Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-04-04

Zoomed In: A Look into a Coinminer Bundled with Zoom Installer

blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/ We found a Coinminer bundled with the legitimate installer of video conferencing app Zoom, luring users who want to install the software but end up unwittingly downloading a malicious file. The compromised files are not from Zooms official download center, and are assumed to come from fraudulent websites. We have been working with Zoom to ensure that they are able to communicate this to their . users appropriately.

NSO Group: Facebook tried to license our spyware to snoop on its own addicts the same spyware it’s suing us over

www.theregister.co.uk/2020/04/03/nso_facebook_pegasus_whatsapp/ The Israeli spyware maker’s CEO Shalev Hulio alleged in a statement [PDF] to a US federal district court that in 2017 he was approached by Facebook reps who wanted to use NSO’s Pegasus technology in Facebook’s controversial Onavo Protect app to track mobile users.

Harri Hursti varoittaa: koronavirus tai kyberkonnat liikkeelle

www.tivi.fi/uutiset/tv/662fdc7d-d6f6-4132-b38c-af5310b4f322 Koronaviruksen varjolla rakennetaan parhaillaan massiivista disinformaatiokoneistoa sosiaaliseen mediaan ja internetiin, kyberasiantuntija Harri Hursti sanoo haastattelussa.

Twitter botnet targeted Turkey while politicizing coronavirus

medium.com/dfrlab/twitter-botnet-targeted-turkey-while-politicizing-coronavirus-708bb281bd85 Twitter has taken down a network of more than 9,000 Twitter bots that published inauthentic posts promoting the political interests of the United Arab Emirates and Saudi Arabia. This astroturfing network criticized Turkeys intervention in Libya a shared interest of both governments by targeting Turkish President Recep Tayyip Erdogan, DFRLab analysis confirmed through an analysis of . the network had begun politicizing the COVID-19 coronavirus pandemic.

Google rolls back Chrome privacy feature due to COVID-19

www.zdnet.com/article/google-rolls-back-chrome-privacy-feature-due-to-covid-19/ Google announced today it was rolling back a recent Chrome browser privacy feature to prevent any disruption to existing websites and their availability during the current coronavirus (COVID-19) outbreak..

blog.chromium.org/2020/04/temporarily-rolling-back-samesite.html

Webcam Hacking

www.ryanpickren.com/webcam-hacking This post is a technical walkthrough of how I discovered several zero-day bugs in Safari during my hunt to hack the iOS/MacOS camera.

iPhone Camera Hack

www.ryanpickren.com/webcam-hacking-overview I discovered a vulnerability in Safari that allowed unauthorized. websites to access your camera on iOS and macOS

Why is ransomware still a thing? One-in-three polled netizens say they would cave to extortion demands

www.theregister.co.uk/2020/04/02/ransomware_pay_ransomware/ This is according to a customer survey [PDF] by Kaspersky Lab. The Russian security house polled more than 2,000 business workers in the US, and 1,000 in Canada, in an online study, and found that 33 per cent would cough up at least some money to cyber-extortionists to get their data back on their own personal machines.. Report at

www.theregister.co.uk/2020/04/02/ransomware_pay_ransomware/. Report at

media.kasperskydaily.com/wp-content/uploads/sites/85/2020/03/25170451/Final_Ransomware-Report.pdf

More Than 8,000 Unsecured Redis Instances Found in the Cloud

blog.trendmicro.com/trendlabs-security-intelligence/more-than-8000-unsecured-redis-instances-found-in-the-cloud/ We discovered 8,000 Redis instances that are running unsecured in different parts of the world, even ones deployed in public clouds. These Redis instances have been found without Transport Layer Security (TLS) encryption and are not password protected.. Using Shodan, a popular search engine for internet-connected or IoT devices, we discovered over 8,000 unsecured Redis instances deployed worldwide. Some of these unsecured Redis instances were deployed in public clouds such as AWS, Azure, and Google Cloud.

Researchers Discover Hidden Behavior in Thousands of Android Apps

www.securityweek.com/researchers-discover-hidden-behavior-thousands-android-apps The research uncovered 12,706 applications (8.47%) with backdoor secrets (secret access keys, master passwords, and secret commands providing access to admin-only functions), and 4,028 apps (2.69%) that contain blacklist secrets (they would block content based on keywords subject to censorship, cyber bullying or discrimination).. Paper at

web.cse.ohio-state.edu/~lin.3021/file/SP20.pdf

Zoom will enable waiting rooms by default to stop Zoombombing

techcrunch.com/2020/04/03/zoom-waiting-rooms-default/ Zoom is making some drastic changes to prevent rampant abuse as trolls attack publicly shared video calls. Starting April 5th, it will require passwords to enter calls via Meeting ID, as these may be guessed or reused. Meanwhile, it will change virtual waiting rooms to be on by default so hosts have to manually admit attendees.

Zoom admits some calls were routed through China by mistake

techcrunch.com/2020/04/03/zoom-calls-routed-china/ Zoom now says that during its efforts to ramp up its server capacity to accommodate the massive influx of users over the past few weeks, it mistakenly allowed two of its Chinese data centers to accept calls as a backup in the event of network congestion.

TAMPERING WITH ZOOM’S ANTI-TAMPERING LIBRARY

blog.syscall.party/post/tampering-with-zooms-anti-tampering-library/ This quick blog post highlights some of the flaws found in the Zoom application when attempting to do integrity checking, these checks verify that the DLLs inside the folder are signed by Zoom and also that no 3rd party DLLs are loaded at runtime. We can trivially disable this DLL, by replacing it with our own or simply unloading it from the process.

Helsingin Sanomien nimissä lähetetty huijausviestejä

www.hs.fi/kotimaa/art-2000006464535.html Linkistä avautuu Helsingin Sanomien juttua visuaalisesti muistuttava uutinen, joka kertoo, kuinka bitconeilla rikastuu erityisesti tällaisena aikana, kertoo Helsingin Sanomien hallintopäällikkö Jaakko Lähteenmaa.

IRS Warns of Surge in Economic Stimulus Payment Scams

www.bleepingcomputer.com/news/security/irs-warns-of-surge-in-economic-stimulus-payment-scams/ The Internal Revenue Service (IRS) today issued a warning to alert about a surge in coronavirus-related scams over email, phone calls, or social media requesting personal information while using economic impact payments as a lure.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.