Security daily (04-06-2020)

Facebook announces it will flag state media posts, eventually decline ad dollars

Facebook says it soon will begin labeling posts from state-controlled media outlets, an update praised by some disinformation researchers that comes after other social media firms have taken more aggressive steps to root out incendiary activity. Facebook’s head of cybersecurity policy, Nathaniel Gleicher, announced Thursday that the company will include notes on pages of media organizations that are “wholly or partially under the editorial control” of a government, as well as the outlets’ Ad Library Page and the Page Transparency section. Facebook also will apply labels to advertisements from state-controlled media outlets, a process that will not begin until U.S. election season accelerates. “State-controlled media outlets rarely advertise in the U.S.,” Gleicher wrote in a blog post explaining the update. “Nevertheless, later this summer we will begin blocking ads from these outlets in the U.S. out of an abundance of caution to provide an extra layer of protection against various […] The post Facebook announces it will flag state media posts, eventually decline ad dollars appeared first on CyberScoop. (CyberScoop)

Google: Biden and Trump campaigns targeted by separate spearphishing campaigns

Hackers linked with China and Iran have been sending malicious spearphishing emails to staff on Joe Biden and President Donald Trump’s campaigns respectively, according to a researcher with Google’s Threat Analysis Group. Chinese government-linked hackers have been targeting Biden’s staffers, whereas Iranian government-linked hackers have been targeting Trump’s campaign, according to Shane Huntley, the Director of Google’s Threat Analysis Group. There is no evidence that the hacking attempts have resulted in compromises, Huntley said. This is just the latest warning from security researchers and the U.S. intelligence community that foreign government-backed hackers are interested in targeting various U.S. presidential campaigns during the 2020 election cycle, in what is turning out to be a tumultuous year for American citizens amid economic turmoil, the coronavirus pandemic, and mass protests about racism. “The Trump campaign has been briefed that foreign actors unsuccessfully attempted to breach the technology of our staff,” the Trump campaign told CyberScoop […] The post Google: Biden and Trump campaigns targeted by separate spearphishing campaigns appeared first on CyberScoop. (CyberScoop)

There’s a new Java ransomware family on the block

BlackBerry and KPMG’s UK Cyber Response Services uncovered a new ransomware strain that uses an obscure file format to avoid detection, according to new research published Thursday. After researchers conducted forensic investigations at a European educational institution, they uncovered that attackers had gained access to the unnamed institution through an internet-connected remote desktop server, according to the Blackberry Research and Intelligence Team. The ransomware, which Blackberry has dubbed Tycoon, uses a little known Java image format to avoid detection and then encrypts file servers, locking administrators out unless they pay a ransom. Tycoon is highly targeted and has affected only approximately a dozen victims, BlackBerry’s Vice President of GUARD Services and Director of GUARD Threat Hunting & Intelligence, Eric Milam and Claudiu Teodorescu, told CyberScoop. The ransomware has generally targeted small- and medium-sized education and software entities so far. And although the new ransomware has only affected a limited number of victims, Tycoon is a reminder that even […] The post There’s a new Java ransomware family on the block appeared first on CyberScoop. (CyberScoop)

Signal wants to protect protesters’ privacy with new face-blurring feature

Protesters worried about government or corporate surveillance will soon have a new tool to protect themselves. Signal, the popular encrypted messaging app, will release a feature that enables users to blur faces in photos they share, Signal Foundation co-founder Moxie Marlinspike said Wednesday. The feature will be built into forthcoming versions of Signal for Android and iOS to automatically detect faces and obscure them. For faces that aren’t detected, the user can manually blur the image before sending, Marlinspike said. The announcement comes as U.S. authorities have increased their efforts to monitor protests following the police killing of George Floyd, an unarmed black man. The U.S. Department of Justice has given the Drug Enforcement Administration new authority to “conduct covert surveillance” of some protesters, according to a memo obtained by BuzzFeed News. (Exact details of the surveillance remains unclear.) More than 10,000 people have been arrested in protests against systemic racism since Floyd’s killing on May […] The post Signal wants to protect protesters’ privacy with new face-blurring feature appeared first on CyberScoop. (CyberScoop)

