Cyber Security News for 3Jun2020

#security #cybersecurity #itsecurity #privacy #ransomware #maze #dopplepaymer #mukashi #trickbot #nasa #spacex #threathunting #sap #youtube #firefox #rce #chromium #edge #sfers #wordpress #rivieramaya
Cyber Security News for 3Jun2020
  1. “Ransomware gangs are teaming up to extort victims through a shared data leak platform, and the exchange of tactics and intelligence.   In November 2019, the Maze Ransomware operators transformed ransomware attacks into data breaches after they released unencrypted data of a victim who refused to pay.  Soon after, they launched a dedicated “Maze News” site used to shame their unpaid victims by publicly releasing stolen data.” https://www.bleepingcomputer.com/news/security/ransomware-gangs-team-up-to-form-extortion-cartel/
  2. “DopplePaymer ransomware gang said it successfully breached the network of Digital Management Inc. (DMI), a Maryland-based company that provides managed IT and cyber-security services on demand.”  https://www.blackhatethicalhacking.com/news/ransomware-gang-says-it-breached-one-of-nasas-it-contractors/
  3. “Living in the cyber-based world of ours these days, no one can deny the effect of the internet and cyber world on our lives. Nearly 4.5 billion people out of 7.77 are considered active internet users nowadays and around 1.75 billion websites exist on the internet, providing a wide range of content and services. Besides all the great impacts of this web-based platform on our every-day life tough, the dangers and threats in the cyber world are great as well. Cyber-attacks by black hat hackers have risen to be one of the greatest threats to businesses and individuals” https://www.threathunting.se/2020/06/03/all-you-need-know-bug-bounty/
  4. “An increasing number of offers for stolen YouTube credentials has been noted recently on hacker and cybercrime forums, where access to accounts is sold in bulk.  Sellers advertise large lists of credentials that are verified for the availability of a YouTube channel and subscriber count.” https://www.bleepingcomputer.com/news/security/youtube-channel-credentials-in-high-demand-on-hacker-forums/
  5. “A new set of critical vulnerabilities uncovered in SAP’s Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios.  The six flaws, disclosed by cybersecurity firm Trustwave today, reside in Sybase Adaptive Server Enterprise (ASE), a relational database management software geared towards transaction-based applications.” https://thehackernews.com/2020/06/newly-patched-sap-ase-flaws-could-let.html
  6. “Mukashi is a variant of the Mirai malware family, which is known for targeting IoT devices. The original Mirai was described as a classic case of racketeering: the creators infected potential clients with Mirai and then would offer their services to remove the threat. The malware would scan IoT devices on a network for vulnerabilities and enslave the vulnerable devices (especially those that were still using their default factory credentials).” https://resources.infosecinstitute.com/mukashi-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/
  7. “Multiple vulnerabilities have been discovered in Mozilla Firefox, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the logged-on user.  Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.” https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-firefox-could-allow-for-remote-code-execution_2020-075/
  8. “The rate of mobile phishing rose sharply between the last quarter of 2019 and the first quarter of 2020, a boost most likely due to the increased number of people working from home due to COVID-19 stay-at-home orders, new research has found.  In fact, encounter rates for enterprise mobile phishing increased 37 percent between the last quarter of 2019 and the first quarter of 2020, from around 16 percent to 22 percent.” https://threatpost.com/enterprise-mobile-phishing-pandemic/156236/
  9. “Distributed denial-of-service attacks against advocacy organizations increased by 1,120% since a Minneapolis police officer killed George Floyd by kneeling on his neck, sparking demonstrations throughout the U.S.” https://www.cyberscoop.com/ddos-advocacy-groups-skyrocket-cloudflare/
  10. “Microsoft’s new Chromium-based Edge web browser is rolling out automatically via Windows Update to customers using Windows 10 1803 or later.  The new Chromium-based version of Microsoft Edge will be delivered as KB4559309 to all users and it will replace the legacy Edge browser on all Windows 10 2004, Windows 10 1909, Windows 10 1903, Windows 10 1809, and Windows 10 1803 devices.” https://www.bleepingcomputer.com/news/microsoft/new-microsoft-edge-rolling-out-to-windows-10-via-windows-update/
