The London, U.K.-based startup — now known as just Urban — left its Google-hosted ElasticSearch database online without a password, allowing anyone to read hundreds of thousands of customer and staff records. Anyone who knew where to look could access, edit or delete the database.
In 2015, Beijing based laptop manufacturer and seemingly reliable technology company Lenovo made headlines that its 750,000 laptops had pre-installed adware called VisualDiscovery developed by Superfish.
Smart speakers raise a number of privacy questions, which owners are choosing to just shrug off.
Many devices have a mute button that allows the user to turn off the microphone, for example, but the researchers found most users had never used it.
It was also rare for users to go through their activity logs, where they can review and delete recordings. Instead of using this feature to protect personal privacy, the researchers found users were actually using it to spy on housesitters and babysitters.
The module “event-stream” was infected with malware by an anonymous someone who became an admin on the project.
Cory Doctorow points out that this is a clever new attack vector:
Many open source projects attain a level of “maturity” where no one really needs any new features and there aren’t a lot of new bugs being found, and the contributors to these projects dwindle, often to a single maintainer who is generally grateful for developers who take an interest in these older projects and offer to share the choresome, intermittent work of keeping the projects alive.
Catalin Cimpanu / ZDNet:
Dell says it detected hackers “attempting to extract Dell.com customer information”, such as customer names, email addresses, and hashed passwords, on Nov. 9
Google this week announced the general availability of secure LDAP, after introducing the capability in October at Next ’18 London.
Allowing customers to manage access to traditional LDAP-based apps and IT infrastructure, it can be used with either G Suite or Cloud Identity, Google’s managed identity and access management (IAM) platform.
Secure LDAP, the Internet search giant explains, supports management of access to both software-as-a-service (SaaS) apps and traditional LDAP-based apps/infrastructure, regardless of whether on-premises or in the cloud, via a single IAM platform.
Secure LDAP enables authentication, authorization, and user/group lookups and, because the same user directory is used for both SaaS and LDAP apps, logging into services like G Suite and other SaaS apps is similar to that for traditional applications.
A potentially serious vulnerability discovered by researchers in the Zoom video conferencing application can allow external attackers or malicious insiders to hijack screen controls, spoof chat messages, and remove attendees from a session.
No money was paid and no information was lost during a ransomware cyberattack that exploited a cloud-based vulnerability in the Colorado Department of Transportation’s computer network last spring, officials said Wednesday.
CDOT was one of several government agencies across the country targeted by two Iranian computer hackers in the sweeping extortion scheme, according to a grand jury indictment filed in New Jersey federal court on Wednesday.
Indian police said Thursday they have arrested nearly two dozen people on suspicion of defrauding people around the world by sending fake pop-up messages warning them that their computers were infected with a virus and offering to fix the problem at a price.
Amazon Web Services on Wednesday announced the launch of AWS Security Hub, a service designed to aggregate and prioritize alerts from AWS and third-party security tools.
Unveiled at the AWS re:Invent 2018 conference, AWS Security Hub provides organizations a comprehensive view of their security status by consuming, aggregating, organizing and prioritizing data from Amazon GuardDuty, Amazon Inspector, Amazon Macie, and tools from AWS partners.
The fight against terrorism-related content and illegal financing online is speeding up thanks to new platforms that join up different internet-scouring technologies to create a comprehensive picture of terrorist activity.
Ransomware, DDoS extortion, and encrypted communications abound as cybercriminals in the region refine their tradecraft.
Ransomware infections increased by 233% this past year in the Middle East and North Africa as part of a shift toward more savvy and aggressive cybercrime operations in a region where criminals just last year mostly were sharing malware tools, phony documents, and services for free or on the cheap.
Symantec says the biz that accused it of conspiring with others to avoid independent security audits is “less than honest” and driven by a “thirst for profits.”
On the same day that certain types of British state-backed hacking now need a judge-issued warrant to carry out, GCHQ has lifted the veil and given the infosec world a glimpse inside its vuln-hoarding policies.
