This posting is here to collect cyber security news September 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
251 Comments
Tomi Engdahl says:
Researcher reveals Google Maps XSS bug, patch bypass
https://www.zdnet.com/article/researcher-reveals-google-maps-xss-bug-patch-bypass/
The bounty was doubled after the bug bounty hunter realized the
original fix had failed.
Tomi Engdahl says:
France, Japan, New Zealand warn of sudden spike in Emotet attacks
https://www.zdnet.com/article/france-japan-new-zealand-warn-of-sudden-spike-in-emotet-attacks/
N.B. In addition to the countries mentioned in the article Finland and
Norway have also released warnings about Emotet activity in recent
weeks. NCSC-FI:
https://www.kyberturvallisuuskeskus.fi/en/emotet-malware-actively-spread-finland
Tomi Engdahl says:
Cryptobugs Found in Numerous Google Play Store Apps
https://threatpost.com/cryptobugs-found-in-numerous-google-play-store-apps/159013/
A new dynamic tool developed by Columbia University researchers
flagged cryptography mistakes made in more than 300 popular Android
apps. Academics from Columbia University developed a custom tool,
CRYLOGGER, that analyzes Android applications for unsafe use of
cryptographic code according to 26 basic cryptography rules. Those
rules include avoiding the use of: broken hash functions, bad
passwords, reusing passwords multiple times, HTTP URL connections or a
“badly-derived” key for encryption.
Tomi Engdahl says:
Microsoft Patches 129 Vulnerabilities With September 2020 Security Updates
https://www.securityweek.com/microsoft-patches-129-vulnerabilities-september-2020-security-updates
Microsoft’s Patch Tuesday updates for September 2020 fix 129 vulnerabilities, but the company says none of them has been exploited in attacks or made public before patches were released.
The tech giant has assigned a critical severity rating to 23 of the vulnerabilities affecting Windows, web browsers, Dynamics 365, SharePoint, Exchange and Visual Studio. Each of the critical flaws can be exploited for remote code execution.
Tomi Engdahl says:
Researchers Spot First Cloud Attack Abusing Legitimate Tool
https://www.securityweek.com/researchers-spot-first-cloud-attack-abusing-legitimate-tool
A hacking group was observed employing a legitimate tool to gain visibility into and control of compromised cloud environments, threat detection and response company Intezer reported on Tuesday.
Referred to as TeamTNT, the group was previously seen employing a worm to target Docker and Kubernetes systems in order to search for and exfiltrate local credentials, including AWS login information. The hackers deploy cryptocurrency miners onto the affected machines.
In a recent attack, however, the adversary no longer deployed malware onto the compromised systems. Instead, Weave Scope was used to map the cloud environment and execute commands.
Weave Scope provides monitoring, visualization, and control capabilities for Docker and Kubernetes, Distributed Cloud Operating System (DC/OS), and AWS Elastic Compute Cloud (ECS), as well as seamless integration with all of them.
The TeamTNT attacks, Intezer explains, usually start with malicious Docker images that are hosted on Docker Hub, but also involve the use of crypto-miners and malicious scripts. The new attack also revealed the abuse of the legitimate open source Weave Scope tool to take over the victim’s cloud infrastructure.
Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks
https://www.intezer.com/blog/cloud-workload-protection/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/
Tomi Engdahl says:
Swiss Official Airs Concerns About Data Privacy in US
https://www.securityweek.com/swiss-official-airs-concerns-about-data-privacy-us
Tomi Engdahl says:
Vulnerabilities in CodeMeter Licensing Product Expose ICS to Remote Attacks
https://www.securityweek.com/vulnerabilities-codemeter-licensing-product-expose-ics-remote-attacks
Vulnerabilities affecting CodeMeter, a popular licensing and DRM solution made by Germany-based Wibu-Systems, can expose industrial systems to remote attacks, industrial cybersecurity company Claroty warned on Tuesday.
