Security daily (17-04-2020)

Google declares war on Android fleeceware scamming users through sneaky subscriptions

The Google Play Store has announced new policies that aim to kick out “free trial” Android apps that you use underhand techniques to trick unsuspecting users into signing-up for expensive subscriptions. (Graham Cluley)

I’ve sent my worst enemies to Earworm Island

Imagine marooning your worst enemy on a desert island, along with the four most terrible records ever made. That’s the premise of a brand new podcast, hosted by technology journalist Geoff White. And I’m his first guest! Not on the island, you understand. But I get to choose who I send to the island, and what tunes I torture them with. Yeah, this isn’t security-related – but I figure we all could do with a break right now. (Graham Cluley)

How to Hack 5 GHz Wi-Fi Networks with an Alfa Wi-Fi Adapter

Wi-Fi networks come in two flavors: the more common 2.4 GHz used by most routers and IoT devices, and the 5 GHz one offered as an alternative by newer routers. While it can be frustrating to attack a device that moves out of reach to a 5 GHz Wi-Fi network, we can use an Alfa dual-band adapter to hack Wi-Fi devices on either type of network.

Wi-Fi is a radio standard that has been around since 1997, and the number of devices using it has made its part of the spectrum quite crowded. To relieve that stress, 5 GHz was introduced to offer fast Wi-Fi connections over similar distances as a... more (Null Byte « WonderHowTo)

PoetRAT Trojan Targets Energy Sector Using Coronavirus Lures

(News ≈ Packet Storm)

Cisco IP Phone Harbors Critical RCE Flaw

(News ≈ Packet Storm)

Google Blocked 126 Million COVID-19 Phishing Scams In One Week

(News ≈ Packet Storm)

Poorly Secured Docker Image Comes Under Rapid Attack

(News ≈ Packet Storm)

Web Skimmer with a Domain Name Generator

Our security analyst Moe Obaid recently found yet another variation of a web skimmer script injected into a Magento database. The malicious script loads the credit card stealing code from qr201346[.]pw and sends the stolen details to hxxps://gooogletagmanager[.]online/get.php. This approach is pretty typical for skimmers. However, we noticed one interesting feature of the script — instead of using one predefined domain, it generates domain names based on the current date. Continue reading Web Skimmer with a Domain Name Generator at Sucuri Blog. (Sucuri Blog)

CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers

The United States Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution (RCE) vulnerability in Pulse Secure VPN servers—even if they have already patched it.

The warning comes three months after another (The Hacker News)

Why SaaS opens the door to so many cyber threats (and how to make it safer)

Cloud services have become increasingly important to many companies' daily operations, and the rapid adoption of web apps has allowed businesses to continue operating with limited productivity hiccups, even as global coronavirus restrictions have forced much of the world to work from home.

But at the same time, even major corporations have fallen prey to hackers. How can you maintain the (The Hacker News)

Google and Apple Plan to Turn Phones into COVID-19 Contact-Tracking Devices

Tech giants Apple and Google have joined forces to develop an interoperable contact-tracing tool that will help individuals determine if they have come in contact with someone infected with COVID-19.

As part of this new initiative, the companies are expected to release an API that public agencies can integrate into their apps. The next iteration will be a built-in system-level platform that (The Hacker News)