The spying agency’s internal Equities Process is the way by which it decides whether or not to tell tech vendors that its snoopers have discovered a hardware or software vulnerability.
Starwood Hotels has confirmed its hotel guest database of about 500 million customers has been stolen in a data breach.
The hotel and resorts giant said in a statement filed with U.S. regulators that the “unauthorized access” to its guest database was detected on or before September 10 — but may have dated back as far as 2014.
“Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014,”
UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign. These injections expose machines living behind the router to the Internet and appear to target the service ports used by SMB.
In our research Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries, we not only found exposed industrial control system (ICS) human machine interfaces (HMIs) but also pointed out how these systems were at risk. This risk is corroborated by the active interest in water and energy ICSs shown by different kinds of cybercriminal groups.
Trend Micro security researchers have discovered an AutoIt-compiled worm that infects removable drives to spread the njRAT backdoor to other machines.
Also known as Bladabindi, the njRAT remote access Trojan has been around since at least 2013 and is considered one of the most prevalent malware families out there. The threat provides attackers with remote access to the infected machines, can steal passwords and virtual coins, log keystrokes, launch distributed denial of service (DDoS) attacks, and lock the screen.
Security blogger Brian Krebs revealed recently that an API used by the United States Postal Service (USPS) had a vulnerability that potentially exposed the data of 60 million customers.
Hospital network Atrium Health informed patients on Tuesday that their personal information was compromised following a breach at technology solutions provider AccuDoc.
The popular EventStream Node.js library was recently modified to fetch malicious code designed to steal crypto-currencies.
Designed as a toolkit to make creating and working with streams easy, the JavaScript package has around two million downloads a week, which makes it a valuable resource to application developers and malicious actors alike.
Comprised of over 1,000 lines of code, Linux.BtcMine.174 (the company is better at identifying malware than giving it a headline-friendly name), is particularly malicious thanks to the number of ways it attacks its host computer.
Mozilla is moving forward with yet another project designed to provide users with increased security: it is now testing DNS-over-HTTPS (DoH) in Firefox stable.
Only a small group of users will enjoy the feature for now, as it is still in the testing phase, but Mozilla is determined to work with industry players for a larger rollout. When that will happen, however, remains to be seen.
Mozilla has been already testing DoH in its browser, looking into the time it takes to get a response from Cloudflare’s DoH resolver. With the test results positive, revealing great performance improvements even for the slowest users, the Internet organization has decided to move forward with its plans.
“A recent test in our Beta channel confirmed that DoH is fast and isn’t causing problems for our users. However, those tests only measure the DNS operation itself, which isn’t the whole story,” Mozilla’s Selena Deckelmann explains.
MITRE Corporation’s ATT&CK framework has been used to evaluate enterprise security products from several vendors to determine how efficient they are in detecting and responding to attacks launched by sophisticated threat groups.
MITRE is a not-for-profit company involved in federally funded research and development projects in various areas, including cybersecurity. Its Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Matrix is a framework that describes the techniques used by adversaries, including related to persistence, privilege escalation, defense evasion, credential access, discovery, data collection, lateral movement, command and control, and execution.
In the first round of evaluations performed by Mitre, the threat actor’s tactics and techniques were tested against products from Carbon Black, CrowdStrike, CounterTack, Endgame, Microsoft, RSA and SentinelOne.
Facebook on Wednesday said it considered charging application makers to access data at the social network.
Such a move would have been a major shift away from the policy of not selling Facebook members’ information, which the social network has stressed in the face of criticism alleging it is more interested in making money than protecting privacy.
