Backing up is no panacea when blackmailers publish stolen data
www.kaspersky.com/blog/ransomware-data-disclosure/32410/ Backing up data has been one of the most effective, though labor-intensive, safeguards against encrypting ransomware so far. Now, malefactors seem to have caught up with those who rely on backups. The creators of several ransomware programs, confronted with victims refusing to pay the ransom, shared their data online.
Adposhel adware takes over browser push notifications administration
blog.malwarebytes.com/adware/2020/02/adware-adposhel-takes-over-your-web-push-notifications-administration/ Since late last year, our researchers have been monitoring new methods being deployed by cybercriminals to potentially abuse browser push notifications. Now, an adware family detected by Malwarebytes as Adware.Adposhel is doing just that, taking control of push notifications in Chrome at the administrator level.
Seniors Complete Guide to Internet Scams
www.pandasecurity.com/mediacenter/mobile-news/senior-scams/ Seniors have become the main target of cybercriminals. A report by the Consumer Financial Protection Bureau found that Suspicious Activity Reports for elder financial exploitation quadrupled from 2013 to 2017.
Critical Bluetooth bug leaves Android users open to attack
www.welivesecurity.com/2020/02/07/google-critical-android-bluetooth-flaw-attack/ Google has rolled out a security update to address a critical flaw in Androids Bluetooth implementation that allows remote code execution without user interaction. The vulnerability, tracked as CVE-2020-0022, affects devices running Android Oreo (8.0 and 8.1) and Pie (9.0). For these devices, which between them account for almost two-thirds of Android devices in use, the flaw is rated critical by Google.
Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
isc.sans.edu/forums/diary/Sandbox+Detection+Tricks+Nice+Obfuscation+in+a+Single+VBScript/25780/ I found an interesting VBScript sample that is a perfect textbook case for training or learning purposes. It implements a nice obfuscation technique as well as many classic sandbox detection mechanisms.
Critical Citrix RCE Flaw Still Threatens 1,000s of Corporate LANs
threatpost.com/critical-citrix-rce-flaw-corporate-lans/152677/ About one in five of the 80,000 companies affected by a critical bug in the Citrix Application Delivery Controller (ADC) and Citrix Gateway are still at risk from a trivial attack on their internal operations. If exploited, the flaw could allow unauthenticated attackers to gain remote access to a companys local network and carry out arbitrary code-execution.
Malaysia warns of Chinese hacking campaign targeting government projects
www.zdnet.com/article/malaysia-warns-of-chinese-hacking-campaign-targeting-government-projects/ A Chinese state-sponsored hacking group has been targeting Malaysian government officials, computer experts with the Malaysian government said on Wednesday. The purpose of the attacks has been to infect computers of government officials with malware and then steal confidential documents from government networks, Malaysia’s Computer Emergency Response Team (MyCERT) said in a security advisory.
Magecart Gang Attacks Olympic Ticket Reseller and Survival Food Sites
threatpost.com/olympic-ticket-survival-sites-hit-by-cyberattack/152648/ A faction of the Magecart threat group, Magecart group 12, has been linked to a recent digital card skimmer attack bent on stealing payment data from a slew of websites, including ones selling anything from Olympic tickets to emergency preparation kits. Over the past few weeks, the group has targeted two ticket sales websites one called Olympic Tickets is a re-seller of tickets to the upcoming 2020 summer Olympic games and the second, Euro 2020 Tickets, is selling tickets for the 2020 UEFA, a European football championship that takes place in June.
F-Secure: Nämä olivat 2010-luvun pahimmat kyberkatastrofit, joista kannattaa ottaa opiksi
www.tivi.fi/uutiset/tv/619a5165-bf12-40a0-a2bf-eb293347c0b1 Tietoturvan merkitys on kirkastunut monille viimeisen kymmenen vuoden aikana, kun monet scifiltä kuulostaneen uhkakuvat ovat toteutuneet. Tietoturvatalo F-Secure pikakelasi muistin virkistämiseksi, mitä kaikkea uutta konnuutta tietoturvassa nähtiin vuosina 2010-2019.
Emotet Evolves With New Wi-Fi Spreader
www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/ Emotet is a highly sophisticated trojan that typically also serves as a loader for other malware. A key functionality of Emotet is its ability to deliver custom modules or plugins that are suited for specific tasks, including stealing Outlook contacts, or spreading over a LAN. ecently, Binary Defense has identified a new loader type that takes advantage of the wlanAPI interface to enumerate all Wi-Fi networks in the area, and then attempts to spread to these networks, infecting all devices that it can access in the process.
Unit 42 CTR: Leaked Code from Docker Registries
unit42.paloaltonetworks.com/leaked-docker-code/ The Unit 42 Cloud Threat Report: Spring 2020 focused on the practices of DevOps to determine where misconfigurations are happening in the cloud. Our research found a large number of DevOps services (e.g., SSH, Database, Code Repository) inadvertently exposed to the internet due to misconfigured infrastructure. This blog offers a detailed analysis of leaked code from Docker registries and how this, and other insecure infrastructure of misconfigurations, can lead to compromises in an organizations security posture.
Japanese Defense Contractors Kobe Steel, Pasco Disclose Breaches
www.bleepingcomputer.com/news/security/japanese-defense-contractors-kobe-steel-pasco-disclose-breaches/ Japanese defense contractors Pasco Corporation (Pasco) and Kobe Steel (Kobelco) today disclosed security breaches that happened in May 2018 and in June 2015/August 2016, respectively. The geospatial provider and the major steel manufacturer also confirmed unauthorized access to their internal network during the two incidents, as well as malware infections affecting their computing systems following the attacks.
Threat Spotlight: Email Account Takeover
blog.barracuda.com/2020/02/06/threat-spotlight-email-account-takeover/ Researchers from Barracuda and UC Berkeley, conducting a large-scale analysis of email account takeover and the timeline of attacks, recently highlighted the behaviors hackers are using to try to avoid detection, ways to identify suspicious activity that could indicate an email account has been compromised, and precautions you can take to protect your business.