Cyber Security News for 6Apr2020

/ cyber security, cybersecurity, Security / By
  1. “Researcher has found a security issue in the Windows client of the popular video conferencing service, Zoom, that can be used for limited remote code execution and, worse, to capture and replay security tokens to access network resources. The app has vulnerability [1] in handling of Uniform Resource Identifier paths, which can result in Universal Naming Convention (UNC) [2] injection.” https://www.andreafortuna.org/2020/04/01/be-careful-a-windows-flaw-lets-zoom-leak-network-credentials-and-run-code-remotely/
  2. ““wininit.exe” stands for Windows Initialization. This process is an essential part of the Windows OS and it runs in the background. “wininit.exe” is responsible for launching the Windows Initialization process.” https://www.threathunting.se/2020/04/06/wininit-exe-the-most-important-windows-processes-for-threat-hunting/
  3. “As the coronavirus pandemic continues to worsen, remote-collaboration platforms – now fixtures in many workers’ “new normal” – are facing more scrutiny. Popular video-conferencing app Zoom may currently be in the cybersecurity hot seat, but other collaboration tools, such as Slack, Trello, WebEx and Microsoft Teams, are certainly not immune from cybercriminal attention.” https://threatpost.com/beyond-zoom-safe-slack-collaboration-apps/154446/
  4. “A rival hacking forum has yet again hacked OGUsers – the second time in a year – and yet again doxxed its database for one and all to grab, fast on the heels of the attack.  OGUsers is a forum devoted to trading stolen Instagram, Twitter and other accounts, with a special place in its dark heart for hackers who like to trade SIM swappers’ stolen phone numbers and Bitcoin accounts.” https://nakedsecurity.sophos.com/2020/04/06/hackers-forum-hacked-ogusers-database-dumped-again/
  5. “Mozilla patched two critical zero-days in Firefox 74.0.1. The vulnerabilities were exploited in the wild through targeted attacks. Mozilla is now urging users to update their Firefox browsers to fix the two bugs. The two vulnerabilities, tracked as CVE-2020-6819 and CVE-2020-6820, are both use-after-free. Use-after-free flaws are a type of memory corruption that could lead to corruption of valid data and also attackers could exploit these types of vulnerabilities to execute arbitrary codes.” https://www.threathunting.se/2020/04/06/firefox-patches-critical-vulnerabilities-exploited-in-the-wild/
  6. “As the Guardian reported that Zoom is Malware, some experts believe so. But no, Zoom is not malware. Rather, it’s a piece of legitimate software that’s, unfortunately, just full of security vulnerabilities and we’re just now getting to know about it as the app was never scrutinized this thoroughly before” https://thehackernews.com/2020/04/zoom-cybersecurity-hacking.html
  7. “These are extraordinary times, but human rights law still applies. Indeed, the human rights framework is designed to ensure that different rights can be carefully balanced to protect individuals and wider societies. States cannot simply disregard rights such as privacy and freedom of expression in the name of tackling a public health crisis. On the contrary, protecting human rights also promotes public health. Now more than ever, governments must rigorously ensure that any restrictions to these rights is in line with long-established human rights safeguards.” https://nakedsecurity.sophos.com/2020/04/06/rights-groups-appeal-to-governments-over-covid-19-surveillance/
  8. “Adequate web server security requires proper understanding, implementation and use of a variety of different tools. In this article, we will take a look at some command line tools that can be used to manage the security of web servers. The tools reviewed will demonstrate how to perform tasks such as hashing strings in the Base64 hashing algorithm, hexdump for file analysis, gzip for file compressions and decompression, tcpdump for traffic analysis and several others.” https://resources.infosecinstitute.com/category/certifications-training/web-server-security/command-line-fu-for-web-server-protection/
  9. “Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai. State-sponsored hackers used a zero-day vulnerability in Sangfor SSL VPN servers to gain access to victims’ networks. The first Darkhotel espionage campaign was spotted by experts at Kaspersky Lab in late 2014, according to the researchers the APT group has been around for nearly a decade while targeting selected corporate executives traveling abroad.” https://securityaffairs.co/wordpress/101151/apt/darkhotel-hit-china.html
  10. “There’s been a bit of a buzz in the news lately over an “epic new feature” in the next Apple iPad model – the one that’s supposed to come out this year. A microphone switch!” https://nakedsecurity.sophos.com/2020/04/06/will-apples-microphone-switch-stop-your-ipad-getting-bugged/
  11. “The INTERPOL (International Criminal Police Organisation) warns that cybercriminals are increasingly attempting to lockout hospitals out of critical systems by attempting to deploy ransomware on their networks despite the currently ongoing COVID-19 outbreak. This doesn’t come as a surprise even though some operators behind various ransomware strains have told BleepingComputer last month that they will stop targeting health and medical organizations during the pandemic.” https://www.bleepingcomputer.com/news/security/interpol-ransomware-attacks-on-hospitals-are-increasing/
  12. “Knowing this, threat actors have started distributing Zoom client installers bundled with malware such as Coinminers, Remote Access Trojans, and adware bundles.” https://www.bleepingcomputer.com/news/security/psa-fake-zoom-installers-being-used-to-distribute-malware/
  13. “In total, five S3 buckets belonging to Key Ring were exposed, all containing valuable, private information that could have serious security implications for millions of people,” https://securityaffairs.co/wordpress/101163/data-breach/key-ring-data-leak.html
  14. “There were more zero-days exploited in 2019 than any of the previous three years, according to telemetry from FireEye Mandiant. The firm said that’s likely due to more zero-days coming up for sale by cyber-weapons dealers like NSO Group; a growing commercial market has made such tools much more widely available.” https://threatpost.com/brisk-private-trade-zero-days/154502/
  15. “Over 350,000 of all Microsoft Exchange servers currently exposed on the Internet haven’t yet been patched against the CVE-2020-0688 post-auth remote code execution vulnerability affecting all supported Microsoft Exchange Server versions.” https://www.bleepingcomputer.com/news/security/80-percent-of-all-exposed-exchange-servers-still-unpatched-for-critical-flaw/

#zoom #rce #replayattack #threathunting #winnit #collaboration  #rostelecom #cdn #bgphijack #as12389 #surveillance #Qihoo 360 #darkhotel #sangforsslvpn #aptc06 #sangfor #zeroday #microsoftexchange #cve-2000-0688 #nsogroup