“To be clear, Facebook has never sold anyone’s data,” director of developer platforms and programs Konstantinos Papamiltiadis said in response to an AFP inquiry.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
558 Comments
Tomi Engdahl says:
This is PARODY:
China Unable To Recruit Hackers Fast Enough To Keep Up With Vulnerabilities In U.S. Security Systems
https://www.theonion.com/china-unable-to-recruit-hackers-fast-enough-to-keep-up-1819578374
Tomi Engdahl says:
Pegasus Spyware Targets Investigative Journalists in Mexico
https://threatpost.com/pegasus-spyware-targets-investigative-journalists-in-mexico/139424/
Tomi Engdahl says:
Google faces GDPR complaint over ‘deceptive’ location tracking
https://techcrunch.com/2018/11/27/google-faces-gdpr-complaint-over-deceptive-location-tracking/?sr_share=facebook&utm_source=tcfbpage
Tomi Engdahl says:
Urban Massage exposed a huge customer database, including sensitive comments on its creepy clients
https://techcrunch.com/2018/11/27/urban-massage-data-exposed-customers-creepy-clients/?utm_source=tcfbpage&sr_share=facebook
The London, U.K.-based startup — now known as just Urban — left its Google-hosted ElasticSearch database online without a password, allowing anyone to read hundreds of thousands of customer and staff records. Anyone who knew where to look could access, edit or delete the database.
Tomi Engdahl says:
Dunkin’ Donuts accounts may have been hacked in credential stuffing attack
https://www.zdnet.com/article/dunkin-donuts-accounts-may-have-been-hacked-in-credential-stuffing-attack/
Hackers were after user accounts in the company’s rewards points program.
Tomi Engdahl says:
Hackers can exploit this bug in surveillance cameras to tamper with footage
https://www.zdnet.com/article/hackers-can-exploit-these-bugs-in-surveillance-cameras-to-tamper-with-footage/
Researchers have uncovered a vulnerability which can be used to completely compromise surveillance cameras and feeds.
Tomi Engdahl says:
GCHQ: We don’t tell tech companies about every software flaw
https://www.zdnet.com/article/gchq-we-dont-tell-tech-companies-about-every-software-flaw/
UK intelligence service details when it won’t tell vendors that their software is vulnerable to attack and why that is.
Tomi Engdahl says:
Dell announces security breach
https://www.zdnet.com/google-amp/article/dell-announces-security-breach/?__twitter_impression=true
Company says it detected an intrusion at the start of the month, but financial data was not exposed.
Tomi Engdahl says:
Sennheiser discloses monumental blunder that cripples HTTPS on PCs and Macs
https://arstechnica.com/information-technology/2018/11/sennheiser-discloses-monumental-blunder-that-cripples-https-on-pcs-and-macs/
Poorly secured certificate lets hackers impersonate any website on the Internet.
Tomi Engdahl says:
Lenovo to pay $7.3m for installing adware in 750,000 laptops
https://www.hackread.com/lenovo-to-pay-fine-for-installing-adware-in-laptops/
In 2015, Beijing based laptop manufacturer and seemingly reliable technology company Lenovo made headlines that its 750,000 laptops had pre-installed adware called VisualDiscovery developed by Superfish.
Tomi Engdahl says:
https://www.wired.com/story/russian-hackers-us-power-grid-attacks/
Russian Hackers Haven’t Stopped Probing the US Power Grid | WIRED
Tomi Engdahl says:
People Who Buy Smart Speakers Have Given Up on Privacy, Researchers Find
https://motherboard.vice.com/en_us/article/vba7xj/people-who-buy-smart-speakers-have-given-up-on-privacy-researchers-find
Smart speakers raise a number of privacy questions, which owners are choosing to just shrug off.
Many devices have a mute button that allows the user to turn off the microphone, for example, but the researchers found most users had never used it.
It was also rare for users to go through their activity logs, where they can review and delete recordings. Instead of using this feature to protect personal privacy, the researchers found users were actually using it to spy on housesitters and babysitters.
Tomi Engdahl says:
Distributing Malware By Becoming an Admin on an Open-Source Project
https://www.schneier.com/blog/archives/2018/11/distributing_ma.html
The module “event-stream” was infected with malware by an anonymous someone who became an admin on the project.