CodeMeter is designed to protect software against piracy and reverse engineering, it offers licensing management capabilities, and it includes security features that provide protection against tampering and other attacks.
CodeMeter can be used for a wide range of applications, but it’s often present in industrial products, including industrial PCs, IIoT devices, and controllers.
CodeMeter is the successor of WibuKey, a DRM solution that in the past was found to expose industrial products from Siemens and other vendors to attacks due to the existence of potentially serious vulnerabilities.
Tomi Engdahl says:
Windows 10 Themes Can Be Abused To Steal Windows Passwords
https://tech.slashdot.org/story/20/09/08/2017228/windows-10-themes-can-be-abused-to-steal-windows-passwords?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
Specially crafted Windows 10 themes and theme packs can be used in ‘Pass-the-Hash’ attacks to steal Windows account credentials from unsuspecting users. Windows allows users to create custom themes that contain customized colors, sounds, mouse cursors, and the wallpaper that the operating system will use. Windows users can then switch between different themes as desired to change the appearance of the operating system.
https://www.bleepingcomputer.com/news/microsoft/windows-10-themes-can-be-abused-to-steal-windows-passwords/
Tomi Engdahl says:
Researcher Details Google Maps Vulnerability That Earned Him $10,000
https://www.securityweek.com/researcher-details-google-maps-vulnerability-earned-him-10000
A researcher has disclosed the details of a cross-site scripting (XSS) vulnerability in Google Maps that earned him $10,000.
Israel-based security researcher Zohar Shachar discovered the vulnerability in April 2019 and it was patched a few weeks later, but he only now disclosed his findings.
“Ever since this Google-maps fix bypass incident I started to always re-validate fixes, even for simple things, and it has been paying off. I full heartedly encourage you to do the same,” the researcher wrote on his blog.
XSS->Fix->Bypass: 10000$ bounty in Google Maps
https://www.ehpus.com/post/xss-fix-bypass-10000-bounty-in-google-maps
Tomi Engdahl says:
The Daily Mail asked us to hack their journalists. Here’s what went wrong
https://cybernews.com/security/the-daily-mail-asked-us-to-hack-their-journalists/
Tomi Engdahl says:
Netwalker ransomware hits Pakistan’s largest private power utility
https://www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-pakistans-largest-private-power-utility/
K-Electric, the sole electricity provider for Karachi, Pakistan, has
suffered a Netwalker ransomware attack that led to the disruption of
billing and online services. In a Tor payment page seen by
BleepingComputer, the ransomware operators demand a $3, 850, 000
ransom payment. If a ransom is not paid within another seven days, the
ransom will increase to $7.7 million.
Tomi Engdahl says:
TeamTNT Gains Full Remote Takeover of Cloud Instances
https://threatpost.com/teamtnt-remote-takeover-cloud-instances/159075/
Using a legitimate tool called Weave Scope, the cybercrime group is
establishing fileless backdoors on targeted Docker and Kubernetes
clusters.
Tomi Engdahl says:
Intel Releases Firmware Updates to Patch Critical Vulnerability in AMT, ISM
https://www.securityweek.com/intel-releases-firmware-updates-patch-critical-vulnerability-amt-ism
Intel this week released security patches to address a critical vulnerability in Active Management Technology (AMT) and Intel Standard Manageability (ISM).
The bug, which Intel calls improper buffer restrictions in network subsystems, could be abused by unauthorized users to escalate privileges via network access in provisioned AMT and ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39.
On un-provisioned systems, Intel reveals, an authenticated user may abuse the vulnerability to enable privilege escalation via local access.
Tracked as CVE-2020-8758, the security bug features a CVSS score of 9.8 for provisioned systems and a CVSS score of 7.8 on un-provisioned systems.
Tomi Engdahl says:
Android’s September 2020 Patches Fix Critical System Vulnerabilities
https://www.securityweek.com/androids-september-2020-patches-fix-critical-system-vulnerabilities
Google addressed two critical vulnerabilities in the Android System component as part of the newly released September 2020 set of security patches.
