13-05-202115-05-2021

Security daily (14-05-2021)

Lawmakers want DOD to share more info with Americans on deterring hacks

Lawmakers on Capitol Hill are clamoring for the U.S. government to better communicate what it’s doing to fend off foreign hackers, a concern that has come front and center in recent days as Americans have queued up at gas stations following a ransomware attack against a major U.S. pipeline company. Colonial Pipeline, the largest pipeline in the country, temporarily had to shut down operations earlier this month in response to a ransomware attack impacting its IT networks. The company shut down operations to prevent the malicious software from spreading to its operational networks. The incident has raised questions about the fragility of U.S. critical infrastructure cybersecurity, and Rep. Elissa Slotkin, D-Mich., indicated Friday she wants the U.S. government to tell the American people more about what it’s doing to try to prevent these kinds of attacks in the first place. ”It is so hard to explain to the American public […] The post Lawmakers want DOD to share more info with Americans on deterring hacks appeared first on CyberScoop. (CyberScoop)

Russian cybercrime forum XSS claims to ban ransomware following Colonial Pipeline hack

In the wake of the disruption to Colonial Pipeline, a popular Russian-language criminal forum has claimed it will ban the sale of ransomware tools, according to multiple researchers who monitor the site. XSS, a prominent underground forum for hacking tools and other scams, on May 13 said the platform would forbid “ransomware sales, ransomware rental and ransomware affiliate programs,” according to the threat intelligence firm Digital Shadows. The XSS administrator also claimed it would remove all posts mentioning ransomware. The forum post claimed it was because ransomware was attracting too much “hype” and attention from outsiders, but ransomware operators frequently engage in self-serving public relations stunts. The development pointed to newfound pressure that ransomware operators were feeling following the breach of the IT systems at Colonial Pipeline, the main artery for delivering fuel to the East Coast. The ransomware incident forced Colonial Pipeline to shut down for days. Though service […] The post Russian cybercrime forum XSS claims to ban ransomware following Colonial Pipeline hack appeared first on CyberScoop. (CyberScoop)

Toshiba subsidiary confirms ransomware attack, as reports suggest possible DarkSide involvement

European units of Japanese tech giant Toshiba are investigating a security incident in which scammers may have used a similar hacking tool to the malware used against IT systems at Colonial Pipeline. The European subsidiaries of Toshiba Tec Group said Friday that a cyberattack from a criminal gang had prompted the company to disconnect network connections between Japan and Europe to stop the spread of the malware. In a statement, Toshiba Tec Group, a unit of the multinational conglomerate which makes printers and other technologies, said the firm had “not yet confirmed a fact that customer related information was leaked externally,” though it suggested a criminal gang is responsible. Toshiba Tec Group did not name DarkSide, which is both a type of ransomware and an Eastern European criminal syndicate that develops and sells access to the code to other criminals. An unnamed company Toshiba Tec spokesperson told CNBC that DarkSide […] The post Toshiba subsidiary confirms ransomware attack, as reports suggest possible DarkSide involvement appeared first on CyberScoop. (CyberScoop)

Apple AirTag hacked again – free internet with no mobile data plan!

More phun with Apple AirTags! Free internet, no data plan required... but it's s-l-o-o-o-w. (Naked Security)

Gamers beware! Crooks take advantage of MSI download outage…

Vendor's site offline? Can't wait for your download? Tempted to go trawling through the underweb to find an "unofficial" version? (Naked Security)

Get a Jump Start into Cybersecurity with This Bundle

Cybersecurity is an industry that isn't going anywhere. After the mass move to online work, the need for more cybersecurity professionals skyrocketed. That demand isn't going away because more and more industries are keeping online and cloud services going for their workers.

The 2021 All-in-One Ethical Hacking & Penetration Testing Bundle can get you ready to be a cybersecurity professional all with one bundle, and right now, it's on sale for $29.99.

This Ethical Hacking bundle brings you 46 hours of expert learning that will prepare you for a career in cybersecurity, and all of this is... more (Null Byte « WonderHowTo)

Hack Networks & Devices Right from Your Wrist with the Wi-Fi Deauther Watch

The Deauther Watch by Travis Lin is the physical manifestation of the Wi-Fi Deauther project by Spacehuhn, and it's designed to let you operate the Deauther project right from your wrist without needing a computer. That's pretty cool if you want to do all the interesting things that the Wi-Fi Deauther can do without plugging it into a device.