Cory Doctorow points out that this is a clever new attack vector:
Many open source projects attain a level of “maturity” where no one really needs any new features and there aren’t a lot of new bugs being found, and the contributors to these projects dwindle, often to a single maintainer who is generally grateful for developers who take an interest in these older projects and offer to share the choresome, intermittent work of keeping the projects alive.
Malware vector: become an admin on dormant, widely-used open source projects
https://boingboing.net/2018/11/26/candy-from-strangers.html
Tomi Engdahl says:
Hackers are using leaked NSA hacking tools to quietly hijack thousands of computers
https://techcrunch.com/2018/11/28/hackers-nsa-eternalblue-exploit-hijack-computers/?sr_share=facebook&utm_source=tcfbpage
Tomi Engdahl says:
Multiple vulnerabilities in FreeBSD NFS server code
https://www.cyberciti.biz/security/multiple-vulnerabilities-freebsd-nfs-server-code/
Tomi Engdahl says:
Catalin Cimpanu / ZDNet:
Dell says it detected hackers “attempting to extract Dell.com customer information”, such as customer names, email addresses, and hashed passwords, on Nov. 9
Dell announces security breach
https://www.zdnet.com/article/dell-announces-security-breach/
Company says it detected an intrusion at the start of the month, but financial data was not exposed.
Tomi Engdahl says:
US Senate computers will use disk encryption
https://www.zdnet.com/article/us-senate-computers-will-use-disk-encryption/
New security measure is meant to protect sensitive Senate data on stolen Senate laptops and computers.
Tomi Engdahl says:
After Microsoft complaints, Indian police arrest tech support scammers at 26 call centers
https://www.zdnet.com/article/after-microsoft-complaints-indian-police-arrest-tech-support-scammers-at-26-call-centers/
Indian police raid 26 call centers, make 63 arrests.
Tomi Engdahl says:
Google Makes Secure LDAP Generally Available
https://www.securityweek.com/google-makes-secure-ldap-generally-available
Google this week announced the general availability of secure LDAP, after introducing the capability in October at Next ’18 London.
Allowing customers to manage access to traditional LDAP-based apps and IT infrastructure, it can be used with either G Suite or Cloud Identity, Google’s managed identity and access management (IAM) platform.
Secure LDAP, the Internet search giant explains, supports management of access to both software-as-a-service (SaaS) apps and traditional LDAP-based apps/infrastructure, regardless of whether on-premises or in the cloud, via a single IAM platform.
Secure LDAP enables authentication, authorization, and user/group lookups and, because the same user directory is used for both SaaS and LDAP apps, logging into services like G Suite and other SaaS apps is similar to that for traditional applications.
Tomi Engdahl says:
Zoom Conferencing App Exposes Enterprises to Attacks
https://www.securityweek.com/zoom-conferencing-app-exposes-enterprises-attacks
A potentially serious vulnerability discovered by researchers in the Zoom video conferencing application can allow external attackers or malicious insiders to hijack screen controls, spoof chat messages, and remove attendees from a session.
Tomi Engdahl says:
Brazilian Financial Malware Spreads Beyond National Boundaries
https://www.securityweek.com/brazilian-financial-malware-spreads-beyond-national-boundaries
Brazilian Actors Expand Financial Malware Campaigns to Attack Spanish-Speaking Countries
Tomi Engdahl says:
Colorado Agency Targeted in Nationwide Ransomware Scheme
https://www.securityweek.com/colorado-agency-targeted-nationwide-ransomware-scheme
No money was paid and no information was lost during a ransomware cyberattack that exploited a cloud-based vulnerability in the Colorado Department of Transportation’s computer network last spring, officials said Wednesday.
CDOT was one of several government agencies across the country targeted by two Iranian computer hackers in the sweeping extortion scheme, according to a grand jury indictment filed in New Jersey federal court on Wednesday.
