Cyber Security News for 6May2020

  1. “A hacker claims to have stolen over 500GB of data from Microsoft’s private GitHub repositories, BleepingComputer has learned.  This evening, a hacker going by the name Shiny Hunters contacted BleepingComputer to tell us they had hacked into the Microsoft GitHub account, gaining full access to the software giant’s ‘Private’ repositories.” https://www.bleepingcomputer.com/news/security/hacker-claims-to-have-breached-microsofts-github-private-repos/
  2. “Maze has been the ransomware of choice during the current proliferation of attacks and, as might be expected, it comes with a clever (some might say evil) twist. In addition to the typical Bitcoin payment, Maze, which was discovered in May 2019, also threatens to post patient records online.” https://www.tripwire.com/state-of-security/healthcare/maze-ransomware-targets-hospitals-labs-fighting-coronavirus/
  3. “Zoom has exploded in the last couple months, going from 10 million meeting participants as of December to over 200 million as of today.  With this increase in usage, Zoom’s security has been drawn into the light. Several friends and family have asked me if using Zoom was safe to use and the answer is that it depends on several things, but using a few security tips, they can keep their online conferences safe and protected.” https://www.tripwire.com/state-of-security/security-data-protection/getting-zoom-security-right-8-tips-family-friends/
  4. “The database contains personally-identifiable and subscription information for 44,000,000 Pakistanis, including customer full names, home addresses (city, region, street name), National identification (CNIC) numbers, mobile phone numbers, landline numbers, and dates of subscription.” https://securityaffairs.co/wordpress/102795/data-breach/pakistani-mobile-users-leak.html
  5. “SAP continuously reviews and optimizes its cybersecurity infrastructure. The company has identified that some of its cloud products do not meet one or several contractually agreed or statutory IT security standards at present. Specifically, the affected products are limited to the acquired entity products SAP Success Factors, SAP Concur, SAP/CallidusCloud Commissions, SAP/Callidus Cloud CPQ; as well as C4C/Sales Cloud, Cloud Platform and Analytics Cloud.” https://securityaffairs.co/wordpress/102819/security/sap-cloud-products-flaws.html
  6. National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) introduced a project to help organizations to detect and respond effectively to data integrity attacks across multiple industries. This project includes a wide range of design rules and technologies to develop a best fit solution that can help the market fight this emergent threat.” https://resources.infosecinstitute.com/nist-ransomware-recovery-guide-what-you-need-to-know/
  7. “More than six years after Facebook launched its ambitious Free Basics program to bring the Internet to the masses, the social network is back at it again with a new zero-rating initiative called Discover.” https://thehackernews.com/2020/05/facebook-discover-free-internet.html
  8. “Even a single liability can cause colossal damage.  Therefore one must learn about WordPress security issues to avoid any such problem. The goal of the hackers is visible, which is using the site maliciously. Hence, you must gather the ways to keep your website away from their sight.” https://hackercombat.com/keep-your-data-safe-get-a-glimpse-of-basic-wordpress-security-issues/
  9. “Since at least February 2019, the hackers, who have begun impersonating CEOs and banks in their lure documents, have introduced at least seven updates to the malicious software known as EVILNUM, which enables attackers to upload and download files, harvest tracking cookies, and run arbitrary commands.” https://www.cyberscoop.com/evilnum-financial-malware-prevailion/
  10. “Automation is a powerful asset to any company — unfortunately, automation is also a powerful tool that cybercriminals leverage to attack their targets. Threat actors can use it to control the distribution and communication of malware, provide commands, and initiate future phases of an attack — such as deploying additional malware.”  https://www.recordedfuture.com/automated-cyber-threats/
  11. “Microsoft has launched a bug-bounty program for its Azure Sphere offering, which is a security suite for the internet of things (IoT) that encompasses hardware, OS and cloud elements. The top reward will come in at $100,000.” https://threatpost.com/microsoft-100k-iot-security-azure-sphere/155517/
  12. “Fresenius Group, a big European health care conglomerate, said Wednesday that a computer virus had infected at least one of its businesses’ IT systems. It’s another sign that malicious hackers see medical organizations as fair game despite a global health crisis.” https://www.cyberscoop.com/fresenius-health-care-cyberattack-coronavirus/
  13. “Online learning platform Unacademy has suffered a data breach after a hacker gained access to their database and started selling the account information for close to 22 million users.” https://www.bleepingcomputer.com/news/security/hacker-sells-22-million-unacademy-user-records-after-data-breach/
  14. “Hackers have created and used a fake icon portal to host and load a JavaScript web skimmer camouflaged as a favicon onto compromised e-commerce portals to steal their customers’ credit card and personal information.” https://www.bleepingcomputer.com/news/security/hackers-use-website-favicon-to-camouflage-credit-card-skimmer/
  15. “Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.” https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2020-060/
  16. Chinese hackers have long been known to collect information on government contracting work in the U.S. But the group singled out in this alert, known as Electric Panda, is not as well-known in the cybersecurity community as its peers. Prior to the DCSA alert, the only reference to this group is from a 2013 presentation from CrowdStrike. The security company declined to comment on the bulletin.” https://www.cyberscoop.com/dcsa-cybersecurity-bulletin-leaking-sinkhole-electic-panda-anubis/
  17. “The Windows 10 Insider Preview Build 19624 fixes “an issue resulting in Windows Update failing with error code 0x800700b7,” Windows Insider Program senior program manager Brandon LeBlanc explained.” https://www.bleepingcomputer.com/news/microsoft/windows-10-build-19624-released-with-windows-update-fixes/
  18. “The operators of the Snake Ransomware have launched a worldwide campaign of cyberattacks that have infected numerous businesses and at least one health care organization over the last few days. This past January, BleepingComputer reported on the new Snake ransomware that was targeting enterprise networks.” https://www.bleepingcomputer.com/news/security/large-scale-snake-ransomware-campaign-targets-healthcare-more/
  19. “The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan (RAT) to its arsenal of spy gear, designed specifically for the Mac operating system. Dacls was first discovered last December targeting Windows and Linux platforms. The new version for Mac is now spreading via a trojanized two-factor authentication (2FA) application for macOS called MinaOTP, mostly used by Chinese speakers, according to a Malwarebytes analysis.” https://threatpost.com/lazarus-macos-spyware-2fa-application/155532/
  20. “A highly convincing series of phishing attacks are using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users’ account credentials.” https://www.bleepingcomputer.com/news/security/cisco-webex-phishing-uses-fake-cert-errors-to-steal-credentials/

#security #cybersecurity #itsecurity #privacy #risk #compliance #maze #ransomware #pakistan #evilnum #malware #emotet #Fresenius #lazarusgroup #dacls #rat #minaotp