Cyber Security News for 7May2020

China hacked state security. Cyberattack on the financial and banking structure. Theft of secret information. On a background of a flag the binary code.
  1. “Samsung released this week a security patch that addresses a critical vulnerability, tracked as CVE-2020-8899, impacting all smartphones sold since 2014. The flaw is tracked as SVE-2020-16747 in the Samsung security bulletin.” https://securityaffairs.co/wordpress/102841/hacking/samsung-fixes-a-zero-click.html
  2. “On Tuesday, when Facebook released its third Coordinated Inauthentic Behavior (CIB) report, it said that every one of the eight networks it took down in April were created before the COVID-19 pandemic began. Before the gravity of the pandemic was understood worldwide, the threat actors were already doing their policy-violating work of ripping people off, spreading conspiracy theories or trying to influence political discourse. But once the disease settled into its place as the world’s foremost worry, the people behind the campaigns all pivoted to jump on the coronavirus bandwagon” https://nakedsecurity.sophos.com/2020/05/07/fake-news-facebook-accounts-used-coronavirus-to-attract-followers/
  3. “Up first on the patch priority list this month is a patch for VMware vCenter Server. This patch resolves an information disclosure vulnerability. This patch has highest priority as proof-of-concept code to exploit the vulnerability exists on the Web as well as in Metasploit.” https://www.tripwire.com/state-of-security/vert/tripwire-patch-priority-index-april-2020/
  4. “The Chinese APT group was first uncovered by Kaspersky researchers in 2015, in attacks against top-level government agencies around the South China Sea. After 2015, Naikon seemingly went silent. However, a recently discovered, widespread campaign reveals the group has actually spent the past five years quietly developing their skills and introducing the “Aria-body” backdoor into their arsenal of weapons.” https://threatpost.com/naikon-apt-five-year-espionage-attack/155492/
  5. “Focusing on one of the most active subsets of the global threat landscape, Palo Alto Networks Unit 42 tracks Nigerian cyber criminals involved in Business Email Compromise (BEC) activities under the name SilverTerrier. Over the past 90 days (Jan. 30 – Apr. 30), we have observed three SilverTerrier actors/groups launch a series of 10 COVID-19 themed malware campaigns. These campaigns have produced over 170 phishing emails seen across our customer base. While broad in their targeting, these actors have exercised minimal restraint in terms of targeting organizations that are critical to COVID-19 response efforts. Specifically, we find it alarming that several of these campaigns recklessly included targets at government healthcare agencies, local and regional governments, large universities with medical programs/centers, regional utilities, medical publishing firms, and insurance companies across the United States, Australia, Canada, Italy, and the United Kingdom.” https://unit42.paloaltonetworks.com/silverterrier-covid-19-themed-business-email-compromise/
  6. “The modus operandi of this piece of malware is not new in Portugal. At least since the year of 2014 that new variants have been observed, with minor changes, and with the objective of collecting bank details of the victims.One of the last occurrences was last December 2019, where the Lampion trojan operated in a very similar way, changing only the way the malware was distributed (via AWS S3 buckets and with the first stage encoded in a highly obfuscated VBS file).” https://securityaffairs.co/wordpress/102858/cyber-crime/brazilian-trojan-banker-targets-portugal.html
  7. “Snake ransomware first attracted the attention of malware analysts in January 2020 when they observed the crypto-malware family targeting entire corporate networks. Shortly after this discovery, the threat quieted down. It produced few new detected infections in the wild for the next few months. That was until May 4, when ID Ransomware registered a sudden spike in submissions for the ransomware.” https://www.tripwire.com/state-of-security/security-data-protection/massive-spike-in-snake-ransomware-activity-attributed-to-new-campaign/
  8. “Researchers from Secureworks Counter Threat Unit (CTU) have observed an increase in various threat activity against taxpayers as well as on underground hacker forums aimed at fraudulently obtaining these various government payouts, they said in a report. Some of these efforts trace back to tax preparation services that dispose of customer hard copy paperwork insecurely via the trash. Customer data culled from that paperwork then ends up on illicit online markets where it is bought and resold.” https://threatpost.com/hackers-dumpster-dive-covid-19-relief-scams/155537/
  9. “The sLoad malware was discovered for the first time in 2018. It delivers various Trojans to the infected computers, including but not limited to the banking Trojans Ramnit, Gootkit and Ursnif.” https://resources.infosecinstitute.com/starslord-2-0-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/
