Cyber Security News for 8Apr2020

Linux Image
  1. “Amidst all the pandemic doom and gloom, we finally have something positive come from the chaos: NERC filed a motion recently (April 6, 2020) to defer three Critical Infrastructure Protection (CIP) Reliability Standards (as well as 1 PER, and 3 PRC standards) for three months due to the national emergency declared on March 13th by President Trump. As the original implementation date was July 1, 2020, this means that should FERC approve the motion, the new implementation date would be October 1, 2020.  You can find the announcement here and the filing here, but rather than read through that material, I have some proposals on how to better spend your time!” https://www.tripwire.com/state-of-security/regulatory-compliance/nerc-cip/nerc-proposes-deferment-3-cip-standards/
  2. “One item that comes up a lot in conversations is how security teams or IT teams struggle to speak the “business language” to business leaders, mainly to members of the senior leadership that make the final decisions on spending and investments. This problem could have its roots in IT, and later security, teams historically having their management lines within the accounting department, ultimately being accountable to the Chief Financial Officer. Regardless, there was a massive potential for adversarial relationships between IT and business. Most often we have seen this attributed to poor communication skills, from “too technical” of responses to misalignment with the holistic organization.” https://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/role-cyber-threat-intelligence-analyst/
  3. “No matter what your business might be, you need to make sure that your company’s cybersecurity is top-of-the-line. Many small businesses can find themselves under attack from cyber threats simply because their security might not be as complex as that of a giant corporation. Here are three tips to help you protect your business, no matter what.” https://hackercombat.com/cybersecurity-101-3-tips-to-protect-your-business
  4. “Cybercrime groups are now building hard-to-detect tools and deploying techniques making it quite difficult for organizations to tell if they are being intruded. Passive methods of detecting signs of intrusion are becoming less practical as environments are complicated, and no method or technology is able to absolutely detect malicious activities; thus, humans must “go for a hunt.”” https://www.threathunting.se/2020/04/08/understanding-threat-hunting-part1/
  5. “On Saturday 14 March 2020, HMR was subjected to a targeted and sophisticated attack by cyber criminals.  We took immediate action to stop the attack, but not before the attackers had stolen copies of some of our files.  A criminal group called Maze has claimed responsibility.” reads the data breach notification published by the company. “We’re sorry to report that, during 21–23 March 2020, the criminals published on their website records from some of our volunteers’ screening visits.  The website is not visible on the public web, and those records have since been taken down.  The records were from some of our volunteers with surnames beginning with D, G, I or J.  “ https://securityaffairs.co/wordpress/101247/data-breach/maze-ransomware-hmr-leak.html
  6. “Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage ‘distributed denial-of-service‘ attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. The botnet, named “dark_nexus” by Bitdefender researchers, works by employing credential stuffing attacks against a variety of devices, such as routers (from Dasan Zhone, Dlink, and ASUS), video recorders, and thermal cameras, to co-opt them into the botnet.”  https://thehackernews.com/2020/04/darknexus-iot-ddos-botnet.html
  7. “Cybersecurity experts found a solution for the unremovable xHelper malware that manages to re-install itself even after users delete it or factory-reset the infected devices, making it almost impossible to destroy. The malware was first spotted back in March 2019, and by August, it managed to infect more than 32,000 devices. It was reported in October that it had infected over 45,000 android devices.” https://www.threathunting.se/2020/04/08/the-xhelper-malware-can-now-be-permanently-deleted/
  8. WhatsApp implements limitations on message forwarding to curb the spread of misinformation about the Coronavirus pandemic. https://securityaffairs.co/wordpress/101256/social-networks/whatsapp-limits-forwarding.html
  9. “Yes, your continuous health monitoring Internet of Things (IoT) wrist wrapper well may track your sleep quality and how many calories you burn, but answer me this: does it stick artificial intelligence (AI) sensors up in your business to capture your urine flow and the Sistine Chapel-esque glory of the unique-as-a-fingerprint biometric that is your anus?” https://nakedsecurity.sophos.com/2020/04/08/as-if-the-world-couldnt-get-any-weirder-this-ai-toilet-scans-your-anus-to-identify-you/
