Security daily (01-07-2020)

Ransomware gangs are doing their homework before encrypting corporate data

The lengthy amount of time that criminal hackers are sitting undetected on the networks of U.S. businesses is giving them powerful leverage to extort their victims, according to a Department of Homeland Security cybersecurity official. Going unnoticed on corporate networks allows ransomware gangs to size up their victims and funnel out data before ransom negotiations even begin, said Matt Travis, deputy director of DHS’s Cybersecurity and Infrastructure Security Agency. “They’re not just going into networks and seizing data,” Travis said Wednesday at IBM’s Think Gov Digital event, produced by FedScoop. “They’re snooping around” for balance sheets and other financial data to “gain intelligence on how much of a ransom they think they can get.” In the last three months, the criminal hackers behind the Maze ransomware have attacked two big IT service providers, one of which is a Fortune 500 company. Other ransomware gangs have hit big corporate targets, and […] The post Ransomware gangs are doing their homework before encrypting corporate data appeared first on CyberScoop. (CyberScoop)

Microsoft issues two emergency security updates impacting Windows 10 and Windows Server

Microsoft on Tuesday issued emergency security updates for two vulnerabilities that could allow attackers to run remote code execution against victims. One of the flaws, catalogued as CVE-2020-1425, would allow attackers to gather information from victims about further compromising their targets. If attackers were to exploit another flaw, catalogued as CVE-2020-1457, they would be capable of executing arbitrary code, Microsoft said. To exploit the vulnerabilities, which affect Windows 10 and Windows Server distributions, they would have to use a “specially crafted image file,” Microsoft said. The flaws were rated as “critical” and “important,” respectively. Microsoft has addressed the vulnerabilities by correcting how objects in memory are handled by Microsoft Windows Codecs Library. Customers don’t have to take any action to receive the updates, Microsoft said. Microsoft typically issues patches for vulnerabilities on the second Tuesday of each month. And although Microsoft said it hasn’t seen any threat actors exploiting the vulnerabilities in the […] The post Microsoft issues two emergency security updates impacting Windows 10 and Windows Server appeared first on CyberScoop. (CyberScoop)

Chinese mobile surveillance of Uighurs more pervasive than previously thought, researchers say

A newly revealed set of mobile hacking tools adds to the extensive picture of Chinese government surveillance aimed at the country’s Uighur minority. Like Android-focused surveillance kits before them, the malicious software is capable of stealing sensitive data on target phones and turning them into listening devices, according to mobile security firm Lookout, which made the discovery. Some of the hacking tools have been in use for more than five years, but Lookout pieced them together into a vast spying effort tied to the Chinese government, underscoring the pervasive nature of the surveillance and the challenges of uncovering all of it. “Our research found that there are eight malware families meant to stealthily spy on this ethnic minority at the minimum, with some of them expanding even more broadly in their targeting,” said Kristin Del Rosso, Lookout’s senior security intelligence engineer. One of those malware families was revealed in a 2013 report from the University […] The post Chinese mobile surveillance of Uighurs more pervasive than previously thought, researchers say appeared first on CyberScoop. (CyberScoop)

Operators of Android hacking kit impersonate postal services in US and Europe

Two years ago, when researchers at antivirus company Trend Micro reported on a new mobile data-stealing kit known as FakeSpy, they warned there could be more to come from the hackers. Directing the Android-focused malware at users outside of South Korea and Japan, where it was discovered, would simply be a matter of reconfiguring the code, the researchers said. That’s exactly what happened. On Wednesday, another set of researchers, from security company Cybereason, revealed how FakeSpy’s operators have been impersonating various postal services in attacks on users in the U.S., China and Europe in the last several weeks. The hackers have taken aim at thousands of users with the help of phony text messages that, if clicked, install code capable of siphoning off financial data from mobile applications. The findings show how, with an effective mobile malware kit written, hackers can tweak the code to target different parts of the world and see […] The post Operators of Android hacking kit impersonate postal services in US and Europe appeared first on CyberScoop. (CyberScoop)

Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension. Sign up now.