If you missed our guide on using an ESP8266-based Wi-Fi Deauther, you might be confused about what the Deauther does. For one, it can create deauthentication and disassociation packets, which can kick devices off the same Wi-Fi network the Deauther is... more (Null Byte « WonderHowTo)

Rapid7 Source Code, Alert Data Accessed In Codecov Supply Chain Attack

(News ≈ Packet Storm)

DarkSide Explained: The Ransomware Group Behind The Attack

(News ≈ Packet Storm)

US Fuel Pipeline Paid Hackers $5 Million In Ransom

(News ≈ Packet Storm)

Toshiba Unit Hacked By DarkSide

(News ≈ Packet Storm)

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly

Threat actors are abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems. The actively ongoing campaign is said to have emerged last month, researchers from cybersecurity firm Anomali said on Thursday, adding the malicious build files came embedded with encoded executables and shellcode that deploy backdoors, (The Hacker News)

Report to Your Management with the Definitive 'Incident Response for Management' Presentation Template

Security incidents occur. It's not a matter of 'if' but of 'when.' There are security products and procedures that were implemented to optimize the IR process, so from the 'security-professional' angle, things are taken care of.

However, many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more (The Hacker News)

Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons

Cybercrime groups are distributing malicious PHP web shells disguised as a favicon to maintain remote access to the compromised servers and inject JavaScript skimmers into online shopping platforms with an aim to steal financial information from their users. "These web shells known as Smilodon or Megalodon are used to dynamically load JavaScript skimming code via server-side requests into online (The Hacker News)

Big Cybersecurity Tips For Remote Workers Who Use Their Own Tech

As the total number of people working from home has grown dramatically in the last year or two, so has the number of individuals who use all of their own technology for their jobs. If you're a remote worker who relies on your own PC to get your work done, then you may be at a heightened risk for some of the major threats that are impacting the computer industry as a whole. Relatively few people (The Hacker News)

Rapid7 Source Code Breached in Codecov Supply-Chain Attack

Cybersecurity company Rapid7 on Thursday revealed that unidentified actors improperly managed to get hold of a small portion of its source code repositories in the aftermath of the software supply chain compromise targeting Codecov earlier this year. "A small subset of our source code repositories for internal tooling for our [Managed Detection and Response] service was accessed by an (The Hacker News)

Dark Web Getting Loaded With Bogus Covid-19 Vaccines and Forged Cards

Bogus COVID-19 test results, fraudulent vaccination cards, and questionable vaccines are emerging a hot commodity on the dark web in what's the latest in a long list of cybercrimes capitalizing on the coronavirus pandemic. "A new and troubling phenomenon is that consumers are buying COVID-19 vaccines on the black market due to the increased demand around the world," said Anne An, a senior (The Hacker News)

Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks

Three design and multiple implementation flaws have been disclosed in IEEE 802.11 technical standard that undergirds Wi-Fi, potentially enabling an adversary to take control over a system and plunder confidential data. Called FragAttacks (short for FRgmentation and AGgregation Attacks), the weaknesses impact all Wi-Fi security protocols, from Wired Equivalent Privacy (WEP) all the way to Wi-Fi (The Hacker News)

Facebook Will Limit Your WhatsApp Features For Not Accepting Privacy Policy

WhatsApp on Friday disclosed that it won't deactivate accounts of users who don't accept its new privacy policy rolling out on May 15, adding it will continue to keep reminding them to accept the new terms. "No one will have their accounts deleted or lose functionality of WhatsApp on May 15 because of this update," the Facebook-owned messaging service said in a statement. The move marks a (The Hacker News)

FIN7 Backdoor Masquerades as Ethical Hacking Tool

The financially motivated cybercrime gang behind the Carbanak RAT is back with the Lizar malware, which can harvest all kinds of info from Windows machines. (Threatpost)

DarkSide Ransomware Suffers ‘Oh, Crap!’ Server Shutdowns

The RaaS that crippled Colonial Pipeline lost the servers it uses to pull off ransomware attacks, while REvil’s gonads shrank in response. (Threatpost)

‘Scheme Flooding’ Allows Websites to Track Users Across Browsers

A flaw that allows browsers to enumerate applications on a machine threatens cross-browser anonymity in Chrome, Firefox, Microsoft Edge, Safari and even Tor. (Threatpost)

Verizon: Pandemic Ushers in ⅓ More Cyber-Misery

The DBIR – Verizon’s 2021 data breach report – shows spikes in sophisticated phishing, financially motivated cyberattacks and a criminal focus on web-application servers. (Threatpost)

Ransomware’s New Swindle: Triple Extortion

Ransomware attackers are now demanding cash from the customers of victims too.   (Threatpost)

How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly

Experts from Intel, GitHub and KnowBe4 weigh in on what you need to succeed at security bug-hunting. (Threatpost)

13-05-202115-05-2021

/security-daily/ 15-05-2021 23:44:23