Security daily (13-08-2020)

Facebook hopes voting hub will curb mail-in voting misinformation

Facebook and Instagram are launching a new portal aimed at delivering accurate voting information ahead of the U.S. elections, an effort that coincides with ongoing misinformation surrounding the political process. The company announced Thursday it will launch a voter information hub that will include information about registration deadlines, ballot request information and the correct protocol for submitting a ballot. The hub will exist as a standalone web page, though Facebook and Instagram also will include notifications in users’ feeds about upcoming deadlines. The company also will include links on posts about in-person and mail-in voting, directing users to a page where they can find accurate information provided by the Bipartisan Policy Center, a Washington think tank, about the voting process. Facebook started adding such labels on posts by federal politicians, including President Donald Trump, and candidates for political office in July. The expanded effort comes amid an ongoing effort by […] The post Facebook hopes voting hub will curb mail-in voting misinformation appeared first on CyberScoop. (CyberScoop)

Ex-DHS officials urge department to double down on its cybersecurity work

The Department of Homeland Security has been the face of some of the Trump administration’s most fiercely criticized policies, from aggressively rounding up migrants to detaining protesters. A new bipartisan report from former DHS officials suggests the department cut ties with some of the “most partisan” aspects of its work, and redouble its efforts to protect the country from cyberthreats and infectious diseases. “For the defense of American democracy to succeed, the secretary of homeland security and DHS generally will need to be, to the greatest extent possible, ‘above politics,’” states the report, which the Atlantic Council released Thursday. The report’s authors — Caitlin Durkovich, a former assistant DHS secretary under President Barack Obama, and Thomas Warrick, who was a DHS counterterrorism official until June 2019 — propose giving some controversial elements of DHS’s portfolio, such as setting the number of immigrant visas, to the White House or another part of the federal […] The post Ex-DHS officials urge department to double down on its cybersecurity work appeared first on CyberScoop. (CyberScoop)

NSA, FBI publicize hacking tool linked to Russian military intelligence

The National Security Agency and the FBI are jointly exposing malware that they say Russian military hackers use in cyber-espionage operations. Hackers working for Russia’s General Staff Main Intelligence Directorate’s 85th Main Special Service Center, military unit 26165, use the malware, which the Russians themselves call “Drovorub,” to target Linux systems, the NSA and FBI said Thursday in a detailed report. The hackers, also known as APT28 or Fancy Bear, allegedly hacked the Democratic National Committee in 2016 and frequently target defense, government, and aerospace entities. The Russian military agency is also known as the GRU. While the alert does not include specific details about Drovorub victims, U.S. officials did say they published the alert Thursday to raise awareness about state-sponsored Russian hacking and possible defense sector vulnerabilities. The disclosure comes just months before American voters will conduct a presidential election. “Information in this Cybersecurity Advisory is being disclosed publicly to assist National Security System […] The post NSA, FBI publicize hacking tool linked to Russian military intelligence appeared first on CyberScoop. (CyberScoop)

A financially-motivated attack group is getting better at using this banking trojan

Threat actors using a common banking trojan are improving the ways they get it on victims’ systems, according to new research from Juniper Networks’ threat research team. In recent months the operators have been working to evade detection by using password protected attachments and keyword obfuscation in their trojanized documents, according to Juniper Threat Labs. And in the last month, the hackers have gone a step further and begun using a malicious DLL file to run a second-stage attack that ultimately delivers IcedID, a banking trojan, says Juniper security researcher Paul Kimayong. “This time, they also use a DLL for the second-stage downloader, which shows a new maturity level of this threat actor,” Kimayong says in a blog on the matter. IcedID, which IBM X-Force researchers discovered in 2017, has been used in a variety of financially-motivated attacks targeting banks, payment card providers, payroll, and e-commerce sites. The attackers have […] The post A financially-motivated attack group is getting better at using this banking trojan appeared first on CyberScoop. (CyberScoop)

Chinese accounts blast Trump, with help from AI-generated pictures

Chinese social media accounts are not happy with President Donald Trump. A network of accounts on multiple platforms has been criticizing Trump and broadcasting more positive images of Democratic presidential candidate Joe Biden, as part of an apparent campaign to rebuke the White House, according to a report published Wednesday by Graphika, a New York-based research firm. The network, which Graphika describes as “Spamouflage Dragon,” produces short videos on a near-daily basis on topics ranging from the Trump administration’s decision to prohibit the social media company TikTok in the U.S. to the government’s response to the coronavirus pandemic. Whether the network was connected to the Chinese government remains unclear, Graphika said. Details of the campaign emerge after a U.S. intelligence assessment determined that Beijing was working to reduce the president’s reelection chances. “The network was active and public, but ultimately low-engagement,” the report stated. “It typically worked by using apparently […] The post Chinese accounts blast Trump, with help from AI-generated pictures appeared first on CyberScoop. (CyberScoop)

