Cyber Security News for 4May2020

  1. “French daily newspaper Le Figaro exposed roughly 7.4 billion records containing personally identifiable information (PII) of employees, reporters, and at least 42,000 users.  The database was discovered by the Safety Detectives team of experts lead by the researcher Anurag Sen, it was over 8TB, the archive also included data of accounts registered between February and April 2020, as well as logs of accesses in the same period.”
  2. “Microsoft is testing a new version of Edge with Insiders and it comes with multiple new features including improved SmartScreen support. Microsoft Edge Dev v84.0.495.2 updates SmartScreen, which is a feature that blocks you from visiting web sites and download that are known to exhibit malicious behavior.”
  3. “Coveware noticed that in Q1 ransomware operators(sodinokibi, ryuk) focused more on large enterprises, forcing payments out of them get unlock keys for their data. On average, the ransom payment for Q1 2020 was $111,605.”
  4. “New research claims that China-based Xiaomi is tracking sensitive information and sending it to their servers if you use the Mi browser, which is bundled with all Redmi and Mi phones.”
  5. “On April 25, 2020, the Philippines National Privacy Commission (“NPC”) issued a statement that it is investigating several breach notifications it has received relating to the unauthorized disclosure of sensitive personal information of confirmed and suspected COVID-19 patients”
  6. ” On Saturday, at around 8 pm (US Pacific coast), hackers have breached the LineageOS servers by exploiting an unpatched vulnerability. LineageOS is a free and open-source operating system for smartphones, tablet computers, and set-top boxes, based on the Android mobile platform. According to the LineageOS team, the attack was quickly detected and attackers had no time to not cause any problem.”
  7. “The Better Business Bureau (BBB) last week raised the alarm on what it says is a spike in online puppy scams it’s seeing now that the pandemic has so many people stuck at home, wistfully imagining that it’s the perfect time to train and bond with a little fluff ball.”
  8. “Furthermore, there are several harmful activities that these hackers can execute from your site after hacking it. Hacking is nothing new to us, but still, we take it lightly. Even if you run a small business, you must learn how to shield it. Such evil minds target anything that they find open to them. Once they enter your site, they can send spam emails; can mislead the data of your consumers, and more. ”
  9. “Cybersecurity researcher Mordechai Guri from Israel’s Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive data from air-gapped and audio-gapped systems using a novel acoustic quirk in power supply units that come with modern computing devices.”
  10. “Unit 42 researchers analyzed 1.2 million newly registered domain (NRD) names containing keywords related to the COVID-19 pandemic from March 9, 2020 to April 26, 2020 (7 weeks). 86,600+ domains are classified as “risky” or “malicious”, spread across various regions , as shown in Figure 1. The United States has the highest number of malicious domains (29,007), followed by Italy (2,877), Germany (2,564), and Russia (2,456).  Unit 42 researchers found 56,200+ of the NRDs are hosted in one of the top four popular cloud service providers (CSPs), such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and Alibaba
  11. “Tokopedia, which is backed by $2 billion in funding from investors including SoftBank and Alibaba, told Reuters Saturday it was investigating an alleged theft of user data, though it maintained that user passwords were still encrypted.”
  12. “The UK’s National Cyber Security Centre (NCSC) warned of targeted attacks against UK universities and scientific facilities that are involved in the COVID-19 research.  The NCSC reported that nation-state actors are carrying out cyber espionage campaigns aimed at gathering intelligence on studies conducted by UK organizations related to Coronavirus pandemic. The threat actors appear very interested in the progress of vaccination research. Intelligence experts belive that nation-state actors behind the attack operate for Russia, Iran, and China.”
  13. “Cognizant’s clients are probably asking some tough questions right now including “Who were the third-party cybersecurity auditors providing the checks and balances risk assessment of Cognizant on behalf of their clients?” Did they even have a third-party audit/attestation?”
  14. “Adult live streaming website CAM4 exposed over 7TB of personally identifiable information (PII) of members and users, stored within more than 10.88 billion database records. The sensitive data was leaked after one of the site’s production databases was left open to Internet access on a misconfigured Elasticsearch cluster, with records dating back to March 16, 2020.”
  15. “A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders.  BleepingComputer was told today about a new ransomware that was deleting all of a victim’s files found in Windows data folders and then creating new “encrypted” files named after the folder name.”
  16. “Microsoft is planning to put a stop to enterprise data theft via email forwarding by disabling Office 365’s email forwarding to external recipients by default.  The company also wants to add improved external email forwarding controls which will allow Office 365 admins to enable the feature only to select employees in their organizations.”
  17. “A feature of the LockBit ransomware allows threat actors to breach a corporate network and deploy their ransomware to encrypt hundreds of devices in just a few hours.  Started in September 2019, LockBit is a relatively new Ransomware-as-a-Service (RaaS) where the developers are in charge of the payment site and development and ‘affiliates’ sign up to distribute the ransomware.”
  18. “GoDaddy notified some of its customers that an unauthorized party used their web hosting account credentials to connect to their hosting account via SSH.  The security incident took place on October 19, 2019, after the company’s security team discovered suspicious activity on a subset of GoDaddy’s servers.”
  19. “The aircraft safety system known as the Traffic Alert and Collision Avoidance System (TCAS) can be coerced into sending an airplane on a mid-air rollercoaster ride – much to the horror of those onboard. Researchers were able to cobble together an effective method for spoofing the TCAS using a $10 USB-based Digital Video Broadcasting dongle and a rogue transponder, for communicating with aircraft.”
  20. “Last week experts from Microsoft detected a COVID-19-themed spam campaign, the messages are crafted to trick users into downloading and mounting ISO or IMG file attachments. The bait ISO or IMG files were infected with a strain of the Remcos remote access trojan (RAT).”

#security #cybersecurity #itsecurity #privacy #lefigaro #sodinokibi #ryuk #npc #lineageOS #saltstack #wordpress #nrd #cam4 #lockbit #raas #remcos #rat #trojan #godaddy #cognizant