  11. “The San Francisco Employees’ Retirement System (SFERS) has suffered a data breach after an unauthorized person gained access to a database hosted in a test environment.  SFERS manages the benefits program for active and retired employees of San Francisco, California.  In a data breach notification filed today, SFERS stated that one of their vendors had set up a test environment that included a database containing the information for approximately 74,000 SFERS members.” https://www.bleepingcomputer.com/news/security/san-francisco-retirement-program-sfers-suffers-data-breach/
  12. “A new module for the infamous trojan known as TrickBot has been deployed: A stealthy backdoor that researchers call “BazarBackdoor.” The binary was first spotted being delivered as part of a phishing campaign that began in March, according to an analysis from Panda Security this week. The campaign used the legitimate marketing platform Sendgrid to reach targets in a mass-mailing fashion; however, the emails were well-crafted, with the operators making an effort to make the phishing links inside the emails look legitimate. The link addresses also corresponded to the emails’ lures, researchers said.” https://threatpost.com/trickbot-bazarbackdoor-malware-arsenal/156243/
  13. “Microsoft Office 365 customers are targeted by a phishing campaign using bait messages camouflaged as notifications sent by their organization to update the VPN configuration they use to access company assets while working from home.  The phishing emails impersonating VPN configuration update requests sent by their company’s IT support department have so far landed in the inboxes of up to 15,000 targets according to stats from researchers at email security company Abnormal Security.” https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-remote-workers-with-fake-vpn-configs/
  14. “Microsoft announced the security baseline draft release for Windows 10 and Windows Server, version 2004, and the intention to add new account password length security policies with the Windows 10 May 2020 Update.  The Windows 10 security baseline enables enterprise security admins to use Microsoft-recommended Group Policy Object (GPO) baselines to boost the overall security posture and reduce a Windows 10 device’s attack surface.” https://www.bleepingcomputer.com/news/microsoft/windows-10-version-2004-adds-new-account-password-policies/
  15. “Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting (XSS) vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials.  The attacks were aiming to download wp-config.php, a file critical to all WordPress installations. The file is located in the root of WordPress file directories and contains websites’ database credentials and connection information, in addition to authentication unique keys and salts. By downloading the sites’ configuration files, an attacker would gain access to the site’s database, where site content and credentials are stored, said researchers with Wordfence who spotted the attack.” https://threatpost.com/attackers-target-1m-wordpress-sites-to-harvest-database-credentials/156255/
  16. “The Cycldek APT group has added a previously unknown malware dubbed USBCulprit to its arsenal, aimed at reaching air-gapped devices.Cycldek (a.k.a. Goblin Panda, APT 27 and Conimes) has been targeting governments in Southeast Asia since 2013, according to analysis from Kaspersky, and has been steadily adding more sophisticated tools over time. In the case of USBCulprit, it has been deployed against targets in Vietnam, Thailand and Laos, according to the firm.” https://threatpost.com/info-stealer-air-gapped-devices-usb/156262/
  17. “The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stolen unencrypted data, and encrypted their computers.  UCSF is a research university located in San Francisco, California, and is entirely focused on health sciences.  According to the U.S. News & World Report’s college rankings, UCSF ranks #2 in medical schools for research and #6 in best medical schools for primary care.” https://www.bleepingcomputer.com/news/security/netwalker-ransomware-continues-assault-on-us-colleges-hits-ucsf/
  18. “An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2 billion and enjoyed the protection of top Mexican authorities.” https://krebsonsecurity.com/2020/06/romanian-skimmer-gang-in-mexico-outed-by-krebsonsecurity-stole-1-2-billion/

#security #cybersecurity #itsecurity #privacy #ransomware #maze #dopplepaymer #mukashi #trickbot #nasa #spacex #threathunting #sap #youtube #firefox #rce #chromium #edge #sfers #wordpress #rivieramaya