Tomi Engdahl says:
Cisco Patches SQL Injection Flaw in Prime License Manager
https://www.securityweek.com/cisco-patches-sql-injection-flaw-prime-license-manager
Tomi Engdahl says:
Indian Police Break Up International Computer Virus Scam
https://www.securityweek.com/indian-police-break-international-computer-virus-scam
Indian police said Thursday they have arrested nearly two dozen people on suspicion of defrauding people around the world by sending fake pop-up messages warning them that their computers were infected with a virus and offering to fix the problem at a price.
Tomi Engdahl says:
AWS Security Hub Aggregates Alerts From Third-Party Tools
https://www.securityweek.com/aws-security-hub-aggregates-alerts-third-party-tools
Amazon Web Services on Wednesday announced the launch of AWS Security Hub, a service designed to aggregate and prioritize alerts from AWS and third-party security tools.
Unveiled at the AWS re:Invent 2018 conference, AWS Security Hub provides organizations a comprehensive view of their security status by consuming, aggregating, organizing and prioritizing data from Amazon GuardDuty, Amazon Inspector, Amazon Macie, and tools from AWS partners.
Tomi Engdahl says:
Healthcare billing biz AccuDoc ‘fesses up to breach that blabbed 2.65m people’s data
https://www.theregister.co.uk/2018/11/29/accudoc_atrium_health_data_breach/
Names, addresses, social security numbers exposed
Tomi Engdahl says:
‘Big picture’ platforms boost fight against online terror activity
https://horizon-magazine.eu/article/big-picture-platforms-boost-fight-against-online-terror-activity.html?utm_source=fb&utm_medium=share
The fight against terrorism-related content and illegal financing online is speeding up thanks to new platforms that join up different internet-scouring technologies to create a comprehensive picture of terrorist activity.
Tomi Engdahl says:
Middle East, North Africa Cybercrime Ups Its Game
https://www.darkreading.com/vulnerabilities—threats/middle-east-north-africa-cybercrime-ups-its-game/d/d-id/1333354
Ransomware, DDoS extortion, and encrypted communications abound as cybercriminals in the region refine their tradecraft.
Ransomware infections increased by 233% this past year in the Middle East and North Africa as part of a shift toward more savvy and aggressive cybercrime operations in a region where criminals just last year mostly were sharing malware tools, phony documents, and services for free or on the cheap.
Tomi Engdahl says:
Symantec comes out in swinging in bitter legal battle over security bug audit conspiracy claims
Profit driving NSS claims of industry boycott, antivirus makers swear
https://www.theregister.co.uk/2018/11/29/symantec_attacks_nss_labs/
Symantec says the biz that accused it of conspiring with others to avoid independent security audits is “less than honest” and driven by a “thirst for profits.”
https://regmedia.co.uk/2018/11/28/symantec-nss-labs.pdf
Tomi Engdahl says:
GCHQ opens kimono for infosec world to ogle its vuln disclosure process
Plus: State-backed hacks now need permission from a judge
https://www.theregister.co.uk/2018/11/29/gchq_vuln_disclosures_judge_hacking_warrants/
On the same day that certain types of British state-backed hacking now need a judge-issued warrant to carry out, GCHQ has lifted the veil and given the infosec world a glimpse inside its vuln-hoarding policies.
The spying agency’s internal Equities Process is the way by which it decides whether or not to tell tech vendors that its snoopers have discovered a hardware or software vulnerability.
Tomi Engdahl says:
OneDrive is broken: Microsoft’s cloudy storage drops from the sky for EU users
Wonderful, wonderful
https://www.theregister.co.uk/2018/11/29/microsoft_onedrive_down/
It is OneDrive’s turn to get a beating with the stick of fail as the service took a tumble this morning.
Tomi Engdahl says:
Marriott says 500 million Starwood guest records stolen in massive data breach
https://techcrunch.com/2018/11/30/starwood-hotels-says-500-million-guest-records-stolen-in-massive-data-breach/
Starwood Hotels has confirmed its hotel guest database of about 500 million customers has been stolen in a data breach.
