Daily NCSC-FI news followup 2019-08-07

SWAPGS Vulnerability in Modern CPUs Fixed in Windows, Linux, ChromeOS

www.bleepingcomputer.com/news/security/swapgs-vulnerability-in-modern-cpus-fixed-in-windows-linux-chromeos/ At BlackHat today, Bitdefender disclosed a new variant of the Spectre 1 speculative execution side channel vulnerabilities that could allow a malicious program to access and read the contents of privileged memory in an operating system.. In a statement from Intel, BleepingComputer was told that after the vulnerability was disclosed to them, they descided to address this on a software level and Microsoft took over coordination of the vulnerability.. In a coordinated disclosure, numerous vendors including Microsoft, Red Hat, Intel, and Google have released advisories regarding this vulnerability.

North Korea reportedly stole $2B in wave of cyber attacks

www.zdnet.com/article/north-korea-reportedly-stole-2b-in-wave-of-cyber-attacks/#ftag=RSSbaffb68 Draft report from the United Nations, which was seen by several news outlets, revealed North Korea chalked up US$2 billion from launching cyber attacks against banks and cryptocurrency exchanges as part of efforts to fund a weapons buying programme.

Package Delivery! Cybercriminals at Your Doorstep

securityintelligence.com/posts/package-delivery-cybercriminals-at-your-doorstep/ IBM X-Force Red investigated how cybercriminals might seek to exploit package deliveries to hack into corporate or personal home networks right from the office mailroom or from someones front door.

Phishing emails carry AgentTesla spyware and attack the non-ferrous metal manufacturing industry

blog.360totalsecurity.com/en/phishing-emails-carry-agenttesla-spyware-and-attack-the-non-ferrous-metal-manufacturing-industry/ Recently, 360 Security Center detected a number of phishing email attacks suspected of targeting the large non-ferrous metal manufacturing industry. . The attacker disguised the malicious documents as business documents between Crown Technology Inc and the target non-ferrous metal enterprises, and delivered them through phishing emails to trick the target companys staff to open malicious files to trigger the nightmare formula vulnerability. Download the follow-up AgentTesla spyware.

Autoloaded Server-Side Swiper

blog.sucuri.net/2019/08/autoloaded-server-side-swiper.html Front-end JavaScript-based credit card stealing malware has garnered a lot of attention within the security community. This makes sense, since the swipers can be easily detected by simply scanning the web pages of e-commerce sites.. Server-side malware is completely undetectable if you dont have access to the server that hosts the compromised site. This helps keep server-side malware campaigns under the radar, while client-side campaigns (like Magecart) receive ample publicity.

Downloading Executables Over DNS: Capture Files

blog.didierstevens.com/2019/08/07/downloading-executables-over-dns-capture-files/

The gap between war games and reality – Observations from the 2019 Naval War College Cyber War Game

www.controlglobal.com/blogs/unfettered/the-gap-between-war-games-and-reality-observations-from-the-2019-naval-war-college-cyber-war-game/ I participated in the Naval War College Cyber War Games July 25-26, 2019 in Newport, RI. The War Game was entitled: Defend Forward 2019 Critical Infrastructure War Game and was focused on the electric and finance industries. There were senior representatives from government, DOD, DHS, electric, and finance companies.. The war games were interesting. They provided not only lessons learned, but also powerful training tools for the participants. Its worth noting that such games might well be expanded to include players beyond the executive ranks. Engineering and operations personnel would also benefit from them, and, more importantly, would make valuable contributions to the lessons learned.

The FBI is diving deeper into the Methbot ad fraud case

www.cyberscoop.com/methbot-ad-fraud-fbi-white-ops/ The FBIs investigation into the largest advertising fraud operation in recent memory isnt over yet.. Eight suspects were indicted in November in the Eastern District of New York for alleged involvement in a scheme to defraud advertisers out of more than $30 million by using botnets and other technical means to artificially inflate web traffic to dummy websites. . The fraud, which the FBI had classified into three distinct time periods, is still underway, according to the search warrant application.

Meet APT41, the Chinese hackers moonlighting for personal gain

www.cyberscoop.com/apt41-fireeye-china/ Members of a Chinese-state-sponsored hacking group have been using their skills to enrich themselves for years in operations targeting the gaming industry, cybersecurity company FireEye announced Wednesday.. By day, the group, dubbed APT41, conducts espionage in the health care, telecommunications, and education sectors, FireEye said. By night, those same hackers have manipulated virtual currency in the gaming sector and, in one case, tried to deploy ransomware, to line their pockets.

