Cyber Security News for 5May2020

/ Compliance, cyber security, cybersecurity, Privacy, Risk Management, Security / By
  1. “Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.” https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-arbitrary-code-execution_2020-059/
  2. “If you’ve been ignoring their copyright infringement notices, the record companies may soon be calling. Last week, a court-appointed arbiter ordered the internet provider to give a group of major record labels the personal details of alleged pirates. Charter Communications, an ISP in the US, has been ordered to hand over personally identifying information (PII) for over 11,000 alleged pirates.” https://nakedsecurity.sophos.com/2020/05/05/reveal-the-identities-of-alleged-pirates-court-tells-isp/
  3. “At the weekend Mozilla announced that it is testing an experimental service called Firefox Private Relay that it thinks will offer an appealing solution to this issue.  Installing as an extension, Private Relay will let users generate a random, temporary email addresses at the click of a button, explains Mozillahttps://nakedsecurity.sophos.com/2020/05/05/firefoxs-private-relay-service-tests-anonymous-email-alias-feature/
  4. “In a regulatory notice published on its website, FINRA revealed that malicious actors had sent out fraudulent emails in which they had impersonated officers at the regulatory authority including Bill Wollman and Josh Drobnyk. All of those fraudulent messages originated from the domain “broker-finra[.]org,” and they demanded that the recipient dedicate their “immediate attention” to sending back sensitive firm data.” https://www.tripwire.com/state-of-security/security-data-protection/digital-fraudsters-masquerading-as-finra-in-phishing-emails/
  5. “The smartphone maker has begun rolling out an update to its Mi Browser/Mi Browser Pro (v12.1.4) and Mint Browser (v3.4.3) after concerns were raised over its practice of transmitting web browsing histories and device metadata to the company servers.  The new privacy setting now allows Mi Browser users to disable aggregated data collection feature while in Incognito Mode, but it bears noting that it’s not enabled by default.”  https://thehackernews.com/2020/05/xiaomi-browser-history.html
  6. “Recently, the OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability, tracked as CVE-2020-1967, that can be exploited by attackers to launch denial-of-service (DoS) attacks. The CVE-2020-1967 vulnerability has been described as a “segmentation fault” in the SSL_check_chain function, it is the first issue addressed in OpenSSL in 2020.” https://securityaffairs.co/wordpress/102763/hacking/cve-2020-1967-dos-openssl-exploit.html
  7. “When I first joined Shopify, we were challenged to scale our team alongside our relatively new bug bounty program. I was excited to bring my insights and improve upon a program that hackers would engage with. Our goal has always been to build upon the success of our hacker-powered security programs with a concerted effort to promote transparency and attract talent. With the extra sets of eyes, we are able to implement more checks and balances to harden our attack surfaces.” https://www.cyberscoop.com/shopify-bug-bounty-five-years/
  8. “With many organizations in search of qualified security managers, it’s a great time for professionals to prepare for a cybersecurity manager or information security manager career with great opportunities and salary projections. In addition to a college degree in computer science, cybersecurity or a related technical field, candidates need years of experience managing security operations and teams and, above all, the ability to prove continued training and solid security and management certifications.” https://resources.infosecinstitute.com/cybersecurity-manager-certifications-compared-cipm-vs-cism-vs-gslc-vs-cissp/
  9. “This past Tuesday (April 28, 2020), Adobe released several out-of-band security patches that fixed these issues. These vulnerabilities are identified as CVE-2020-9570, CVE-2020-9571, CVE-2020-9572, CVE-2020-9573 and CVE-2020-9574. All these vulnerabilities have different root causes related to a multitude of Illustrator Plugins. Due to the critical rating of these vulnerabilities, we suggest users apply these Adobe patches as soon as possible.”  https://www.fortinet.com/blog/threat-research/fortiguard-lab-researcher-discovers-multiple-critical-vulnerabilities-in-adob-illustrator-cc-2020.html
  10. “We don’t just believe security intelligence is for everyone — we’re also making it happen. Today, we’re thrilled to introduce Recorded Future Express — our new browser extension that delivers elite security intelligence at zero cost.” https://www.recordedfuture.com/free-security-intelligence/
  11. “The U.S. Department of Homeland Security’s cybersecurity division and the U.K.’s National Cyber Security Centre (NCSC) “are currently investigating a number of incidents in which threat actors are targeting pharmaceutical companies, medical research organizations, and universities,” the agencies said in a joint advisory. They did not point the finger at particular governments.” https://www.cyberscoop.com/coronavirus-research-hacking-warning/
  12. “Recently, security researcher Juan Andres Guerrero-Saade revealed a previously misidentified and unknown threat group, called Nazar, which was part of the last leak by the Shadow Brokers. In this research, we will expand upon the analysis done by Juan and another which was written by Maciej Kotowicz, and will provide an in-depth analysis of each of the Nazar components. But the real question is, do those new revelations add a missing piece to the puzzle, or do they show us how much of the puzzle we are missing?” https://research.checkpoint.com/2020/nazar-spirits-of-the-past/