An advanced group specializing in corporate espionage is on a hacking spree

A Russian-speaking hacking group specializing in corporate espionage has carried out 26 campaigns since 2018 in attempts to steal vast amounts of data from the private sector, according to new findings. The hacking group, dubbed RedCurl, stole confidential corporate documents including contracts, financial documents, employee records and legal records, according to research published Thursday by the security firm Group-IB, which has offices in Moscow in Singapore. Victims spanned a range of industries — including construction, finance, retail and law — with headquarters in Russia, Ukraine, the U.K., Canada, Germany and Norway. RedCurl relies on hacking techniques similar to groups known as RedOctober and CloudAtlas, another Russian-speaking group that’s targeted multiple entities and government networks “primarily in Russia,” according to the MITRE Corp.’s database of hacking groups. The Russian security vendor Kaspersky previously published its own findings about RedOctober and CloudAtlas, and Group-IB now suggests RedCurl’s focus on similar tactics “may indicate” that […] The post An advanced group specializing in corporate espionage is on a hacking spree appeared first on CyberScoop. (CyberScoop)

Tor and anonymous browsing – just how safe is it?

How to stay safe when you're using Tor, even if the network is littered with rogues. (Naked Security)

How to Bypass PowerShell Execution Policy to Pwn Windows

PowerShell is an essential component of any Windows environment and can be a powerful tool in the hands of a hacker. During post-exploitation, PowerShell scripts can make privilege escalation and pivoting a breeze, but its execution policy can put a damper on even the best-laid plans. There are a variety of methods, however, that can be used to bypass PowerShell execution policy.

PowerShell Execution Policy Overview

The purpose of PowerShell's execution policy is to control how configuration files are loaded and how scripts are run. It's a safety feature that helps prevent malicious scripts... more (Null Byte « WonderHowTo)

Master Python with This Top-Rated Bundle for Just $30

It can seem as though there's a virtually endless number of essential programming languages to choose from these days. And complicating matters even further for aspiring or even established programmers, developers, and hackers is the fact that most languages are a bit esoteric and suited for only a certain number of relatively finite tasks.

But if you haven't already learned Python, you can call off the search for your next language. Used in a wide variety of development scenarios ranging from app-building to data analysis, Python is one of the most powerful and popular programming languages... more (Null Byte « WonderHowTo)

Hackers Can Eavesdrop On Mobile Calls With $7,000 Worth Of Equipment

(News ≈ Packet Storm)

RedCurl Group Has Hacked Companies For Three Years

(News ≈ Packet Storm)

FireEye's Bug Bounty Program Goes Public

(News ≈ Packet Storm)

Trump Goes After His Own FBI Director

(News ≈ Packet Storm)

Smoker Backdoor: Evasion Techniques in Webshell Backdoors

“Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto to evade detection from malware scanners. The hexadecimal/decimal obfuscation is clear to see when viewing the file’s PHP code. For instance, this section of the PHP code is obfuscated using this method: if ($GET["\x72\145\156\x61\155\x65"] == "\164\x72\x75\x65") {     echo "\x3c\146\157\162\x6d\x20\145\x6e\143\x74\171\x70\145\75\x22\155\165\x6c\164\x69\x70\141\x72\164\57\x66\x6f\162\155\55\x64\141\x74\141\x22\40\155\x65\x74\x68\x6f\144\x3d\42\160\x6f\163\x74\x22\76\xa\x20\40" .         htmlspecialchars($GET["\x66\x69\x6c\145"]) As with many webshells, it allows the user to set a password to control access to the webshell. Continue reading Smoker Backdoor: Evasion Techniques in Webshell Backdoors at Sucuri Blog. (Sucuri Blog)

New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls

A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks—today presented a new attack called 'ReVoLTE,' that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted phone calls.

The attack doesn't exploit any flaw in the Voice over LTE (VoLTE) protocol; instead, (The Hacker News)

Amazon Alexa Bugs Allowed Hackers to Install Malicious Skills Remotely

Attention! If you use Amazon's voice assistant Alexa in you smart speakers, just opening an innocent-looking web-link could let attackers install hacking skills on it and spy on your activities remotely.

Check Point cybersecurity researchers—Dikla Barda, Roman Zaikin and Yaara Shriki—today disclosed severe security vulnerabilities in Amazon's Alexa virtual assistant that could render it (The Hacker News)

NSA, FBI Warn of Linux Malware Used in Espionage Attacks

A never before seen malware has been used for espionage purposes via Linux systems, warn the NSA and FBI in a joint advisory. (Threatpost)

CactusPete APT Hones Toolset, Resurfaces with New Espionage Targets

The APT is becoming more sophisticated over time. (Threatpost)

Zoom Faces More Legal Challenges Over End-to-End Encryption

The video-conferencing specialist has yet to roll out full encryption, but it says it's working on it. (Threatpost)

New Global Threat Landscape Report Reveals ‘Unprecedented’ Cyberattacks

Fortinet's recently released Global Threat Landscape Report shows how the perimeter is extending to the home in the first half of 2020 - and what that means for cybercrime. (Threatpost)

ReVoLTE Attack Allows Hackers to Listen in on Mobile Calls

Rare attack on cellular protocol exploits an encryption-implementation flaw at base stations to record voice calls. (Threatpost)


/security-daily/ 14-08-2020 23:44:24