Email scammer pleads guilty to defrauding Texas firms out of more than $500,000

A 64-year-old man has admitted his role in an email-based fraud scheme that relied on spoofed email addresses to con two companies out of more than $500,000. Kenety Kim, or Myung Kim, pleaded guilty Tuesday in a Texas court to conspiracy to commit money laundering as part his role in a business email compromise scheme. Kim used email addresses that impersonated legitimate corporate accounts to intercept financial transfers, or to convince a firm to direct money into an account under Kim’s control, according to the plea deal. As part of his agreement with U.S. prosecutors, Kim acknowledged that he has earned more than $700,000 from a web of fraud schemes, including some for which he was not charged. In one incident, he created an email account that appeared to belong to a construction company based in Pinehurst. then used that to ask another company, based in Huntsville, to send him […] The post Email scammer pleads guilty to defrauding Texas firms out of more than $500,000 appeared first on CyberScoop. (CyberScoop)

Goodbye Naked Security?

The Naked Security blog is part of my history. Now, as Sophos makes cut-backs, it might be history for all of us. (Graham Cluley)

The scammer who tried to launder over $500,000 through Business Email Compromise

A 64-year-old man has pleaded guilty in a Texan court to charges of money laundering after a series of attacks that defrauded companies, including Electrolux, out of hundreds of thousands of dollars. Read more in my article on the Tripwire State of Security blog. (Graham Cluley)

You DID change your password after that data breach, didn’t you?

Apparently, some people consider their passwords "invincible", even after a data breach. Don't be those people. (Naked Security)

Nuclear missile contractor hacked in Maze ransomware attack

Attackers hacked and encrypted the computers of a contractor whose clients include the US military, government agencies and major military contractors. (Naked Security)

Google deletes Indian app that deleted Chinese apps

Google has deleted an app from the Play Store that offered to delete Android software associated with China. (Naked Security)

Twitter Accuses President Trump Of Making False Claims

(News ≈ Packet Storm)

San Francisco Benefits Program Breach Exposes PII On 74,000

(News ≈ Packet Storm)

Google Faces Privacy Lawsuit Over Tracking Users In Incognito Mode

(News ≈ Packet Storm)

The Pentagon's Hand-Me-Downs Helped Militarize Police. Here's How.

(News ≈ Packet Storm)

New USBCulprit Espionage Tool Steals Data From Air-Gapped Computers

A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday.

The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks, including previously unreported custom (The Hacker News)

Tycoon Ransomware Banks on Unusual Image File Tactic

To fly under the radar, the newly discovered ransomware is compiled into a Java image file format that's rarely used by developers. (Threatpost)

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails

Google TAG researchers warn that APTs are targeting campaign staffers for both Donald Trump and Joe Biden with phishing emails. (Threatpost)

Understanding the Payload-Less Email Attacks Evading Your Security Team

Business email compromise (BEC) attacks represent a small percentage of email attacks, but disproportionately represent the greatest financial risk. (Threatpost)

Zoom Restricts End-to-End Encryption to Paid Users

The end-to-end encryption feature will not be offered to free users, Zoom's CEO said, in case Zoom needed to comply with federal and local law enforcement. (Threatpost)

U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked

Westech International provides maintenance for the Minuteman III nuclear-missile program and runs programs for multiple branches of the military. (Threatpost)

Google Faces Privacy Lawsuit Over Tracking Users in Incognito Mode

A $5 billion class-action lawsuit filed in a California federal court alleges that Google's Chrome incognito mode collects browser data without people’s knowledge or consent. (Threatpost)


/security-daily/ 05-06-2020 23:44:22