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Drowning in alerts from many different sources and systems? Spending too much valuable time researching potential threats and vulnerabilities? You need Recorded Future Express, a new browser extension from the experts at […] (Graham Cluley)

Microsoft issues critical fixes for booby-trapped images – update now!

Booby-trapped images could be used to attack Windows 10 and Windows Server 2019 - update now! (Naked Security)

Google stops pushing scam ads on Americans searching for how to vote

No US entity charges citizens for registering to vote, but plenty of Google ads were happy to do so - and to grab your PII in the process. (Naked Security)

Firefox 78 is out – with a mysteriously empty list of security fixes

TLS 1.0 and TLS 1.1 are now considered security risks and blocked by default. (Naked Security)

Hacking macOS: How to Use Images to Smuggle Data Through Firewalls

Data can be injected into images quickly without the use of metadata tools. Attackers may use this knowledge to exfiltrate sensitive information from a MacBook by sending the pictures to ordinary file-sharing websites.

Continuing on the topics of DPI evasion, payload obfuscation, and utilizing popular websites to bypass firewalls, we'll be looking at an alternative way of embedding data into images. Unlike using metadata tags to store payloads inside a picture, this method involves injecting text directly into the footer of the image file.

Understanding the Attack

A simple Bash script was... more (Null Byte « WonderHowTo)

How to Conduct a Pentest Like a Pro in 6 Phases

Penetration testing, or pentesting, is the process of probing a network or system by simulating an attack, which is used to find vulnerabilities that could be exploited by a malicious actor. The main goal of a pentest is to identify security holes and weaknesses so that the organization being tested can fix any potential issues. In a professional penetration test, there are six phases you should know.

Pentesting Lingo

Like many industries, and especially within IT, certain terms can cause initial confusion for people not familiar with them. Penetration testing can get pretty technical, but... more (Null Byte « WonderHowTo)

Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings

(News ≈ Packet Storm)

Xerox Apparent Victim Of Maze Attack

(News ≈ Packet Storm)

FCC Officially Designates Huawei, ZTE As National Security Threats

(News ≈ Packet Storm)

Microsoft Releases Emergency Security Update To Fix Codec Bugs

(News ≈ Packet Storm)

Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws

Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions' users.

To be noted, Microsoft rushed to deliver patches almost two weeks before the upcoming monthly 'Patch Tuesday Updates' scheduled for 14th July.

That's likely because both flaws reside in the Windows Codecs (The Hacker News)

Use This Definitive RFP Template to Effectively Evaluate XDR solutions

A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response.

Emerging Extended Detection and Response (XDR) solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize response actions.

XDR has been referred to as the next step in the evolution of Endpoint (The Hacker News)

A New Ransomware Targeting Apple macOS Users Through Pirated Apps

Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps.

According to several independent reports from K7 Lab malware researcher Dinesh Devadoss, Patrick Wardle, and Malwarebytes, the ransomware variant — dubbed "EvilQuest" — is packaged along with legitimate apps, which upon installation, disguises itself as Apple's (The Hacker News)

Cisco Warns of High-Severity Bug in Small Business Switch Lineup

A high-severity flaw allows remote, unauthenticated attackers to potentially gain administrative privileges for Cisco small business switches. (Threatpost)

Alina Point-of-Sale Malware Spotted in Ongoing Campaign

The malware is using DNS tunneling to exfiltrate payment-card data. (Threatpost)

EvilQuest: Inside A ‘New Class’ of Mac Malware

Mac expert Thomas Reed discusses how EvilQuest is ushering in a new class of Mac malware. (Threatpost)

New Android Spyware Tools Emerge in Widespread Surveillance Campaign

Never-before-seen Android spyware tools have been used in a widespread APT campaign to spy on the Uyghur ethnic minority group - since 2013. (Threatpost)

Email Sender Identity is Key to Solving the Phishing Crisis

Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks. (Threatpost)

Microsoft Releases Emergency Security Updates for Windows 10, Server

The patches fix two separate RCE bugs in Windows Codecs that allow hackers to exploit playback of multimedia files. (Threatpost)


/security-daily/ 02-07-2020 23:44:23