More than 50 flaws are described in the Android Security Bulletin for September 2020: twenty-two as part of the 2020-09-01 security patch level and twenty-nine with the 2020-09-05 security patch level.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/11131-valko-venajalla-on-kaynnissa-kybersota
Tomi Engdahl says:
Facebook told it may have to suspend EU data transfers after Schrems II ruling
https://tcrn.ch/3bH83fC
Ireland’s data protection watchdog, the DPC, has sent Facebook a preliminary order to suspend data transfers from the EU to the US, the Wall Street Journal reports, citing people familiar with the matter and including a confirmation from Facebook’s VP of global affairs, Nick Clegg.
The preliminary suspension order follows a landmark ruling by Europe’s top court this summer which both struck down a flagship data transfer arrangement between the EU and the US and cast doubt on the legality of an alternative transfer mechanism (aka SCCs) — certainly in cases where data is flowing to a non-EU entity that falls under US surveillance law.
Facebook’s use of Standard Contractual Clauses to claim a legal basis for EU data transfers therefore looks to be fast running out of borrowed time.
“The Irish Data Protection Commission has commenced an inquiry into Facebook controlled EU-US data transfers, and has suggested that SCCs cannot in practice be used for EU-US data transfers,” Cleggs writes. “While this approach is subject to further process, if followed, it could have a far reaching effect on businesses that rely on SCCs and on the online services many people and businesses rely on.”
Tomi Engdahl says:
The research, published by a group of academics from the ETH Zurich, is a PIN bypass attack that allows the adversaries to leverage a victim’s stolen or lost credit card for making high-value purchases without knowledge of the card’s PIN, and even trick a point of sale (PoS) terminal into accepting an unauthentic offline card transaction.
EMV (short for Europay, Mastercard, and Visa), the widely used international protocol standard for smartcard payment, necessitates that larger amounts can only be debited from credit cards with a PIN code.
But the setup devised by ETH researchers exploits a critical flaw in the protocol to mount a man-in-the-middle (MitM) attack via an Android app that “instructs the terminal that PIN verification is not required because the cardholder verification was performed on the consumer’s device.”
Demo: Bypassing PIN for a Visa card
https://m.youtube.com/watch?feature=youtu.be&v=JyUsMLxCCt8
Tomi Engdahl says:
RFID Scanner Credit Card Theft – see how contactless credit cards have their details stolen
https://m.youtube.com/watch?v=tIgUVrWRXMc
Tomi Engdahl says:
Equinix data center giant hit by Netwalker Ransomware, $4.5M ransom
https://www.bleepingcomputer.com/news/security/equinix-data-center-giant-hit-by-netwalker-ransomware-45m-ransom/
Data center and colocation giant Equinix has been hit with a Netwalker
ransomware attack where threat actors are demanding $4.5 million for a
decryptor and to prevent the release of stolen data. Equinix is a
massive data center and colocation provider with over 50 locations
worldwide. Customers use these data centers to colocate their
equipment or to interconnect with other ISPs and network providers.
Tomi Engdahl says:
BLURtooth vulnerability lets attackers defeat Bluetooth encryption
https://www.bleepingcomputer.com/news/security/blurtooth-vulnerability-lets-attackers-defeat-bluetooth-encryption/
BLURtooth is also suitable for man-in-the-middle (MitM) type of
attacks, with the attacker sits between two vulnerable devices that
had been linked using authenticated pairing.
Tomi Engdahl says:
BLURtooth Vulnerability Can Allow Bluetooth MITM Attacks
https://www.securityweek.com/blurtooth-vulnerability-can-allow-bluetooth-mitm-attacks
A security vulnerability in the Cross-Transport Key Derivation (CTKD) of devices supporting both Bluetooth BR/EDR and LE could allow an attacker to overwrite encryption keys, researchers have discovered.