  13. “Kaiji, which was discovered in late April by security researcher “MalwareMustDie” and researchers with Intezer, is unique in its custom tooling, created in the Golang programming language. Previous types of IoT malware have mainly derived their tooling from previous botnets (including multiple botnets that are variants of Mirai), which are typically written in the C or C+ programming language.” https://threatpost.com/kaiji-botnet-iot-linux-devices/155463/
  14. “Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform.” https://thehackernews.com/2020/05/citrix-sharefile-vulnerability.html
  15. “A security flaw in patches from game developer Naughty Dog gave hackers access to unreleased content from the upcoming The Last of Us Part II that was stored in an Amazon S3 bucket.” https://www.bleepingcomputer.com/news/security/game-patch-gives-hackers-access-to-development-content-on-amazon-s3/
  16. “Europol announced today that Polish and Swiss law enforcement authorities dismantled the ‘InfinityBlack’ hacker group after arresting five of its members in Poland last week.  This cybercrime gang was involved in distributing hundreds of millions of stolen user credentials in the form of collections of hundreds of millions of credentials (123) via the Infinity Black marketplace, in creating and distributing malware and hacking tools, as well as fraud.” https://www.bleepingcomputer.com/news/security/infinityblack-hacker-group-dismantled-by-european-authorities/
  17. “The Toll Group has suffered its second ransomware cyberattack in three months, with the latest one conducted by the operators of the Nefilim Ransomware. Toll Group is Asia Pacific’s leading provider of trans portion and logistics services, employing roughly 44,000 people at 1,200 locations in more than 50 countries.” https://www.bleepingcomputer.com/news/security/toll-group-hit-by-ransomware-a-second-time-deliveries-affected/
  18. “In the company’s first action against the QAnon group, Facebook says it removed 20 accounts, six groups and five pages caught fabricating personas to like and comment on their own posts to build engagement. Some 133,000 accounts followed one or more of the pages, while 30,000 accounts were involved in at least one of the groups, according to Facebook. That large influence network came without the individuals behind the effort spending more than $1 on Facebook ads.” https://www.cyberscoop.com/qanon-facebook-removal-vdare/
  19. “CPC Corp., an important national asset responsible for importing liquefied natural gas (LNG), said Tuesday that, after hackers attacked its IT network, the company had restored some of it computers and servers. Although the attack didn’t affect the company’s energy production, it did disrupt some customers’ efforts to use CPC Corp.’s payment cards to purchase gas.” https://www.cyberscoop.com/cpc-corp-ransomware-attack-taiwan-trend-micro/
  20. “Highly targeted emails have been sent to a few executives – including one at a leading financial firm – purporting to be from British internet service provider EE, which as of 2019 is one the largest mobile network operators in the UK, with around 32 million customers. The phishing campaign comes with a few sloppy red flags that eagle-eyed recipients might pick up on – but researchers say its use of HTTPS and SSL certificates for its landing page help it evade detection.” https://threatpost.com/spear-phishing-attack-spoofs-ee-to-target-executives/155480/
  21. “Microsoft released the May 2020 non-security Microsoft Office updates with fixes for several issues and performance improvements to Windows Installer (MSI) editions of Office 2016 and Office 2013.  For instance, the KB4484328 update fixes an issue leading to blank authentication prompts being displayed when offline auth is enabled in Microsoft Office 2016. KB4484337 fixes another auth issue affecting PowerPoint 2016 where the password dialog box remains enabled even after disabling it using the DisablePasswordUI registry key.” https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-may-office-updates-with-fixes-for-auth-issues/
  22. “The COVID-19 Cyber Threat Coalition has released a block list of known URLs and domain names associated with Coronavirus-themed scams, phishing attacks, and malware threats.  The coalition is a volunteer organization created towards the end of March 2020 to disseminate information about new threats trying to take advantage of the Coronavirus pandemic.” https://www.bleepingcomputer.com/news/security/cyber-volunteers-release-blocklists-for-26-000-covid-19-threats/
  23. “Hackers have launched a massive attack against more than 900,000 WordPress sites seeking to redirect visitors to malvertising sites or plant a backdoor if an administrator is logged in.  Based on the payload, the attacks seem to be the work of a single threat actor, who used at least 24,000 IP? addresses over the past month to send malicious requests to more than 900,000 sites.” https://www.bleepingcomputer.com/news/security/massive-campaign-targets-900-000-wordpress-sites-in-a-week/

#security #cybersecurity #itsecurity #privacy #risk #compliance #piracy #android #google #firefox #finra #xiaomi #dos #openssl #shopify #bugbounty #dmca #bittorrent #popcorntime #ncsc #dhs #nazar #citrix #sharefile #naughtydog #s3 #infinityblack #wordpress