  10. ” IT teams vs. security teams Building a strong security team should be a priority for all organizations today. This includes companies that already have a good IT team on board made of experienced systems managers and information systems engineers.  Although the two teams are often intertwined, the scope of work is different.” https://resources.infosecinstitute.com/how-to-turn-your-it-team-into-a-security-team/
  11. “Security is a multi-faceted responsibility. First, you need visibility into vulnerabilities across your organization. Then, you need to ensure that various stakeholders in the organization have visibility into the goals, objectives, and impact of security initiatives.”  https://blog.rapid7.com/2020/05/07/how-to-increase-your-security-teams-visibility-within-your-organization-and-what-happens-when-you-do/
  12. “The bad news is that whoever wrote this malware decided to be doubly destructive: it scrambles the files on your C: drive using a secret decryption key, but it wipes out the files on all your other drives, looping through all the letters A: to Z: except C:, issuing commands to delete all the files and directories it can find.” https://nakedsecurity.sophos.com/2020/05/07/vcrypt-ransomware-holds-your-files-hostage-without-encrypting-them/
  13. “Red Canary Intel is monitoring a potentially novel threat that is deploying Monero cryptocurrency-mining payloads on Windows machines at multiple organizations.” https://redcanary.com/blog/blue-mockingbird-cryptominer/
  14. “Hackers are actively exploiting two security vulnerabilities in the Elementor Pro and Ultimate Addons for Elementor WordPress plugins with the end goal of remotely executing arbitrary code and fully compromising unpatched targets. Reports of threat actors attempting to abuse the two bugs in ongoing attacks have surfaced on May 6th as reported by Wordfence’s Threat Intelligence team today.” https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-bug-lets-hackers-take-over-1m-sites/
  15. “Nowadays, info-stealer is one of the most common threats. This category of malware includes famous malware like AzorultAgent Tesla, and Hawkeye. Infostealer market is one of the most remunerative for cyber criminals, information gathered from infected systems could be resold in the cybercrime underground or used for credential stuffing attacks.” https://securityaffairs.co/wordpress/102894/malware/poulight-info-stealer.html
  16. “Microsoft urges users not to update their Microsoft Teams iOS client to the latest version as it comes with a bug that causes intermittent call drops on the desktop client after answering if logged in with the same account.  Users who haven’t updated their Teams iOS app to the 2.0.9 build will not experience any issues as this is the only version containing the bug.” https://www.bleepingcomputer.com/news/security/microsoft-teams-call-drops-on-desktop-caused-by-ios-bug/
  17. “Cisco has stomped out 12 high-severity vulnerabilities across several network security products. The flaws can be exploited by unauthenticated remote attackers to launch an array of attacks – from denial of service (DoS) to sniffing out sensitive data.” https://threatpost.com/cisco-fixes-high-severity-flaws-in-firepower-security-software-asa/155568/
  18. “NIST has many helpful resources for small businesses like the popular NIST Cybersecurity Framework, our relaunched website, the Small Business Cybersecurity Corner, just for the small business community. The site features a range of NIST products to address small business cybersecurity concerns and links to curated materials from other federal agencies.” https://www.nist.gov/blogs/cybersecurity-insights/small-businesses-are-big-priority-nist
  19. “Cybercriminals are exploiting the increasing number of layoffs during the current pandemic to recruit new money mules which can later be used to help them launder money gained from illicit activities. Some phishing messages discovered by PhishLabs researchers are trying to convince targets from Canada and the United States who might have lost their jobs due to the COVID-19 outbreak to start working from home, promising them $5,000 per month” https://www.bleepingcomputer.com/news/security/unemployed-americans-offered-remote-jobs-as-money-mules/
  20. “The Ruhr University Bochum (RUB), Ruhr-Universität Bochum in German, announced today that it was forced to shut down large parts of its central IT infrastructure, also including the backup systems, due to a cyberattack that took place overnight, between May 6 and May 7.” https://www.bleepingcomputer.com/news/security/ruhr-university-bochum-shuts-down-main-servers-after-cyberattack/

#security #cybersecurity #itsecurity #privacy #risk #compliance #samsung #naikon #apt #china #aria-body #bec #silverterrier #lampion #trojan #snake #ransomware #Ramnit #Gootkit #Ursnif #sLoad #vcrypt #wordpress #poulight #azorult #agenttesla #hawkeye