operations that do not target specific stores. While following reports on these infections, we stumbled upon a very poorly maintained server connected to a very loud operation named Inter. Upon reverse engineering this server, we found ourselves in conversation with the hackers themselves who revealed much more information about the Inter toolkit operation. This blog post shares some of the findings and explores how digital skimming is evolving into a service.” https://www.perimeterx.com/resources/blog/2020/skimming-as-a-service-anatomy-of-a-magecart-attack-toolkit/
  4. “Fast forward to 2020 and we have a lot less to worry about on the reliability front, but we still face a clear and present danger from data loss due to malware, notably ransomware.” https://nakedsecurity.sophos.com/2020/03/31/5-tips-for-keeping-your-data-safe-this-world-backup-day/
  5. “Recently in Norway a school had to stop using the Whereby video conference service because during a video lesson a man broke into the group video conference and ?showed himself naked.” https://www.andreafortuna.org/2020/03/31/some-security-thoughts-about-videocalls/
  6. “No, we don’t know why people start hoaxes like this. You can do your bit by not forwarding them, not even “just in case”.  https://nakedsecurity.sophos.com/2020/03/31/instant-bank-fraud-warning-spread-on-whatsapp-is-a-hoax/
  7. “Huawei hopes Google apps and services will be available through its own app store — a new idea for the company looking to attract users to its latest handsets without the licensed Android operating system. Last year, Huawei was put on a U.S. blacklist known as the Entity List, which restricted American firms from doing business with the Chinese telecommunications company. Google was forced to stop licensing its Android mobile operating system to Huawei. https://www.cnbc.com/2020/03/31/huawei-wants-to-put-google-apps-in-its-own-app-store-after-android-block.html
  8. “On Monday a user of the popular video-conferencing software Zoom filed a class action lawsuit against the company for sending data to Facebook. The lawsuit argues that Zoom violated California’s new data protection law by not obtaining proper consent from users about the transfer of the data.” https://www.vice.com/en_us/article/pke4vb/zoom-faces-class-action-lawsuit-for-sharing-data-with-facebook
  9. “WITH HUNDREDS OF millions of people sheltering in place and quarantining around the world due to the novel coronavirus pandemic, and many brick-and-mortar stores temporarily closed, online shopping has become even more of a lifeline. As consumers ramp up their online spending, though, the criminals who hack websites to digitally “skim” credit card numbers are having a field day.” https://www.wired.com/story/magecart-credit-card-skimmers-coronavirus-pandemic/
  10. “Microsoft’s Remote Desktop Protocol has been saddled with security bugs and weaknesses, which means you need to take certain precautions when using RDP for remote connections.” https://www.techrepublic.com/article/how-to-better-secure-your-microsoft-remote-desktop-protocol-connections/
  11. “Microsoft announced today that it will delay disabling support for the insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols from Microsoft web browsers because of the current global situation until the second half of 2020, with an estimated time of roll out during July.” https://www.bleepingcomputer.com/news/security/microsoft-delays-disabling-insecure-tls-in-browsers-until-july/
  12. “Trickbot is typically delivered via a spam email containing a malicious document or malicious URL. In most cases, the subject of the emails will contain wording that is intended to alarm the person who received it, such as an issue with a credit or debit card, and in recent examples preying on fears of the COVID-19 virus. Once this document has been opened, a macro will execute and download the next stage of the infection process. In some cases, the second stage of this infection chain is a loader like Emotet which in turn drops Trickbot. In a reverse of roles, Trickbot has also been commonly observed to drop other malware families.” https://blog.talosintelligence.com/2020/03/trickbot-primer.html
  13. “Hotel chain Marriott disclosed today a security breach that impacted more than 5.2 million hotel guests who used the company’s loyalty app. According to a breach notification posted on its website, the hotel chain learned of the security breach at the end of February, when it discovered that a hacker had used the login credentials of two employees from one of its franchise properties to access customer information from the app’s backend systems.” https://www.zdnet.com/article/marriott-discloses-new-data-breach-impacting-5-2-million-hotel-guests/
  14. “A critical privilege escalation vulnerability found in the WordPress SEO Plugin – Rank Math plugin can allow attackers to give administrator privileges to any registered user on one of the 200,000 sites with active installations if left unpatched.” https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-bug-lets-hackers-turn-users-into-admins/
  15. “On December 4, 2019, Kaspersky experts discovered a watering hole attack, tracked Holy Water, aimed at an Asian religious and ethnic group. The campaign has been active since at least May 2019 and hit delivered fake Adobe Flash update warnings to the victims.” https://securityaffairs.co/wordpress/100818/hacking/holy-water-watering-hole-attacks.html
  16. “Security expert Bob Diachenko discovered that 42 million Iranian ‘Telegram’ user IDs and phone numbers have been leaked online.” https://securityaffairs.co/wordpress/100810/data-breach/unofficial-telegram-fork-leak.html

#kwampirs #malware #surveillance #magecart #databackup #Huawei #trickbot #emotet #ryuk #marriot #breach #holywater #apt #iran #telegram