Dubbed BLURtooth, the issue was identified independently by researchers at the École Polytechnique Fédérale de Lausanne (EPFL) in Switzerland and Purdue University. The flaw is related to CTKD in implementations where pairing and encryption with both Low Energy (LE) and Basic Rate/Enhanced Data Rate (BR/EDR) are supported, in Bluetooth specifications 4.0 through 5.0.
Tomi Engdahl says:
BLURtooth vulnerability lets attackers defeat Bluetooth encryption
https://www.bleepingcomputer.com/news/security/blurtooth-vulnerability-lets-attackers-defeat-bluetooth-encryption/
A vulnerability exists in certain implementations of Bluetooth 4.0 through 5.0 which allows an attacker to overwrite or lower the strength of the pairing key, giving them access to authenticated services.
The bug was discovered independently by two teams of academic researchers and received the name BLURtooth. It affects “dual-mode” Bluetooth devices, like modern smartphones.
Bluetooth Classic & LE devices affected
An attacker can exploit BLURtooth on devices that support both Bluetooth Classic and Low Energy (LE) data transport methods and use Cross-Transport Key Derivation (CTKD) for pairing with each other.
The former mode, needed in applications that require a higher throughput at a constant rate (e.g. headphones), is technically referred to as Basic Rate/Enhanced Data Rate (BR/EDR).
Bluetooth LE is less data-intensive and fits applications where information is needed in short bursts, as is the case with smaller sensors, which also conserves energy.
A security advisory from Carnegie Mellon CERT Coordination Center explains that when CTKD is used for pairing dual-mode Bluetooth devices, the procedure happens only once over one of the two data transport methods.
https://www.kb.cert.org/vuls/id/589825/
Tomi Engdahl says:
BLURtooth Attack (CVE-2020-15802)
https://thehackernews.com/2020/09/new-bluetooth-vulnerability.html?m=1
Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide.
Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation (CTKD) of devices supporting both — Basic Rate/Enhanced Data Rate (BR/EDR) and Bluetooth Low Energy (BLE) standard.
Dubbed ‘BLURtooth’ and tracked as CVE-2020-15802, the flaw exposes devices powered with Bluetooth 4.0 or 5.0 technology, allowing attackers to unauthorizedly connect to a targeted nearby device by overwriting the authenticated key or reducing the encryption key strength.
“Dual-mode devices using CTKD to generate a Long Term Keys (LTK)or Link Key (LK) are able to overwrite the original LTK or LK in cases where that transport was enforcing a higher level of security,” the researchers explain.
“Vulnerable devices must permit a pairing or bonding to proceed transparently with no authentication, or a weak key strength, on at least one of the BR/EDR or LE transports in order to be susceptible to attack.”
Bluetooth SIG Statement Regarding the Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy Vulnerability (BLURtooth)
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/
For this attack to be successful, an attacking device would need to be within wireless range of a vulnerable Bluetooth device supporting both BR/EDR and LE transports that supports CTKD between the transports and permits pairing on either the BR/EDR or LE transport either with no authentication (e.g. JustWorks) or no user-controlled access restrictions on the availability of pairing. If a device spoofing another device’s identity becomes paired or bonded on a transport and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur. This may permit a Man In The Middle (MITM) attack between devices previously bonded using authenticated pairing when those peer devices are both vulnerable.
The Bluetooth SIG is recommending that potentially vulnerable implementations introduce the restrictions on Cross-Transport Key Derivation mandated in Bluetooth Core Specification versions 5.1 and later.
Tomi Engdahl says:
Hackers have broken into Fairfax County Public Schools’ computer network and say they’re holding personal information for ransom.
https://www.nbcwashington.com/news/local/hackers-break-into-fcps-network-hold-personal-info-for-ransom/2416279/
Tomi Engdahl says:
ESET researchers have discovered and analyzed new Linux malware dubbed #CDRThief, designed to target a very specific VoIP platform, used by two China-produced softswitches.