  10. “Imagine a computer user from 2010 dreaming of a world in which Microsoft is not only an enthusiastic proponent of open source software but actively contributes to it with its own ideas. It would have sounded fanciful and yet a decade on and this is exactly the world a growing number of Microsoft’s in-house developers find themselves working towards. The latest twist in the romance arrived this week when the company published details of Integrity Policy Enforcement (IPE), a Linux Security Module (LSM) designed to check the authenticity of binaries at runtime.” https://nakedsecurity.sophos.com/2020/04/08/microsoft-project-proposed-to-aid-linux-iot-code-integrity/
  11. “The update that came out over the weekend was an emergency patch, issued for a security hole that was found because it was already in use by criminals in real life – what’s known in the trade as a zero day because there were zero days on which you could have patched in advance. This one is a bit less dramatic, being a scheduled update of the sort you expect to see issued on a regular basis.” https://nakedsecurity.sophos.com/2020/04/08/update-firefox-again-more-rces-and-an-android-takeover-bug-too/
  12. Malwarebytes learned of the campaign when someone notified the security firm that someone was abusing its brand using the lookalike domain “malwarebytes-free[.]com.” Registered on March 29 via REGISTRAR OF DOMAIN NAMES REG.RU LLC, this domain was hosted in Russia at 173.192.139[.]27 at the time of discovery. Researchers at Malwarebytes subsequently examined the source code of the fake website. Through these efforts, they confirmed that someone had stolen the source code of the firm’s website. Those actors had then injected a JavaScript snipped into this code that specifically redirected visitors using Internet Explorer to a malicious URL hosting the Fallout exploit kit.” https://www.tripwire.com/state-of-security/security-data-protection/fake-malwarebytes-site-used-by-malvertising-attack-to-spread-raccoon/
  13. “Refusing to pay a ransom no matter the circumstances is a position Kaspersky supports. “When it comes to the question of paying a ransom, our recommendation is to never pay a ransom, and there are a few reasons for this,” said Brian Bartholomew, the security provider’s principal security researcher in its global research and analysis team. “First, paying a ransom will never guarantee that all of your data will be returned – it might be partially returned or not at all. There is also no way to tell if your information has been sold in underground markets once obtained,” he said. “Second, paying a ransom only encourages cyber criminals to further carry out these attacks as they are one of the most financially profitable attacks malefactors can perform. The more business organizations give in to ransomware attacks, the more we will see them continue to trend in the threat landscape.”” https://www.msspalert.com/cybersecurity-research/never-pay-ransomware-findings/
  14. “Researchers at Talos, Cisco’s threat intelligence arm, demonstrated how to use 3D printing and other methods to forge fingerprints and unlock eight models of devices ranging from the iPhone 8 and Samsung S10 smartphones to laptops and padlocks.” https://www.cyberscoop.com/fingerprints-biometrics-talos-intelligence-agencies/
  15. “A Zoom shareholder has filed a lawsuit against the video-conferencing company for allegedly covering up security vulnerabilities in its app.” https://www.cyberscoop.com/zoom-shareholder-accuses-executives-fraud-security-practices/
  16. “A Russian information operation relied on forged diplomatic emails and planted articles on a number of social media sites in an attempt to undermine multiple governments and impersonate U.S. lawmakers, according to a new analysis of recent social media activity.” https://www.cyberscoop.com/russia-disinformation-operation-pinball-georgia-moldova/
  17. “Popular conferencing apps have become a major cybercrime lure during the COVID-19 work-from-home era – and Skype is the undisputed leader when it comes to being impersonated by malicious downloads, researchers have found. An April analysis from Kaspersky uncovered a total of 120,000 suspicious malware and adware packages in the wild masquerading as versions of the video calling app” https://threatpost.com/skype-apps-hide-malware/154566/

#security #cybersecurity #itsecurity #nerc #smb #threathunting #maze #doppelpaymer #darknexus #xhelper #trojan #malware #whatsapp #smarttoilet #anus #lsm #linux #firefox #malwarebytes #raccoon #ransomware