Security daily (05-05-2020)

Taiwan’s state-owned energy company suffers ransomware attack

Ransomware has struck the computer systems of Taiwan’s state-owned energy company, CPC Corp., according to local media and private forensic reports reviewed by CyberScoop. CPC Corp., an important national asset responsible for delivering oil products and importing liquefied natural gas (LNG), said Tuesday that, after hackers attacked its IT network, the company had restored some of it computers and servers. Although the attack didn’t affect the company’s energy production, it did disrupt some customers’ efforts to use CPC Corp.’s payment cards to purchase gas. In Taiwan, CPC represents a high-value target for malicious hackers. Taiwan is heavily reliant on imports for its energy needs, and the company has invested in a number of offshore oil and gas projects. CPC’s official statement did not mention ransomware, but private-sector reports obtained by CyberScoop shed more light on the incident. Two of the malicious files used in the attack are detected as ransomware on VirusTotal, the […] The post Taiwan’s state-owned energy company suffers ransomware attack appeared first on CyberScoop. (CyberScoop)

Facebook scrubbed accounts related to QAnon and a designated hate group in April

Facebook said Tuesday it has removed a number of pages and accounts dedicated to a far-right conspiracy theory that’s gained traction among  President Trump’s supporters. In the company’s first action against the QAnon group, Facebook says it removed 20 accounts, six groups and five pages caught fabricating personas to like and comment on their own posts to build engagement. Some 133,000 accounts followed one or more of the pages, while 30,000 accounts were involved in at least one of the groups, according to Facebook. That large influence network came without the individuals behind the effort spending more than $1 on Facebook ads. Including that action, the company said Tuesday it removed a total of eight networks of inauthentic user sites, including 732 accounts and 793 pages, that were operating in 15 languages and focused on 30 countries through all of April. Much of the activity was linked to individuals in Russia, Iran […] The post Facebook scrubbed accounts related to QAnon and a designated hate group in April appeared first on CyberScoop. (CyberScoop)

State-linked hacking continues amid race for coronavirus treatments, US and UK agencies warn

Hackers linked with foreign governments continue to target multiple global health care organizations and pharmaceutical companies in a possible bid to gather intelligence or steal research related to the coronavirus pandemic, American and British cybersecurity agencies said Tuesday. The U.S. Department of Homeland Security’s cybersecurity division and the U.K.’s National Cyber Security Centre (NCSC) “are currently investigating a number of incidents in which threat actors are targeting pharmaceutical companies, medical research organizations, and universities,” the agencies said in a joint advisory. They did not point the finger at particular governments. Advanced persistent threat (APT) groups, as state-linked hackers are known, have been scanning public websites of target companies looking for insecure software to exploit, said DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the NCSC. Hackers have also been using a technique called password spraying, which throws common passwords at targets until one of them works, to attack health care organizations in the U.S., […] The post State-linked hacking continues amid race for coronavirus treatments, US and UK agencies warn appeared first on CyberScoop. (CyberScoop)

US financial regulator warns of 'widespread' phishing campaign

An influential financial oversight organization is urging U.S. brokerage firms and securities organizations to be on the lookout for an ongoing email scam that aims to steal usernames and passwords. The Financial Industry Regulatory Authority, an industry-run organization overseeing brokers and exchange markets, published an alert Monday about an “ongoing” phishing campaign in which attackers are posing as FINRA executives. The messages typically include the name of the target organization in the subject line, and encourage recipients to download an attachment that requires “immediate attention.” In fact, the attachment may direct a user to a website that prompts them to enter their credentials for Microsoft Office or SharePoint, a corporate collaboration software. The notice did not cite any specific security incidents that may have inspired the bulletin. “FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links,” the advisory […] The post US financial regulator warns of 'widespread' phishing campaign appeared first on CyberScoop. (CyberScoop)

What Shopify has learned from five years of bug bounty programs

As a part-time hacker and full-time security engineer at Shopify, I’ve learned a lot along the way. One of the biggest takeaways I recognized early on was that I kept returning to programs run by security teams that respected me and my time, were responsive to my reports and inquiries, and were transparent in their communications and disclosures. When I first joined Shopify, we were challenged to scale our team alongside our relatively new bug bounty program. I was excited to bring my insights and improve upon a program that hackers would engage with. Our goal has always been to build upon the success of our hacker-powered security programs with a concerted effort to promote transparency and attract talent. With the extra sets of eyes, we are able to implement more checks and balances to harden our attack surfaces. We attribute much of our success to our work as an […] The post What Shopify has learned from five years of bug bounty programs appeared first on CyberScoop. (CyberScoop)

Kaiji – a new strain of IoT malware seizing control and launching DDoS attacks

Kaiji, a new botnet campaign, created from scratch rather than resting on the shoulders of those that went before it, is infecting Linux-based servers and IoT devices with the intention of launching distributed denial-of-service (DDoS) attacks. Read more in my article on the Bitdefender BOX blog. (Graham Cluley)

GoDaddy – “unauthorized individual” had access to login info

Web hosting behemoth GoDaddy just filed a data breach notification with the US state of California. (Naked Security)

Firefox’s Private Relay service tests anonymous email alias feature

Mozilla says it will help you come up with alternative email addresses when you sign up for new accounts. (Naked Security)

Reveal the identities of alleged pirates, court tells ISP

It's not the first ISP to be held accountable for alleged piracy: Cox is looking at a $1b damage order. (Naked Security)

DigiCert Hit By Hackers Through Buggy Config Tool

(News ≈ Packet Storm)

Google Android RCE Bug Allows Attacker Full Device Access

(News ≈ Packet Storm)

State-Backed Hackers Are Trying To Steal Coronavirus Research

(News ≈ Packet Storm)

Europol Arrests Hackers Behind Infinity Black Hacker Group

(News ≈ Packet Storm)

Download: 'Coronavirus Cyber Security for Management' Template for CISOs

The Coronavirus crisis introduces critical operational challenges to business continuity, placing high stress on organizations' management.

As a result, CIOs and CISOs face a double challenge on the cyber risk front – apart from the new risks that the mass transfer of employees working remotely brings, capturing the management mindshare for further investments in security becomes harder than (The Hacker News)

Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets

Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform.

The security advisory—about which The Hacker News learned from Dimitri van de Giessen, an ethical hacker and system engineer—is scheduled to be available (The Hacker News)

Change This Browser Setting to Stop Xiaomi from Spying On Your Incognito Activities

If you own a Xiaomi smartphone or have installed the Mi browser app on any of your other brand Android device, you should enable a newly introduced privacy setting immediately to prevent the company from spying on your online activities.

The smartphone maker has begun rolling out an update to its Mi Browser/Mi Browser Pro (v12.1.4) and Mint Browser (v3.4.3) after concerns were raised over its (The Hacker News)

Spear-Phishing Attack Spoofs EE To Target Executives

Researchers say spear-phishing emails purporting to be from telecom giant EE are being sent to top corporate execs. (Threatpost)

VPN Concerns with Unplanned Remote Employees

Maintaining visibility and availability when you suddenly have a large remote footprint takes planning. (Threatpost)

GoDaddy Hack Breaches Hosting Account Credentials

The domain registrar giant said that the breach started in October 2019. (Threatpost)

New Kaiji Botnet Targets IoT, Linux Devices

The botnet uses SSH brute-force attacks to infect devices and uses a custom implant written in the Go Language. (Threatpost)

Google Android RCE Bug Allows Attacker Full Device Access

The vulnerability is one of 39 affecting various aspects of the mobile OS that the company fixed in a security update this week. (Threatpost)


/security-daily/ 06-05-2020 23:44:22