Who is calling? CDRThief targets Linux VoIP softswitches
https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/?utm_source=Facebook&utm_medium=cpc&utm_campaign=WLS_linux&utm_term=WLS&utm_content=blog
ESET researchers have discovered and analyzed malware that targets Voice over IP (VoIP) softswitches.
Tomi Engdahl says:
New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption
https://thehackernews.com/2020/09/raccoon-ssl-tls-encryption.html
A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions.
Dubbed “Raccoon Attack,” the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret key used for secure communications between two parties.
https://raccoon-attack.com/
Tomi Engdahl says:
The notorious Lazarus group is attacking the world, an expert told CyberNews
https://cybernews.com/editorial/the-notorious-lazarus-group-is-attacking-the-world-an-expert-told-cybernews/
The infamous Lazarus hackers linked with North Korea are after money and intelligence. CyberNews spoke to the security researchers who have been following Lazarus. They say these hackers are using highly sophisticated attack forms.
Tomi Engdahl says:
Windows 10′s built-in antivirus can now be used to download viruses
https://www.pcgamer.com/windows-10s-built-in-antivirus-can-now-be-used-to-download-viruses/
Tomi Engdahl says:
Apple Accidentally Notarizes Shlayer Malware Used in Adware Campaign
https://threatpost.com/apple-accidentally-notarizes-shlayer-malware/158818/
Tomi Engdahl says:
Equinix data center giant hit by Netwalker Ransomware, $4.5M ransom
https://www.bleepingcomputer.com/news/security/equinix-data-center-giant-hit-by-netwalker-ransomware-45m-ransom/
Data center and colocation giant Equinix has been hit with a Netwalker ransomware attack where threat actors are demanding $4.5 million for a decryptor and to prevent the release of stolen data.
Equinix is a massive data center and colocation provider with over 50 locations worldwide. Customers use these data centers to colocate their equipment or to interconnect with other ISPs and network providers.
Tomi Engdahl says:
YubiKey 5C NFC: The USB security key that everyone’s been waiting for
Yubico releases the world’s first security key to feature dual USB-C and NFC connections and support for multiple authentication protocols.
https://www.zdnet.com/article/the-usb-security-key-that-everyone-has-been-wanting/
Tomi Engdahl says:
Graphic video of suicide spreads from Facebook to TikTok to YouTube as platforms fail moderation test
https://techcrunch.com/2020/09/13/graphic-video-of-suicide-spreads-from-facebook-to-tiktok-to-youtube-as-platforms-fail-moderation-test/?tpcc=ECFB2020&fbclid=IwAR3Dq3L7XqiSqoc_JRbXlcIijTQtft-lJl5IAlZFNgAUI1pUW22yE0qIAfg
A graphic video of a man committing suicide on Facebook Live has spread from there to TikTok, Twitter, Instagram and now YouTube, where it ran alongside ads and attracted thousands more views. Do what they will, these platforms can’t seem to stop the spread, echoing past failures to block violent acts and disinformation.
The original video was posted to Facebook two weeks ago and has made its way onto all the major video platforms, often beginning with innocuous footage then cutting to the man’s death.
It’s similar in many ways to the way in which COVID-19 disinformation motherlode Plandemic spread and wreaked havoc despite these platforms deploying their ostensibly significant moderating resources towards preventing that.
Tomi Engdahl says:
Postal Service Used Apps That Had ‘Catastrophic’ Vulnerabilities for Years
https://www.vice.com/en_us/article/akzpd5/postal-service-used-apps-that-had-catastrophic-vulnerabilities-for-years
The USPS Office of Inspector General found that the Postal Service was using several applications laded with vulnerabilities that could have led to a hack with a potential financial impact of over $1 billion.
Tomi Engdahl says:
https://thehackernews.com/2020/09/raccoon-ssl-tls-encryption.html
Tomi Engdahl says:
STRONTIUM: Detecting new patterns in credential harvesting
https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/
Microsoft has tied STRONTIUM to a newly uncovered pattern of Office365
credential harvesting activity aimed at US and UK organizations
directly involved in political elections.. STRONTIUM launched
credential harvesting attacks against tens of thousands of accounts at
more than 200 organizations.
