Security daily (04-05-2020)

Hackers seize on software flaw to breach two victims, despite patch availability

Days after researchers warned of critical vulnerabilities in popular data-management software, hackers have exploited the flaws to breach two organizations that rely on the technology. LineageOS, a free Android-based operating system, and Ghost, a nonprofit behind widely used blogging software, reported Sunday that unidentified hackers had breached their infrastructure in apparently separate incidents. The disruptions are an example of how bugs found in widely used code often end up being exploited maliciously — even when software updates are available. Both LineageOS and Ghost rely on a tool for managing data centers and cloud-computing networks known as the Salt management framework. Cybersecurity company F-Secure reported two vulnerabilities in Salt last week which could enable attackers to execute code remotely and manipulate data. “Both of these vulnerabilities are exploitable by a remote, unauthenticated attacker,” said Rody Quinlan, a researcher at another security vendor, Tenable. Ghost said it was rebuilding its network. Customer data […] The post Hackers seize on software flaw to breach two victims, despite patch availability appeared first on CyberScoop. (CyberScoop)

Indonesian e-commerce giant probes reported breach of 91 million credentials

Indonesia’s largest e-commerce platform says it’s investigating a possible data breach in which hackers claim to have stolen data about 91 million customers. Tokopedia, which is backed by $2 billion in funding from investors including SoftBank and Alibaba, told Reuters Saturday it was investigating an alleged theft of user data, though it maintained that user passwords were still encrypted. Indonesia’s Minister of Communication and Information Technology, Johnny G. Plate, on Sunday urged Tokopedia to “immediately improve its security system to prevent a further breach in data.” The government also has summoned the board of directors to clarify the current state of the investigation in a meeting Monday. The statement followed a series of tweets from Under the Breach, a data breach monitoring service, including screenshots, apparently from a vendor on a cybercriminal forum, advertising 15 million names, email addresses and hashed passwords. The same account then marketed 91 million records […] The post Indonesian e-commerce giant probes reported breach of 91 million credentials appeared first on CyberScoop. (CyberScoop)

Tarkett floored by cyber attack

French flooring company Tarkett has revealed that it was hit by a cyber attack on April 29th, and that its operations continue to be disrupted as a result. (Graham Cluley)

Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Access real-time security intelligence from any web-based SIEM, vulnerability solution, or webpage. Stop opening multiple browser tabs and pivoting between them to collect all of your data manually. Recorded Future Express does […] (Graham Cluley)

It was 20 years ago today… The Love Bug remembered

It was twenty years ago today, that the Love Bug hit computer systems worldwide. Which means I know what I was doing exactly twenty years ago! James Griffiths at CNN interviewed me about my memories of that historic day… (Graham Cluley)

My old-fashioned view on the terms “blacklist” and “whitelist”

The UK’s National Cyber Security Centre (NCSC) has said that it will be changing the terminology it uses on its website, causing some to describe it as “political correctness gone mad.” Here’s what I think… (Graham Cluley)

ILOVEYOU: The Love Bug virus 20 years on – could it happen again?

If you weren't using a computer 20 years ago, this is what people mean when they talk with dismay about ILOVEYOU or the Love Bug... (Naked Security)

S2 Ep37: Microsoft fixes, airgap fun and free games for 2FA – Naked Security Podcast

Get the latest cybersecurity news, opinion and advice from Sophos. (Naked Security)

Coronavirus pandemic coincides with spike in online puppy scams

Got plenty of quaran-time to teach something to roll over? Be careful! Puppy lust is leading to broken hearts and emptied wallets. (Naked Security)

Uncle Sam to agencies: No encrypted DNS for you!

The US federal government has been protecting its users by blocking malicious destinations for years, but it won’t let them take advantage of the latest protective measure in DNS – encryption – just yet. (Naked Security)

Monday review – the hot 11 stories of the week

It's weekly roundup time! (Naked Security)

How to Use Wordlister to Create Custom Password Combinations for Cracking

Password cracking is a specialty of some hackers, and it's often thought that raw computing power trumps everything else. That is true in some cases, but sometimes it's more about the wordlist. Making a custom, targeted wordlist can cut down cracking time considerably, and Wordlister can help with that.

Wordlister vs Other Wordlist Generators

Wordlister is a wordlist generator and mangler written in Python that can be used to create custom password combinations for cracking. Its main features include multiprocessing for faster speeds and a handful of useful permutation options, including... more (Null Byte « WonderHowTo)

This 5-Course Data Analytics Bundle Is Just $49 Today

Few things are more important than being well-versed in data analytics and interpretation when it comes to succeeding in today's increasingly data-driven world. As a data scientist, these skills are the key to a high-paying career. For hackers, there's no better way to defeat the enemy than to become the enemy.

Whether you're a white hat trying to save the world from unprotected data or you're trying to take down nefarious hackers by writing programs that can retaliate against cyber threats, knowing how to work with and analyze massive data sets is paramount. It's also helpful if you're... more (Null Byte « WonderHowTo)

Hackers Target Remote Workers With Fake Zoom Downloader

(News ≈ Packet Storm)

CursedChrome Turns Your Browser Into A Hacker's Proxy

(News ≈ Packet Storm)

Australian Home Affairs Breach Leaks Details On 700,000 Migrants

(News ≈ Packet Storm)

Love Bug's Creator Tracked Down To Repair Shop In Manila

(News ≈ Packet Storm)

Labs Notes Monthly Recap – April/2020

In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big part of having a good website security posture. Sucuri Labs provides website malware research updates directly from our teams on the front line. Our Labs Notes are usually shorter than blog posts and they focus on a highly technical audience. This month, our Malware Research and Incident Response teams wrote about a wide variety of topics, ranging from a COVID-19 phishing lure to Magento credit card skimmers. Continue reading Labs Notes Monthly Recap – April/2020 at Sucuri Blog. (Sucuri Blog)

New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers

Cybersecurity researcher Mordechai Guri from Israel's Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive data from air-gapped and audio-gapped systems using a novel acoustic quirk in power supply units that come with modern computing devices.

Dubbed 'POWER-SUPPLaY,' the latest research builds on a series of (The Hacker News)

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability

Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert.

Tracked as CVE-2020-11651 and CVE-2020-11652, the disclosed flaws could allow an adversary to execute arbitrary code on remote servers deployed in data (The Hacker News)

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments.

The vulnerabilities were identified by F-Secure researchers earlier this March and disclosed on Thursday, a day after SaltStack released a patch (version 3000.2) (The Hacker News)

Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems

Researchers warn commercial airplane systems can be spoofed impacting flight safety of nearby aircraft. (Threatpost)

Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack

Hackers targeted Ghost on Sunday, in a cryptocurrency mining attack that caused widespread outages. (Threatpost)

Oracle: Unpatched Versions of WebLogic App Server Under Active Attack

CVE-2020-2883 was patched in Oracle's April 2020 Critical Patch Update - but proof of concept exploit code was published shortly after. (Threatpost)


/security-daily/ 05-05-2020 23:44:22