Cyber Security News for 7Apr2020

/ cyber security, cybersecurity, Security / By
shutterstock_1081937600-compressor
  1. “The INTERPOL (International Criminal Police Organisation) is warning of ransomware attacks against hospitals despite the currently ongoing Coronavirus outbreak. Attackers are targeting organizations in the healthcare industry via malspam campaigns using malicious attachments. The attachments used as lure appear to be sent by health and government agencies, they promise to provide information on the Coronavirus pandemic and the way to avoid the contagion.” https://securityaffairs.co/wordpress/101178/cyber-crime/interpol-warns-hospitals-attacks.html
  2. “We breached Email.it Datacenter more than 2 years ago and we plant ourself like an APT. We took any possible sensitive data from their server and after we choosen to give them a chance to patch their holes asking for a little bounty. They refused to talk with us and continued to trick their users/customers. They didn’t contacted their users/customers after breaches!” https://www.blackhatethicalhacking.com/news/email-provider-got-hacked-data-of-600000-users-now-sold-on-the-dark-web/
  3. “CISO Checklist for Secure Remote Working” (download here) that has been built to assist CISOs in navigating through this noise, providing them with a concise and high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times.” https://thehackernews.com/2020/04/ciso-checklist-remote-work.html
  4. “Using a sophisticated static analysis tool called InputScope developed for the purpose, the team analyzed the behavior of 150,000 apps, comprising the 100,000 most popular on Google Play in April 2019, plus 30,000 apps pre-installed on Samsung devices, and 20,000 taken from the alternative Chinese market Baidu.” https://nakedsecurity.sophos.com/2020/04/07/thousands-of-android-apps-contain-undocumented-backdoors-study-finds/
  5. “Two schoolchildren have sued Google, alleging that it’s illegally collecting their voiceprints, faceprints and other personally identifiable information (PII). The students were identified only as HK and JC in the complaint, which was filed on Thursday in San Jose, CA, in the US District Court of Northern California. The children are suing through their father, Clinton Farwell.” https://nakedsecurity.sophos.com/2020/04/07/two-schoolkids-sue-google-for-collecting-biometrics/
  6. “Iran-backed nation-state hackers recently tried to hijack the personal email accounts of a number of World Health Organization (WHO) staffers, reports said. It’s not clear what the hackers were after other than targeting top executives in a spear phishing expedition, Reuters reported. A WHO spokesperson confirmed the attempting infiltration but did not identify the attackers behind the incidents. At this point, officials don’t yet know if any of the email accounts have been compromised. “To the best of our knowledge, none of these hacking attempts were successful,” the spokesperson said.”” https://www.msspalert.com/cybersecurity-breaches-and-attacks/phishing/iran-hackers-allegedly-target-who/
  7. “A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then, cybersecurity researchers have been trying to unfold how the malware survives factory reset and how it infected so many devices in the first place.” https://thehackernews.com/2020/04/how-to-remove-xhelper-malware.html
  8. “A rash of COVID-19 Android mobile apps have emerged that are aimed at helping citizens in Iran, Italy and Colombia track symptoms and virus infections. However, they’re also putting people’s privacy and the security of their data at risk, researchers have found. Security researchers at the ZeroFOX Alpha Team have uncovered various privacy concerns and security vulnerabilities – including a backdoor in various apps. The apps are either created and endorsed by countries or invented as one-offs by threat actors to take advantage of the current pandemic, according to a blog post published Monday. https://threatpost.com/official-government-covid-19-apps-threats/154512/
  9. “The approaches we give should be usable with any threat hunting software, including home-grown tools and using a SIEM. If you’re evaluating a threat hunting package, use these steps as a way to 1) confirm that it works at all, 2) confirm that it can detect each of the threats, 3) evaluate its ability to sort threats with the most likely malicious ones at the top, and 4) evaluate the amount of manual effort needed to find the threats. 3) and 4) are important – a threat hunting package could technically detect a threat, but it may be buried 27 pages down in a list of other potential threats. Worse yet is a threat hunting package that simply cannot detect one of these threat types, such as C2 communication over DNS. This series will be posted to our blog on Tuesdays and Thursdays with the last post on April 16th, 2020.” https://www.activecountermeasures.com/threat-simulation-overview-and-setup/
  10. “A news release issued Monday notes that business email compromise (BEC) attacks — scams in which the perpetrators pose as co-workers or friends, then ask for money — have targeted U.S. municipalities that are trying to purchase supplies to mitigate the COVID-19 pandemic. The warning coincided with a bulletin Monday noting that U.S. businesses have reported $2.1 billion in losses from BEC scams between January 2014 and October last year carried out through just two email services, which the bureau did not identify by name.” https://www.cyberscoop.com/coronavirus-bec-email-scams-fbi-warning/
  11. “The Australian Signals Directorate (ASD) “has mobilized its offensive cyber capabilities to disrupt foreign cyber criminals responsible for a spate of malicious activities during COVID-19,” the Australian defense ministry said in a statement Tuesday.” https://www.cyberscoop.com/australia-coronavirus-hacking-criminals/
  12. “With roughly 360,000 jobless or financially affected Australians due to the current pandemic having already applied for an early superannuation release per the ABC, cybercriminals are trying their best to trick them into handing over the info needed to get illegal access to those funds.” https://www.bleepingcomputer.com/news/security/scammers-target-australians-financially-affected-by-pandemic/
  13. “FIN6 fingerprints were spotted in recent cyberattacks that initially infected victims with the TrickBot trojan, and then eventually downloaded the Anchor backdoor malware.” https://threatpost.com/fin6-and-trickbot-combine-forces-in-anchor-attacks/154508/
  14. “Hammersmith Medicines Research LTD (HMR), a research company on standby to perform live trials of Coronavirus vaccines, has started emailing data breach notifications after having their data stolen and published in a ransomware attack. This attack occurred on March 14th, 2020, when the Maze Ransomware operators stole data hosted on HMR’s network and then began to encrypt their computers.” https://www.bleepingcomputer.com/news/security/drug-testing-firm-sends-data-breach-alerts-after-ransomware-attack/
  15. “In a lengthy report on remote access trojans (RAT), BlackBerry Cylance researchers detail an Android malware variant, which they call PWNDROID4, that can be used to monitor targets’ phone calls, record audio, send and receive text messages, and track victims’ GPS location. Researchers believe it has been used by suspected Chinese government-linked hackers known as the Winnti group.” https://www.cyberscoop.com/world-wired-labs-winnti-netwire-china-blackberry-cylance/
  16. “NASA has seen “significantly increasing” malicious activity from both nation-state hackers and cybercriminals targeting the US space agency’s systems and personnel working from home during the COVID-19 pandemic. Mitigation tools and measures set in place by NASA’s Security Operations Center (SOC) successfully blocked a wave of cyberattacks, the agency reporting double the number of phishing attempts, an exponential increase in malware attacks, and double the number of malicious sites being blocked to protect users from potential malicious attacks.” https://www.bleepingcomputer.com/news/security/nasa-under-significantly-increasing-hacking-phishing-attacks/

#security #cybersecurity #itsecurity #interpol #doppelpaymer #maze #ryuk #group-ib #silence #ta505 #yara #erebus #ransomware #email.it #xhelper #zerofox #fin6 #trickbot #nasa #covid-19 #nasa