Tomi Engdahl says:
Development Bank of Seychelles hit by ransomware attack
https://www.bleepingcomputer.com/news/security/development-bank-of-seychelles-hit-by-ransomware-attack/
The Development Bank of Seychelles (DBS) was hit by ransomware
according to a press statement published earlier today by the Central
Bank of Seychelles (CBS).
Tomi Engdahl says:
WordPress Plugin Flaw Allows Attackers to Forge Emails
https://threatpost.com/wordpress-plugin-flaw/159172/
The high-severity flaw in the Email Subscribers & Newsletters plugin
by Icegram affects more than 100,000 WordPress websites.
Tomi Engdahl says:
Hackers Stole $5.4 Million From Eterbase Cryptocurrency Exchange
https://thehackernews.com/2020/09/hackers-stole-cryptocurrencies.html
European cryptocurrency exchange Eterbase this week disclosed a
massive breach of its network by an unknown group of hackers who stole
cryptocurrencies worth 5.4 million dollars.
Tomi Engdahl says:
Serious Security: Hacking Windows passwords via your wallpaper
https://nakedsecurity.sophos.com/2020/09/11/serious-security-hacking-windows-passwords-via-your-wallpaper/
Tomi Engdahl says:
Zoom adds two-factor authentication (2FA) support to all accounts
https://www.bleepingcomputer.com/news/security/zoom-adds-two-factor-authentication-2fa-support-to-all-accounts/
Zoom has announced that starting today it has added two-factor
authentication (2FA) support to all user accounts to make it simpler
to secure them against security breaches and identity theft.
Tomi Engdahl says:
IT staffing firm Artech says ransomware attack led to data breach
https://www.bleepingcomputer.com/news/security/it-staffing-firm-artech-says-ransomware-attack-led-to-data-breach/
Artech Information Systems, one of the largest US IT staffing
companies, has disclosed a data breach caused by a ransomware attack
that affected some of its systems during early January 2020.
Tomi Engdahl says:
Fairfax County schools hit by Maze ransomware, student data leaked
https://www.bleepingcomputer.com/news/security/fairfax-county-schools-hit-by-maze-ransomware-student-data-leaked/
Fairfax County Public Schools (FCPS), the 10th largest school division
in the US, was recently hit by ransomware according to an official
statement published on Friday evening.
Tomi Engdahl says:
Office Documents with Embedded Objects
https://isc.sans.edu/forums/diary/Office+Documents+with+Embedded+Objects/26558/
Tomi Engdahl says:
Attacks Targeting Recent WordPress File Manager Flaw Ramping Up
https://www.securityweek.com/attacks-targeting-recent-wordpress-file-manager-flaw-ramping
Tomi Engdahl says:
ICS Vendors Release Advisories for CodeMeter Vulnerabilities
https://www.securityweek.com/ics-vendors-release-advisories-codemeter-vulnerabilities
Several major industrial control system (ICS) vendors have released security advisories in response to the recently disclosed vulnerabilities affecting the CodeMeter licensing and DRM solution made by Germany-based Wibu-Systems.
CodeMeter provides license management capabilities and it’s designed to protect software against piracy and reverse engineering. It’s used for a wide range of applications, including various types of industrial products.
Industrial cybersecurity firm Claroty reported earlier this week that CodeMeter is affected by six critical and high-severity vulnerabilities that can be exploited to launch attacks against industrial systems, including to deliver malware and exploits, and shut down devices or processes.
https://www.securityweek.com/vulnerabilities-codemeter-licensing-product-expose-ics-remote-attacks
Tomi Engdahl says:
Russian Military Hackers Targeted Credentials at Hundreds of Organizations in US, UK
https://www.securityweek.com/russian-military-hackers-targeted-credentials-hundreds-organizations-us-uk
Tomi Engdahl says:
Porn site users targeted with malicious ads redirecting to exploit kits, malware
Adult ad networks abused in last hurrah attacks before Flash and IE near EOL.
https://www.zdnet.com/article/porn-site-users-targeted-with-malicious-ads-redirecting-to-exploit-kits-malware/#ftag=RSSbaffb68
A cybercrime group has been busy over the past months placing malicious ads on adult-themed websites in order to redirect users to exploit kits and infect them with malware.
