13-05-202015-05-2020

Security daily (14-05-2020)

Microsoft opens up coronavirus threat data to the public

Microsoft is making the threat intelligence it’s collected on coronavirus-related hacking campaigns public, the company announced Thursday. “As a security intelligence community, we are stronger when we share information that offers a more complete view of attackers’ shifting techniques,” the Microsoft Threat Intelligence team said in a blog post. “This more complete view enables us all to be more proactive in protecting, detecting, and defending against attacks.” Microsoft decided to open up its feed in order to boost awareness about attackers’ changing techniques during the pandemic — especially for those who may not have the expansive visibility the company possesses. “Microsoft processes trillions of signals each day across identities, endpoint, cloud, applications, and email, which provides visibility into a broad range of COVID-19-themed attacks, allowing us to detect, protect, and respond to them across our entire security stack,” the security team wrote. Michael Daniel, president and CEO of the Cyber Threat […] The post Microsoft opens up coronavirus threat data to the public appeared first on CyberScoop. (CyberScoop)

Cyberattack hits internal IT systems of key player in British power market

Elexon, a company that facilitates transactions on the British electricity market, said Thursday that a cyberattack had hit its internal computers, cutting off email access for employees. The company grappled with the digital attack throughout Thursday, tweeting that it had identified the “root cause” of the incident. “The attack is to our internal IT systems and Elexon’s laptops only,” the company said. It was unclear who was responsible for the cyberattack. The attack didn’t affect the external IT systems that the company uses to track trading between producers and suppliers of electricity, Elexon said. The company manages transactions worth some $2 billion a year, resolving the difference between what electricity generators and suppliers say they will produce or use and what they actually do. A spokesperson for National Grid ESO — Britain’s national electricity system operator — said the organization was investigating the incident, calling it a “cyber intrusion on Elexon’s internal […] The post Cyberattack hits internal IT systems of key player in British power market appeared first on CyberScoop. (CyberScoop)

Security incident knocks UK supercomputer service offline for days

Britain’s main supercomputing service for academic research has been unavailable since Monday following a security incident that forced administrators to reset user passwords. The ARCHER computing service, which scientists use to model climate change, coronavirus, and other societal challenges, likely won’t be available until at least next week as U.K. government cyber officials continue to help the system recover. ARCHER —  a set of powerful hardware and simulation software housed at the University of Edinburgh — recently made available to its users a tool for simulating the extent of the COVID-19 outbreak. Scientific data and know-how has been in the crosshairs of hackers during the COVID-19 pandemic as governments around the world race to understand and treat the disease. It was unclear who was responsible for the security incident. A spokesperson for the U.K.’s National Cyber Security Centre told CyberScoop the agency was aware of the incident and providing support for […] The post Security incident knocks UK supercomputer service offline for days appeared first on CyberScoop. (CyberScoop)

Scammers steal $10 million from Norfund, the largest sovereign wealth fund

Thieves spent months inside the networks of the world’s largest sovereign wealth fund before stealing $10 million in what the enterprise is describing as “a serious case of fraud.” The Norwegian Investment Fund, more commonly known as Norfund, announced Wednesday that scammers stole £8.2 million ($10 million) by spoofing an email address, then fabricating payment information and directing cash into their own account. In a statement, Norfund said the incident is still under investigation, though it acknowledged “that our existing systems and routines were not secure enough.” Norfund is a Norway state-owned private equity firm which invests in developing countries throughout the world by supporting renewable energy infrastructure and scalable businesses, particularly in the manufacturing and agricultural sectors. This financial heist only is the latest to affect large international firms, following a $29 million scam affecting the publishing conglomerate Nikkei and the attempted theft of $951 million from Bangladesh’s central […] The post Scammers steal $10 million from Norfund, the largest sovereign wealth fund appeared first on CyberScoop. (CyberScoop)

The most-targeted security vulnerabilities – despite patches having been available for years

Newly-discovered zero-day vulnerabilities may make the biggest headlines, but that doesn’t mean that they’re necessarily the thing that will get your company hacked. This week, US-CERT has published its list of the “Top 10 Routinely Exploited Vulnerabilities”. Read more in my article on the Tripwire State of Security blog. (Graham Cluley)

PrintDemon – patch this ancient Windows printer bug!

Bugs can last a long time... even if you thought you removed them years ago. (Naked Security)

Woman stalked by sandwich server via her COVID-19 contact tracing info

She wanted a sub, not Facebook, Instagram and SMS come-ons from the guy who served her and intercepted her contact-tracing details. (Naked Security)

Update now! Windows gets another bumper patch update

Windows users won't have to fix ‘big’ exploited or public flaws this month, but May's Patch Tuesday is one of the biggest patch rounds. (Naked Security)

Boost Your Productivity with This Mind-Mapping Tool

Whether you're coding a simple app, trying to learn a new programming language, or building an entirely new operating system from scratch, being able to quickly and clearly organize your thoughts is absolutely paramount — even as an ethical hacker or penetration tester.

And now that most of us have been forced to work from home for the foreseeable future, it can be difficult to avoid those plentiful at-home distractions that can drain your focus and sap your productivity.

Enter MindMaster Mind Mapping Software — an all-in-one organizational tool that makes it easy to quickly lay your ideas... more (Null Byte « WonderHowTo)

Senate Passes Spying Bill Without Certain Protections

(News ≈ Packet Storm)

Russian Hacker Groups Using HTTP Status Codes To Control Malware

(News ≈ Packet Storm)

FBI Reportedly Issued Warrant To Apple To Get Data From Senator Burr's iCloud Account

(News ≈ Packet Storm)

iOS Exploits Prices Crash Significantly

(News ≈ Packet Storm)

Effective Business Continuity Plans Require CISOs to Rethink WAN Connectivity

As more businesses leverage remote, mobile, and temporary workforces, the elements of business continuity planning are evolving and requiring that IT professionals look deep into the nuts and bolts of connectivity.

CISOs and their team members are facing new challenges each and every day, many of which have been driven by digital transformation, as well as the adoption of other (The Hacker News)

Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable

Remember the Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol?

Though Microsoft had patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward (The Hacker News)

Innovative Spy Trojan Targets European Diplomatic Targets

Descended from the COMPFun RAT, the malware can propagate to removable drives. (Threatpost)

TikTok Violated Children’s Privacy Law, FTC Complaint Says

A group of children's privacy advocates alleged in a recent FTC complaint that TikTok violated an agreement to protect children's private data. (Threatpost)

Microsoft Adds DNS-Over-HTTPS Support for Windows 10 Insiders

Microsoft is letting Windows Insiders test-drive DNS-over-HTTPS protocol in a pre-release build of Windows 10. (Threatpost)

Utah Says No to Apple/Google COVID-19 Tracing; Debuts Startup App

"Healthy Together” app uses a raft of location data, including GPS, cell tower triangulation and Bluetooth, to pinpoint users and ID coronavirus hotspots. (Threatpost)

BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks

BEC gangs like "Exaggerated Lion" are using tricky tactics - like exploiting G Suite - to scam companies out of millions. (Threatpost)

Login with Facebook Bug Earns $20K Bounty

The cross-site scripting vulnerability could have allowed trivial account takeover. (Threatpost)

13-05-202015-05-2020

/security-daily/ 15-05-2020 23:44:23