Security daily (08-06-2020)

Facebook sues to stop domain scammers from impersonating Instagram, WhatsApp sites

Facebook has filed a lawsuit meant to stop scammers from using its name to try stealing from web users. In a lawsuit filed Monday in a Virginia court, the company sued 12 websites registered by Compsys Domain Solutions Private Ltd., an Indian proxy service. With names like InstagramHijack.com, Videocall-WhatsApp.com and Facebook-Verify-Inc.com, the sites were meant to deceive users and boost internet fraud operations, Facebook alleged. The websites either were offline or included copyright advisories at press time. Although those web URLs are clunky, they look close enough to legitimate addresses to fool people, apparently. Facebook did not specify how the Compsys-registered sites were being used prior to its suit Monday. Phishing operations are one possible use. Anyone who visits a site that appears nearly identical to a true Facebook page, for instance, would be more likely to enter their username or password. It’s the latest example of U.S. companies going to court […] The post Facebook sues to stop domain scammers from impersonating Instagram, WhatsApp sites appeared first on CyberScoop. (CyberScoop)

DARPA invites hackers to break hardware to make it more secure

For more than two years, the Pentagon’s research arm has been working with engineers to beef up the security of computer chips before they get deployed in weapons systems or other critical technologies. Now, the research arm — the Defense Advanced Research Projects Agency (DARPA) — is turning the hardware over to elite white-hat hackers who can earn up to $25,000 for bugs they find. The goal is to throw an array of attacks at the hardware so its foundations are more secure before production. “We need the researchers to really roll their sleeves up and dig into what we’re doing and try to break it,” said Keith Rebello, a DARPA program manager. Hardware hacks often involve identifying vulnerabilities in how a computer chip handles information, like the flaw uncovered in Intel microprocessors in March that could have allowed attackers to run malicious code early in the boot process. While software bug bounties are ubiquitous in […] The post DARPA invites hackers to break hardware to make it more secure appeared first on CyberScoop. (CyberScoop)

Coronavirus conspiracy theorists threaten 5G cell towers, DHS memo warns

Telecommunications providers should have robust security measures in place at 5G cell towers following a series of physical attacks from conspiracy theorists and other extremists, the Department of Homeland Security advised industry executives in a confidential memo last week. The advisory from DHS’s Cybersecurity and Infrastructure Security Agency (CISA) comes after a spate of attacks on cell towers in Europe, and as agency officials reckon with other COVID-19-related threats, ranging from data theft to fraud. “While the U.S. has not seen similar levels of attacks against 5G infrastructure linked to the pandemic, the tactics used in Western Europe [have] begun to migrate to the U.S,” says the memo, obtained by CyberScoop. Conspiracy theorists erroneously claim that 5G networking equipment weakens the immune system, or spreads coronavirus. The anti-5G fervor has perhaps been at its most destructive in the United Kingdom, where people have damaged more than 70 cell towers since the coronavirus outbreak. But multiple incidents in the U.S. […] The post Coronavirus conspiracy theorists threaten 5G cell towers, DHS memo warns appeared first on CyberScoop. (CyberScoop)

Hackers target senior executives at German company procuring PPE

On March 30, as the novel coronavirus swept through Germany, the country’s government tasked nine multinational companies, including pharmaceutical giant Bayer and automaker Volkswagen, with procuring personal protective equipment to make up for a lack of gear. The same day, unidentified hackers began an intensive phishing campaign to infiltrate at least one of those nine firms, according to research published Monday by IBM. The findings show how multiple aspects of societies’ response to the coronavirus — from testing facilities to vaccine research to PPE procurement — have been targeted by hackers of various stripes. The phishing attempts against the unnamed German company, which are ongoing, have extended to more than 100 senior management and procurement executives at the company and its suppliers in multiple sectors, according to IBM. It is unclear if the hacking has been successful, or who is responsible (IBM researchers weren’t sure). What is clear is that […] The post Hackers target senior executives at German company procuring PPE appeared first on CyberScoop. (CyberScoop)

Your “smart” household appliance might have a short lifespan

Are you itching for an internet fridge? Hankering for a smart washing machine? Thirsting for an IoT-enabled thermostat?
Well, think twice before you make a potentially costly mistake when deciding what appliance you will be next be purchasing for your home. Read more in my article on the Bitdefender BOX blog. (Graham Cluley)

DDoS-for-hire gang escape with light community service sentence

Two men who ran a service making it easy for anybody to launch distributed denial-of-service attacks, capable of knocking websites offline, have been given a six month community service sentence by an Israeli court. (Graham Cluley)

Double-crossing ransomware decryptor scrambles your files again!

Just when you thought a bad thing could get no worse... (Naked Security)

Monday review – the hot 15 stories of the week

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time. (Naked Security)

Vulnerabilities In Popular Open Source Projects Doubled In 2019

(News ≈ Packet Storm)

Facebook Moderators Join Criticism Of Zuckerberg Over Trump

(News ≈ Packet Storm)

Coronavirus: How Map Hacks And Buttocks Helped Taiwan Fight Covid-19

(News ≈ Packet Storm)

This Bot Hunts Software Bugs For The Pentagon

(News ≈ Packet Storm)

Any Indian DigiLocker Account Could've Been Accessed Without Password

The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially let a remote attacker bypass mobile one-time passwords (OTP) and sign in as other users.

Discovered separately by two independent bug bounty researchers, Mohesh Mohan and Ashish Gahlot, the vulnerability could have been exploited easily to (The Hacker News)

Singapore’s Contact Tracing Wearable Causes Privacy Backlash

Thousands have signed a petition that underscores data privacy issues with Singapore's newly announced contact-tracing wearable, in development. (Threatpost)

SMBGhost RCE Exploit Threatens Corporate Networks

The release of a PoC for the Windows flaw known as "SMBGhost" could set off cyberattack waves, CISA warned. (Threatpost)

Phishing Attack Hits German Coronavirus Task Force

More than 100 executives at a multinational company that's part of a German task force for creating coronavirus protective gear, were targeted in an ongoing phishing attack. (Threatpost)

Can Governments Defeat Nation-State Attacks on Critical Infrastructures?

The one cyber risk that governments are much better at controlling than we are is insider threats. Governments have been dealing with people threats for centuries and have powerful tools at their disposal for such investigations. (Threatpost)


/security-daily/ 09-06-2020 23:44:22