Android Spyware Variant Snoops on WhatsApp, Telegram Messages
threatpost.com/new-android-spyware-whatsapp-telegram/159694/ The Android malware comes from threat group APT-C-23, also known as Two-Tailed Scorpion and Desert Scorpion.
The Emerald Connection: EquationGroup collaboration with Stuxnet
fmmresearch.wordpress.com/2020/09/28/the-emerald-connection-equationgroup-collaboration-with-stuxnet/ This article is part of a continued ongoing effort in my research of the use of a series of libraries called Exploit Development Framework (EDF) created by EquationGroup for the development of their exploitation tools (exploits, implants, tools, and more). In my previous piece I wrote about my findings of the Fanny worm better known to EquationGroup developers and operators as: DEMENTIAWHEEL (DEWH).
Blackbaud: Ransomware gang had access to banking info and passwords
www.bleepingcomputer.com/news/security/blackbaud-ransomware-gang-had-access-to-banking-info-and-passwords/ Blackbaud, a leading cloud software provider, confirmed that the threat actors behind the May 2020 ransomware attack had access to unencrypted banking and login information, as well as social security numbers.
Swiss watchmaker Swatch shuts down IT systems to stop cyberattack
www.bleepingcomputer.com/news/security/swiss-watchmaker-swatch-shuts-down-it-systems-to-stop-cyberattack/ Swiss watchmaker Swatch Group shut down its IT systems over the weekend after identifying a cyberattack targeting its organization.
QNAP warns customers of recent wave of ransomware attacks
www.bleepingcomputer.com/news/security/qnap-warns-customers-of-recent-wave-of-ransomware-attacks/ QNAP has issued an advisory about a recent wave of ransomware attacks targeting its NAS storage devices and encrypting files. Last week, BleepingComputer broke the story of ransomware known as AgeLocker attacking publicly exposed QNAP NAS devices.
Linkury adware caught distributing full-blown malware
www.zdnet.com/article/linkury-adware-caught-distributing-full-blown-malware/#ftag=RSSbaffb68 Linkury (SafeFinder) installations linked to infections with the Socelars and Kpot infostealer trojans.
$15 million business email scam campaign in the US exposed
www.zdnet.com/article/15-million-business-email-scam-exposed-in-the-us/ The FBI is investigating the global campaign in which millions of dollars have been stolen from at least 150 victims.
This worm phishing campaign is a game-changer in password theft, account takeovers
www.zdnet.com/article/this-worm-phishing-campaign-is-a-game-changer-in-password-theft-account-takeovers/ The security incident highlights the need for multi-factor authentication in the enterprise. “The phishing emails were being sent as replies to genuine emails, ” the researcher explained. “Emails exchanged between our people and our suppliers, our customers, and even internally between colleagues.”. The technique, resulting in worm-like mass takeovers, left Hays “in awe” of the “phenomenal number of accounts [that] were compromised within a few hours.”
FYI: If you’re running HP Device Manager, anyone on your network can get admin on your server via backdoor
www.theregister.com/2020/09/30/hp_device_manager_backdoor_database_account/ Hidden database account discovered, patches finally available as well as mitigations
Over 247K Exchange servers unpatched for actively exploited flaw
www.bleepingcomputer.com/news/security/over-247k-exchange-servers-unpatched-for-actively-exploited-flaw/ More than 247, 000 Microsoft Exchange servers are yet to be patched against the CVE-2020-0688 post-auth remote code execution (RCE) vulnerability impacting all Exchange Server versions under support. “There are two important efforts that Exchange Administrators and infosec teams need to undertake: verifying deployment of the update and checking for signs of compromise, “
GitHub rolls out new Code Scanning security feature to all users
www.zdnet.com/article/github-rolls-out-new-code-scanning-security-feature-to-all-users/ New Code Scanning feature will tell GitHub users when they’ve added known security flaws in their code
Hackers jailbreak Apple’s T2 security chip powered by bridgeOS
reportcybercrime.com/hackers-jailbreak-apples-t2-security-chip-powered-by-bridgeos/ The Apple T2 Security chip now has a jailbreak
Detecting Microsoft 365 and Azure Active Directory Backdoors
www.fireeye.com/blog/threat-research/2020/09/detecting-microsoft-365-azure-active-directory-backdoors.html Mandiant has seen an uptick in incidents involving Microsoft 365 (M365) and Azure Active Directory (Azure AD). Most of these incidents are the result of a phishing email coercing a user to enter their credentials used for accessing M365 into a phishing site. Other incidents have been a result of password spraying, password stuffing, or simple brute force attempts against M365 tenants. In almost all of these incidents, the user or account was not protected by multi-factor authentication (MFA).
Prepare your shocked faces: Crypto-coin exchange boss laundered millions of bucks for online auction crooks
www.theregister.com/2020/09/30/bitcoin_exchange_laundering/ A Bulgarian man has been convicted of laundering through his cryptocurrency exchange at least £4m ($5m) his fellow crooks had cheated out of hundreds of people online. Rossen Iossifov, 53, who ran the RG Coins exchange, was on Monday found guilty of conspiracy to commit racketeering, and conspiracy to commit money laundering, following a two-week trial.
CISA Releases Telework Essentials Toolkit
us-cert.cisa.gov/ncas/current-activity/2020/09/30/cisa-releases-telework-essentials-toolkit The Cybersecurity and Infrastructure Security Agency (CISA) has released the Telework Essentials Toolkit, a comprehensive resource of telework best practices. The Toolkit provides three personalized modules for executive leaders, IT professionals, and teleworkers. Each module outlines distinctive security considerations appropriate for their role
CISA and MS-ISAC Release Ransomware Guide
us-cert.cisa.gov/ncas/current-activity/2020/09/30/cisa-and-ms-isac-release-ransomware-guide The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a joint Ransomware Guide that details practices that organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The in-depth guide provides actionable best practices for ransomware prevention as well as a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans.