Widespread android applications still exposed to vulnerability on google play core library
blog.checkpoint.com/2020/12/03/widespread-android-applications-still-exposed-to-vulnerability-on-google-play-core-library/ A new vulnerability for the Google Play Core Library was published late August, given the CVE-2020-8913, which allows Local-Code-Execution (LCE) within the scope of any application that has the vulnerable version of the Google Play Core Library. Code execution is an attackers ability to execute arbitrary commands or code. The Play Core Library is the apps runtime interface with the Google Play Store.
TrickBot’s new module aims to infect your UEFI firmware
www.bleepingcomputer.com/news/security/trickbots-new-module-aims-to-infect-your-uefi-firmware/ TrickBot malware developers have created a new module that probes for UEFI vulnerabilities, demonstrating the actors effort to take attacks at a level that would give them ultimate control over infected machines. With access to UEFI firmware, a threat actor would establish on the compromised machine persistence that resists operating system reinstalls or replacing of storage drives. Malicious code planted in the firmware (bootkits) is invisible to security solutions operating on top of the operating system because it loads before everything else, in the initial stage of a computers booting sequence.. Also:
Another LILIN DVR 0-day being used to spread Mirai
blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ In March, we reported that multiple botnets, including Chalubo, Fbot, Moobot were using a same 0 day vulnerability to attack LILIN DVR devices, the vendor soon fixed the vulnerability. On August 26, 2020, our Anglerfish honeypot detected that another new LILIN DVR/NVR 0-day paired with system default credential operxxxx:xxxxx(masked for security concern) were used to spread Mirai sample. On September 21, 2020, we reported the finding to the Merit LILIN contact, and the vendor fixed the vulnerability overnight, and also provided us a firmware fix ver 18.104.22.16818.
Egregor Ransomware, Used in a String of High-Profile Attacks, Shows Connections to QakBot
www.recordedfuture.com/egregor-ransomware-attacks/ Egregor ransomware is a complex piece of malware that appears to be associated with the operators of QakBot. The ransomware has been used against organizations across many industries since its debut in September 2020 and is likely to continue to present a threat to organizations in the future. Unlike most ransomware variants, Egregors payload cannot be executed or decrypted fully without the correct cryptographic key provided to the malware at runtime, rendering static or dynamic analysis impossible.
What did DeathStalker hide between two ferns?
IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain
securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/ At the onset of the COVID-19 pandemic, IBM Security X-Force created a threat intelligence task force dedicated to tracking down COVID-19 cyber threats against organizations that are keeping the vaccine supply chain moving. As part of these efforts, our team recently uncovered a global phishing campaign targeting organizations associated with a COVID-19 cold chain. The cold chain is a component of the vaccine supply chain that ensures the safe preservation of vaccines in temperature-controlled environments during their storage and transportation.
The NCSC Annual Review 2020
www.ncsc.gov.uk/news/annual-review-2020 Since the National Cyber Security Centre (NCSC) was created in 2016 as part of the governments five-year National Cyber Security Strategy, it has worked to make the UK the safest place to live and work online. This Annual Review of its fourth year looks back at some of the key developments and highlights from the NCSCs work between 1st September 2019 and 31st August 2020.
Clop Gang Makes Off with 2M Credit Cards from E-Land
threatpost.com/clop-gang-2m-credit-cards-eland/161833/ The Clop ransomware group is at it again. On Thursday, the gang claimed that it stole 2 million credit cards from South Korean retailer E-Land over a one-year period, in a campaign that culminated with a ransomware attack on the companys headquarters in November. Operators of Clop ransomware reportedly said that they were responsible for the November attack that forced E-Land a subsidiary of E-Land Global to shut down 23 of its New Core and NC Department Store locations.
Kmart nationwide retailer suffers a ransomware attack
www.bleepingcomputer.com/news/security/kmart-nationwide-retailer-suffers-a-ransomware-attack/ US department store Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned. ears Holding Corp originally owned both Kmart and Sears, but after the company filed for bankruptcy in 2018, it was purchased by Transform Holdco LLC (Transformco) in 2019. While Kmart has been a household name in the USA, its number has dwindled over the past two years to only 34 stores remaining.
Data of 243 million Brazilians exposed online via website source code
www.zdnet.com/article/data-of-243-million-brazilians-exposed-online-via-website-source-code/ he personal information of more than 243 million Brazilians, including alive and deceased, has been exposed online after web developers left the password for a crucial government database inside the source code of an official Brazilian Ministry of Health’s website for at least six months. The security snafu was discovered by reporters from Brazilian newspaper Estadao, the same newspaper that last week discovered that a Sao Paolo hospital leaked personal and health information for more than 16 million Brazilian COVID-19 patients after an employee uploaded a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub.
Näin toimii hälärihuijaus Tappiosumma voi pyörähtää satoihin euroihin
www.is.fi/digitoday/tietoturva/art-2000007658755.html Suomalaisille soitellaan ainakin kahdenlaisia huijauspuheluita. Toiset ovat teknisen tuen huijauksia, joissa vastaaja yritetään naruttaa päästämään soittaja etäyhteydellä tietokoneelleen. Toiset taas ovat wangiri- eli hälärihuijauksia, jotka perustuvat siihen, että puhelin soi vain hetken ja henkilön toivotaan soittavan takaisin mikä käy kalliiksi. Wangirihälärit eli takaisinsoittohuijaukset olivat keväällä iso ongelma, nyt on menty useampi kuukausi yksittäisillä [päivittäisillä] ilmoituksilla, sanoo Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Ville Kontinen.
Researchers Bypass Next-Generation Endpoint Protection
www.darkreading.com/endpoint/researchers-bypass-next-generation-endpoint-protection/d/d-id/1339593 Just because your endpoint security product employs machine learning (ML) doesn’t mean it can’t be manipulated to miss malware, new research shows. A pair of researchers will demonstrate at Black Hat Europe next week how they were able to bypass ML-based, next-generation anti-malware products. Unlike previous research that reverse-engineered the next-generation endpoint tool such as Skylight’s bypass of Cylance’s endpoint product in 2018 the researchers instead were able to cheat the so-called static analysis malware classifiers used in some next-gen anti-malware products without reverse engineering them.
Heightened Awareness for Iranian Cyber Activity
us-cert.cisa.gov/ncas/current-activity/2020/12/03/heightened-awareness-iranian-cyber-activity Iranian cyber threat actors have been continuously improving their offensive cyber capabilities. They continue to engage in more conventional offensive cyber activities ranging from website defacement, distributed denial of service (DDoS) attacks, and theft of personally identifiable information (PII), to more advanced activitiesincluding social media-driven influence operations, destructive malware, and, potentially, cyber-enabled kinetic attacks.
Oletko saanut ilmoituksen paketista, jota et tiennyt tilanneesi? Niin tuhannet muutkin, sillä nyt on tekstiviestihuijausten sesonki
yle.fi/uutiset/3-11679223 Traficomista arvioidaan, että huijausviestien kohteeksi joutuneiden ihmisten yhteystiedot on saatettu saada vanhojen tietovuotojen kautta. Tuhannet suomalaiset ovat viime päivinä saaneet huijaustekstiviestejä, arvioi tietoturva-asiantuntija Ville Kontinen Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksesta. Traficom on tiistain jälkeen saanut reilut 40 ilmoitusta huijausviesteistä. Koska meille ilmoittaa vain rajallinen määrä, niin varovainen arvio on, että vastaanottajia on Suomessa tuhansia, Kontinen ynnää.