05-11-202007-11-2020

Security daily (06-11-2020)

Government learns that authenticators are key part of modernization

Now that federal agencies have shifted to mass telework and sorted through many of the related hardware and software needs, they’re able to take a closer look all the pieces necessary to implement zero-trust security architecture, a cybersecurity expert says. In particular, agencies have greatly embraced the use of different kinds of authenticators to help identify users and control their network access, said Brian Rosensteel, Cybersecurity Architect at Duo Security, during an SNG Live virtual discussion panel hosted by Scoop News Group on Oct. 20. Federal IT leaders are seeing that for telework, old forms of proving identity don’t translate, and they’re looking for other solutions. “That’s where we’ve seen zero trust really starting to take place,” he said. The zero-trust model assumes that the network is penetrable, so it forces users to verify themselves for each set of data or applications they want to access once they’re on the […] The post Government learns that authenticators are key part of modernization appeared first on CyberScoop. (CyberScoop)

Vietnamese hacking group OceanLotus uses imitation news sites to spread malware

Suspected Vietnamese government-linked hackers are behind a series of fake news websites and Facebook pages meant to target victims with malicious software, according to Volexity research published Friday. The hackers, known as OceanLotus or APT32, historically have targeted companies that have business interests in Vietnam. In this case, the fake sites and Facebook pages, which were set up within the last year, were intended for targets in Vietnam and across Southeast Asia, according to Volexity researchers. The attackers appear to have dual aims in their campaign — first, to gather information about the visitors to the fake media sites through a web profiling framework. They also occasionally target victims with malware meant to log targets’ keystrokes. Earlier this year, Kaspersky researchers revealed the hackers have been using the Google Play Store to disperse malware, suggesting both domestic and foreign intelligence collection requirements. This April, when the coronavirus was spreading around the world, the same group began sending malware to […] The post Vietnamese hacking group OceanLotus uses imitation news sites to spread malware appeared first on CyberScoop. (CyberScoop)

Apple releases patches for 3 iOS zero days that hackers used for targeted attacks

Apple has issued fixes for three critical bugs in its software for iPhones, iPads and iPods that could allow an attacker to burrow into the inner sanctum of a device’s operating system and steal data. The researchers who found the flaws said that attackers were actively exploiting them. Two of the bugs affect the kernel, the core of the device’s operating system which handles interactions between hardware and software. Controlling the kernel essentially gives an attacker free rein over a device’s operating system and the data stored in it. Apple users are protected if they update their software, which the company encouraged them to do on Thursday. Project Zero, Google’s team of security researchers that found the vulnerabilities, said malicious hackers exploited the flaws in targeted attacks, but did not disclose the victims or perpetrators. Shane Huntley, of Google’s Threat Analysis Group, said the activity was not related to the U.S. election. Vulnerabilities in iPhone […] The post Apple releases patches for 3 iOS zero days that hackers used for targeted attacks appeared first on CyberScoop. (CyberScoop)

Suspected North Korean hackers who targeted job applicants prove more ambitious than first believed

A possible North Korean government-connected cyber-espionage campaign that targeted the defense industry stretched further than originally known when it was inititally uncovered this summer, researchers said. “Operation North Star” went beyond targeting South Korea to include Australia, India, Israel and Russia, McAfee said in a report out Friday. And its motives and methods seem to be clearer now, too, according to researchers. Israel’s Ministry of Defense had previously blamed Lazarus Group, which the U.S. government calls Hidden Cobra, for sending phony job offers in its defense sector — a tactic that lined up with McAfee’s earlier description of Operation North Star tactics. Additionally, the campaign used a previously undiscovered implant called Torisma that it deployed to burrow further into victims’ systems, McAfee said. The tactic represents the kind of digital spying technique that would have given hackers access to machines belonging to job applicants positioned near military organizations — just the kind of targets that a […] The post Suspected North Korean hackers who targeted job applicants prove more ambitious than first believed appeared first on CyberScoop. (CyberScoop)

Black Friday – stay safe before, during and after peak retail season

Yes, we give Black Friday tips every year - but that's because they're worth doing every year! (Naked Security)

Malspam Campaign Milks Election Uncertainty

(News ≈ Packet Storm)

$1 Billion In Bitcoin Seized From Silk Road Account By US Government

(News ≈ Packet Storm)

Campari Knocked Offline After Ransomware Attack

(News ≈ Packet Storm)

Apple Fixes Three iOS Zero Days Exploited In The Wild

(News ≈ Packet Storm)

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

The shopping cart application contains a PHP object-injection bug. (Threatpost)

Feds Seize $1B in Bitcoin from Silk Road

The illegal marketplace was hacked prior to it's takedown -- the IRS has now tracked down those stolen funds, it said. (Threatpost)

Campari Site Suffers Ransomware Hangover

The Ragnar Locker operators released a stolen contract between Wild Turkey and actor Matthew McConaughey, as proof of compromise. (Threatpost)

Gitpaste-12 Worm Targets Linux Servers, IoT Devices

The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors. (Threatpost)

Apple Patches Bugs Tied to Previously Identified Zero-Days

The actively exploited vulnerabilities discovered by Project Zero exist across iPhone, iPad and iPod devices. (Threatpost)

05-11-202007-11-2020

/security-daily/ 07-11-2020 23:44:23