Named Malsmoke, the group has operated on a scale far above similar other cybercrime operations and has abused “practically all adult ad networks.”
The exploit kits would then use vulnerabilities in Adobe Flash Player or Internet Explorer to install malware on the user’s computers, with the most common payloads being Smoke Loader, Raccoon Stealer, and ZLoader.
Naturally, only users still using Internet Explorer or Adobe Flash were targeted by these malicious ads.
The attacks can be considered as a last hurrah attempt to infect users with old-school hacking tools like exploit kits, whose usage has declined in recent years as modern browsers have become harder to hack.
Tomi Engdahl says:
Japan’s NTT Docomo Admits Thieves Breeched Its e-Money Service
https://yro.slashdot.org/story/20/09/13/005202/japans-ntt-docomo-admits-thieves-breeched-its-e-money-service?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
About 18 million yen ($169,563) has been stolen from bank accounts linked to NTT Docomo Inc.’s e-money service, the company said Thursday, prompting police to begin an investigation into a suspected scam. As of Thursday, 66 cases of improper withdrawals from bank accounts linked to the mobile carrier’s e-money service had been confirmed, NTT Docomo Vice President Seiji Maruyama told a news conference in Tokyo.
“We apologize to the victims” of the improper withdrawals, Maruyama said at the news conference, which was also attended by other company executives.
https://www.japantimes.co.jp/news/2020/09/10/business/corporate-business/%C2%A512-million-stolen-docomo-e-money/
Tomi Engdahl says:
Kaspersky Warns Intruders are Targeting Linux Workstations and Servers
https://linux.slashdot.org/story/20/09/13/1556233/kaspersky-warns-intruders-are-targeting-linux-workstations-and-servers?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
Researchers at Kaspersky “have warned that sophisticated hackers and crooks are increasingly targeting Linux-based devices — using tools specifically designed to exploit vulnerabilities in the platform,” reports TechRepublic:
While Windows tends to be more frequently targeted in mass malware attacks, this is not always the case when it comes to advanced persistent threats (APTs), in which an intruder — often a nation-state or state-sponsored group — establishes a long-term presence on a network. According to Kaspersky, these attackers are increasingly diversifying their arsenals to contain Linux tools, giving them a broader reach over the systems they can target.
Linux servers and workstations are hackers’ next target, security researchers warn
https://www.techrepublic.com/article/linux-servers-and-workstations-are-hackers-next-target-security-researchers-warn/
At a time when use of open-source platforms are on the rise, researchers at Kaspersky have warned that sophisticated hackers and crooks are increasingly targeting Linux-based devices – using tools specifically designed to exploit vulnerabilities in the platform.
According to Kaspersky, these attackers are increasingly diversifying their arsenals to contain Linux tools, giving them a broader reach over the systems they can target. Many organisations choose Linux for strategically important servers and systems, and with a “significant trend” towards using Linux as a desktop environment by big business as well as government bodies, attackers are in turn developing more malware for the platform.
“The trend of enhancing APT toolsets was identified by our experts many times in the past, and Linux-focused tools are no exception,” said Yury Namestnikov, head of Kaspersky’s global research and analysis team in Russia.
“Aiming to secure their systems, IT and security departments are using Linux more often than before. Threat actors are responding to this with the creation of sophisticated tools that are able to penetrate such systems.”
Tomi Engdahl says:
IBM calls for US export bans on facial recognition tech including cameras and big iron
‘Certain foreign governments’ can’t be allowed to conduct mass surveillance
https://www.theregister.com/2020/09/14/ibm_facial_recognition_export_ban_call/