What all the stuff in e-mail headers meansand how to sniff out spoofing

arstechnica.com/information-technology/2019/08/ars-forensic-files-how-to-parse-through-e-mail-headers-and-spot-obfuscation/ Parsing email headers needs care and knowledgebut it requires no special tools.

OilRig: the techniques evolution over time

marcoramilli.com/2019/08/07/oilrig-the-techniques-evolution-over-time/ Today Id like to share a comparative analysis on OilRig techniques mutation over time. In particular I will refer to great analyses made by Paloalto UNIT 42 plus my own ones (HERE, HERE, HERE, etc..) and more personal thoughts.

Popular kids’ tablet patched after flaws left personal data vulnerable

www.zdnet.com/article/popular-kids-tablet-patched-after-flaws-left-personal-data-vulnerable/#ftag=RSSbaffb68 Researchers also found security holes that gave away personal data and credit card information of children’s parents.

AT&T Announces Launch of Public Bug Bounty Program

www.tripwire.com/state-of-security/security-data-protection/att-announces-launch-of-public-bug-bounty-program/ American multinational conglomerate holding company AT&T has announced the launch of its public bug bounty program on HackerOne.

Digital skimmers: What are they and how can I keep my card details safe online?

blog.trendmicro.com/digital-skimmers-what-are-they-and-how-can-i-keep-my-card-details-safe-online/ A few weeks ago, British Airways was hit by the largest ever regulatory fine of its kind, after global customers visiting its website had their card data stolen. . The $228m penalty levied by the UKs privacy watchdog reflects the seriousness of the attack and the carriers failure to protect its customers personal and financial information. . However, this incident has repercussions way beyond the UK airline and its customers. Its part of a new wave of attacks designed to implant digital skimming code on e-commerce sites, in order to siphon off your card details as they are entered in to pay for goods.

Smominru Cryptominer Scrapes Credentials for Half-Million Machines

threatpost.com/smominru-cryptominer-scrapes-credentials-half-million-machines/147038/ An analysis of the known Smominru cryptomining campaign, which uses a modified version of XMRig to perform Monero mining, has uncovered an evolution in tools to include RATs, the Mimikatz credential-scraper and an EternalBlue exploit for propagation. . This has all coalesced into a multistage campaign involving profiling and selling victim and network access, according to Carbon Blacks Threat Analysis Unit (CB TAU).

Microsoft contractors are listening to some Skype translation calls: Report

www.zdnet.com/article/microsoft-contractors-are-listening-to-some-skype-translation-calls-report/#ftag=RSSbaffb68 Microsoft is using humans to listen to some Skype Translator and Cortana conversations, according to a new report.

How malware steals autofill data from browsers

www.kaspersky.com/blog/browser-data-theft/27871/ Most browsers kindly offer to save your data: account credentials, bank card details for online stores, billing address, name, and passport number for travel sites, and so on. Its convenient and saves having to fill out the same forms all over again or worry about forgotten passwords. . However, there is a catch: All of this autofill data can be scooped up by cybercriminals if your computer gets infected by a stealer a piece of malware that steals information, including from browsers.

LinkedIn: a lucrative social network for cybercriminals

www.pandasecurity.com/mediacenter/malware/apt34-malware-linkedin/ Cybercriminals have a litany of ways to make money. One of these methods is the use of social networks. According to Dr. Mike McGuire, a Senior Lecturer in Criminology at the University of Surrey, black hats generate $3.2 billion ($2.87 billion) per year in social media-enabled cybercrime. Whats more, one in five companies has experienced a malware attack through social media.

MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play

securingtomorrow.mcafee.com/other-blogs/mcafee-labs/moqhao-related-android-spyware-targeting-japan-and-korea-found-on-google-play/ The McAfee mobile research team has found a new type of Android malware for the MoqHao phishing campaign (a.k.a. XLoader and Roaming Mantis) targeting Korean and Japanese users. . A series of attack campaigns are still active, mainly targeting Japanese users. The new spyware has very different payloads from the existing MoqHao samples. . All the spyware we found this time pretends to be security applications targeting users in Japan and Korea. We discovered a phishing page related to DNS Hijacking attack, designed to trick the user into installing the new spyware, distributed on the Google Play store.

New Ursnif Variant Spreading by Word Document

www.fortinet.com/blog/threat-research/ursnif-variant-spreading-word-document.html Recently, FortiGuard Labs captured a number of Word documents from the wild, which were spreading a new variant of the Ursnif trojan.. I did some research on this new variant, and in this blog I will present what it does on a victims machine and what kinds of techniques it uses. Ursnif trojan, also known as Dreambot, Gozi, and ISFB, has been alive for years and focuses on stealing information from a victims machine.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.