Security daily (04-08-2021)

Courts order handover of breach forensic reports in trend welcomed by consumers, feared by defendants

In the past year, three judges have ordered companies that suffered data breaches to hand over internal forensic reports on how the incident happened — a trend that could lend new insights into incidents where consumers’ personal data is exposed, at the expense of companies that want to keep that information to themselves.  In July, a judge ordered the Rutter’s convenience store chain to deliver a forensic report on its data breach to attorneys in a class action suit brought by store customers. It was the kind of decision that could shed light on whether the company neglected cyber defenses leading up to a breach that affected customer credit card data at roughly 70 stores over the course of nine months.   A judge ruled in May 2020 that Capital One would need to provide a forensic report to attorneys for customers who sued the bank over a 2019 incident in […] The post Courts order handover of breach forensic reports in trend welcomed by consumers, feared by defendants appeared first on CyberScoop. (CyberScoop)

Cryptocurrency reporting requirement in infrastructure bill sees potential changes

U.S. lawmakers are moving forward with a revised version of an idea that aims to gather data about cryptocurrency transactions in a way meant to curb tax cheats. Senate Finance Committee Chair Ron Wyden, D-Ore., joined by colleagues Sens. Cynthia Lummis, R-Wyo., and Pat Toomey, R-Pa., have filed an amendment seeking to put to rest some of the cryptocurrency industry’s concerns about a sweeping new $1 trillion infrastructure package Congress is set to vote on this week. The amendment alters current language in the infrastructure bill that enforces requirements for “brokers” to report cryptocurrency that is bought, sold, and traded. The idea comes as U.S. officials are exploring regulations that might shed light on ransomware payments made through the technology. U.S. Securities and Exchange Commission chairman Gary Gensler on Tuesday also called on Congress for additional authorities to undertake regulatory efforts. “Our amendment makes clear that reporting does not apply […] The post Cryptocurrency reporting requirement in infrastructure bill sees potential changes appeared first on CyberScoop. (CyberScoop)

A US official explains why the White House decided not to ban ransomware payments

The Biden administration backed away from the idea of banning ransomware payments after meetings with the private sector and cybersecurity experts, a top cybersecurity official said Wednesday. “Initially, I thought that was a good approach,” Anne Neuberger, deputy national security adviser for cyber and emerging technology, said at an Aspen Security Forum event. “We know that ransom payments are driving this ecosystem.” Experts, including former government officials serving on a non-profit ransomware task force, helped shift that view, following high-profile hacks against Colonial Pipeline, the food production company JBS and Kaseya, a Florida-based IT firm. Payments from the Colonial Pipeline and JBS attacks totaled more than $15 million, a number that likely represents a fraction of the funds sent to extortionists. “We heard loud and clear from many that the state of resilience is inadequate, and as such, if we banned ransom payments we would essentially drive even more of […] The post A US official explains why the White House decided not to ban ransomware payments appeared first on CyberScoop. (CyberScoop)

Hackers are using CAPTCHA techniques to scam email users

More email users fell for scams using CAPTCHA technology in 2020, a new report from security firm Proofpoint shows. The technique, which uses a visual puzzle to help authenticate human behavior, received 50 times as many clicks in 2020 compared to 2019. That’s still only a 5% overall response rate, researchers note. Comparatively, one in five users clicked attachment-based emails with malware disguised as Microsoft PowerPoints or Excel spreadsheets. Campaigns using attachments to hide malware made up one in four of the attacks researchers at Proofpoint monitored. “Attackers don’t hack in, they log in, and people continue to be the most critical factor in today’s cyber attacks,” Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint said in a statement. Researchers found that quantity continues to beat quality in email attacks. Proofpoint found that the highest number of clicks came from a threat actor linked to the Emotet botnet. […] The post Hackers are using CAPTCHA techniques to scam email users appeared first on CyberScoop. (CyberScoop)

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

(News ≈ Packet Storm)