The hotel and resorts giant said in a statement filed with U.S. regulators that the “unauthorized access” to its guest database was detected on or before September 10 — but may have dated back as far as 2014.
“Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014,”
Tomi Engdahl says:
UPnProxy: EternalSilence
https://blogs.akamai.com/sitr/2018/11/upnproxy-eternalsilence.html
UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign. These injections expose machines living behind the router to the Internet and appear to target the service ports used by SMB.
https://www.akamai.com/cn/zh/multimedia/documents/white-paper/upnproxy-blackhat-proxies-via-nat-injections-white-paper.pdf
Tomi Engdahl says:
Dell discloses attempted data breach
We don’t know if it was successful or not.
https://www.itproportal.com/news/dell-discloses-attempted-data-breach/
Tomi Engdahl says:
Water and Energy Sectors Through the Lens of the Cybercriminal Underground
https://blog.trendmicro.com/trendlabs-security-intelligence/water-and-energy-sectors-through-the-lens-of-the-cybercriminal-underground/
In our research Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries, we not only found exposed industrial control system (ICS) human machine interfaces (HMIs) but also pointed out how these systems were at risk. This risk is corroborated by the active interest in water and energy ICSs shown by different kinds of cybercriminal groups.
Critical Infrastructures Exposed and at Risk: Energy and Water Industries
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/exposed-and-vulnerable-critical-infrastructure-the-water-energy-industries
Securing energy and water should remain top priority in the continuing integration of the industrial internet of things in these critical sectors.
Tomi Engdahl says:
Sennheiser discloses monumental blunder that cripples HTTPS on PCs and Macs
Poorly secured certificate lets hackers impersonate any website on the Internet.
https://arstechnica.com/information-technology/2018/11/sennheiser-discloses-monumental-blunder-that-cripples-https-on-pcs-and-macs/
https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf
Tomi Engdahl says:
The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia
https://researchcenter.paloaltonetworks.com/2018/11/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/
Tomi Engdahl says:
Google Accused of Manipulation to Track Users
https://www.securityweek.com/google-accused-manipulation-track-users
Tomi Engdahl says:
AutoIt-Compiled Worm Spreads Backdoor via Removable Drives
https://www.securityweek.com/autoit-compiled-worm-spreads-backdoor-removable-drives
Trend Micro security researchers have discovered an AutoIt-compiled worm that infects removable drives to spread the njRAT backdoor to other machines.
Also known as Bladabindi, the njRAT remote access Trojan has been around since at least 2013 and is considered one of the most prevalent malware families out there. The threat provides attackers with remote access to the infected machines, can steal passwords and virtual coins, log keystrokes, launch distributed denial of service (DDoS) attacks, and lock the screen.
Tomi Engdahl says:
Threat Actor Targets Middle East With DNS Redirections
https://www.securityweek.com/threat-actor-targets-middle-east-dns-redirections
Tomi Engdahl says:
Industry Reactions to USPS Exposing User Data
https://www.securityweek.com/industry-reactions-usps-exposing-user-data
Security blogger Brian Krebs revealed recently that an API used by the United States Postal Service (USPS) had a vulnerability that potentially exposed the data of 60 million customers.
Tomi Engdahl says:
Data Breach Hits 2.6 Million Atrium Health Patients
https://www.securityweek.com/data-breach-hits-26-million-atrium-health-patients
Hospital network Atrium Health informed patients on Tuesday that their personal information was compromised following a breach at technology solutions provider AccuDoc.
Tomi Engdahl says:
Cryptocurrency-Stealing Code Distributed via Popular Library
https://www.securityweek.com/cryptocurrency-stealing-code-distributed-popular-library
The popular EventStream Node.js library was recently modified to fetch malicious code designed to steal crypto-currencies.
Designed as a toolkit to make creating and working with streams easy, the JavaScript package has around two million downloads a week, which makes it a valuable resource to application developers and malicious actors alike.