Four US Agencies Earned A D In Cybersecurity

(News ≈ Packet Storm)

SEC Chair Wants To Regulate Cryptocurrency

(News ≈ Packet Storm)

Iranian APT Lures Defense Contractor In Catfishing-Malware Scam

(News ≈ Packet Storm)

Examining Unique Magento Backdoors

During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by the attackers in these backdoors illustrates the ever-changing landscape of website security and highlights some of the tactics used to avoid traditional backdoor detection. Reflection Functions One such backdoor was appended to the Magento core file /errors/503.php:

This sample takes user input from the “ID” URL parameter and builds a reflection function, where the object stored in the $func variable will now reflect whichever function the attacker passed as input. Continue reading Examining Unique Magento Backdoors at Sucuri Blog. (Sucuri Blog)

Cisco Issues Critical Security Patches to Fix Small Business VPN Router Bugs

Networking equipment major Cisco has rolled out patches to address critical vulnerabilities impacting its Small Business VPN routers that could be abused by a remote attacker to execute arbitrary code and even cause a denial-of-service (DoS) condition. The issues, tracked as CVE-2021-1609 (CVSS score: 9.8) and CVE-2021-1610 (CVSS score: 7.2), reside in the web-based management interface of the (The Hacker News)

Several Malware Families Targeting IIS Web Servers With Malicious Modules

A systematic analysis of attacks against Microsoft's Internet Information Services (IIS) servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight years. The findings were presented today by ESET malware researcher Zuzana Hromcova at the Black (The Hacker News)

New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks

A threat actor presumed to be of Chinese origin has been linked to a series of 10 attacks targeting Mongolia, Russia, Belarus, Canada, and the U.S. from January to July 2021 that involve the deployment of a remote access trojan (RAT) on infected systems, according to new research. The intrusions have been attributed to an advanced persistent threat named APT31 (FireEye), which is tracked by the (The Hacker News)

Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices

Cybersecurity researchers on Wednesday disclosed 14 vulnerabilities affecting a commonly-used TCP/IP stack used in millions of Operational Technology (OT) devices manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, water treatment, and critical infrastructure sectors. The shortcomings, collectively dubbed "INFRA:HALT," target NicheStack, potentially (The Hacker News)

Chinese Hackers Target Major Southeast Asian Telecom Companies

Three distinct clusters of malicious activities operating on behalf of Chinese state interests have staged a series of attacks to target networks belonging to at least five major telecommunications companies located in Southeast Asian countries since 2017. "The goal of the attackers behind these intrusions was to gain and maintain continuous access to telecommunication providers and to (The Hacker News)

Top 30 Critical Security Vulnerabilities Most Exploited by Hackers

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to swiftly weaponize publicly disclosed flaws to their advantage. "Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, (The Hacker News)

Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers

A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan (RAT) on compromised systems. Attributing the intrusions to a threat actor named PKPLUG (aka Mustang Panda and HoneyMyte), Palo Alto Networks' Unit 42 threat intelligence team (The Hacker News)

‘I’m Calling About Your Car Warranty’, aka PII Hijinx

Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts. (Threatpost)

Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms

A researcher was able to remotely control the lights, bed and ventilation in "smart" hotel rooms via Nasnos vulnerabilities. (Threatpost)

Black Hat: Let’s All Help Cyber-Immunize Each Other

We're selfish if we're only mitigating our own stuff, said Black Hat USA 2021 keynoter Jeff Moss. Let's be like doctors battling COVID and work for herd immunity. (Threatpost)

Phishing Campaign Dangles SharePoint File-Shares

Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered. (Threatpost)

We COVID-Clicked on Garbage, Report Finds: Podcast

Were we work-from-home clicking zombies? Steganography attacks snagged three out of eight recipients. Nasty CAPTCHAs suckered 50 times more clicks during 2020. (Threatpost)


/security-daily/ 05-08-2021 23:44:24