Tomi Engdahl says:
Worried About Facebook Tracking Your Data? A Fake Account Might Help.
https://m.huffingtonpost.co.uk/entry/facebook-tracker-selling-data-fake-account_us_5bf454a7e4b0c097a8e08b31?fbclid=IwAR0kEHVmRfp7K5NninGJIlNpYQIUA5zU5l2ujWMdKSqjb_PIixiuG-VIlhY
When it comes to your personal information online, there’s no such thing as “delete.”
Tomi Engdahl says:
This Linux virus is a total jerk, even by malware standards
No Linux given
https://www.theinquirer.net/inquirer/news/3066979/this-linux-virus-is-a-total-jerk-even-by-malware-standards
Comprised of over 1,000 lines of code, Linux.BtcMine.174 (the company is better at identifying malware than giving it a headline-friendly name), is particularly malicious thanks to the number of ways it attacks its host computer.
Tomi Engdahl says:
Mozilla Testing DNS-over-HTTPS in Firefox
https://www.securityweek.com/mozilla-testing-dns-over-https-firefox
Mozilla is moving forward with yet another project designed to provide users with increased security: it is now testing DNS-over-HTTPS (DoH) in Firefox stable.
Only a small group of users will enjoy the feature for now, as it is still in the testing phase, but Mozilla is determined to work with industry players for a larger rollout. When that will happen, however, remains to be seen.
Mozilla has been already testing DoH in its browser, looking into the time it takes to get a response from Cloudflare’s DoH resolver. With the test results positive, revealing great performance improvements even for the slowest users, the Internet organization has decided to move forward with its plans.
“A recent test in our Beta channel confirmed that DoH is fast and isn’t causing problems for our users. However, those tests only measure the DNS operation itself, which isn’t the whole story,” Mozilla’s Selena Deckelmann explains.
Tomi Engdahl says:
MITRE Uses ATT&CK Framework to Evaluate Enterprise Security Products
https://www.securityweek.com/mitre-uses-attck-framework-evaluate-enterprise-security-products
MITRE Corporation’s ATT&CK framework has been used to evaluate enterprise security products from several vendors to determine how efficient they are in detecting and responding to attacks launched by sophisticated threat groups.
MITRE is a not-for-profit company involved in federally funded research and development projects in various areas, including cybersecurity. Its Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Matrix is a framework that describes the techniques used by adversaries, including related to persistence, privilege escalation, defense evasion, credential access, discovery, data collection, lateral movement, command and control, and execution.
In the first round of evaluations performed by Mitre, the threat actor’s tactics and techniques were tested against products from Carbon Black, CrowdStrike, CounterTack, Endgame, Microsoft, RSA and SentinelOne.
https://attackevals.mitre.org/evaluations.html
Tomi Engdahl says:
New PowerShell Backdoor Resembles “MuddyWater” Malware
https://www.securityweek.com/new-powershell-backdoor-resembles-muddywater-malware
A recently discovered PowerShell-based backdoor is strikingly similar to malware employed by the MuddyWater threat actor, Trend Micro reports.
New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools
https://blog.trendmicro.com/trendlabs-security-intelligence/new-powershell-based-backdoor-found-in-turkey-strikingly-similar-to-muddywater-tools/
Tomi Engdahl says:
Marriott Hit by Massive Data Breach: 500 Million Starwood Customers Impacted
https://www.securityweek.com/marriott-hit-massive-data-breach-500-million-starwood-customers-impacted
Tomi Engdahl says:
Facebook Mulled Charging for Access to User Data
https://www.securityweek.com/facebook-mulled-charging-access-user-data
Facebook on Wednesday said it considered charging application makers to access data at the social network.
Such a move would have been a major shift away from the policy of not selling Facebook members’ information, which the social network has stressed in the face of criticism alleging it is more interested in making money than protecting privacy.
“To be clear, Facebook has never sold anyone’s data,” director of developer platforms and programs Konstantinos Papamiltiadis said in response to an AFP inquiry.