Security daily (17-06-2020)

Netgear moves to plug vulnerability in routers after researchers find zero-day

A newly discovered software vulnerability could allow hackers to remotely exploit home internet routers, offering a foothold for breaking into the devices running on those networks. Researchers say the flaw in routers made by Netgear — revealed this week by cybersecurity company GRIMM and Trend Micro’s Zero Day Initiative (ZDI) — underscores the long-running challenge of improving security in a market that prizes affordable and functional networking equipment. Netgear told CyberScoop on Wednesday that it was close to releasing a patch for the vulnerability. The flaw affects how Netgear devices handle incoming data and could let hackers, under certain conditions, bypass the router’s authentication process using a software exploit. The router could then be a pathway to other devices, such as a laptop housing sensitive work information. (Breaking into the laptop would likely require an additional exploit.) The findings show how the potential impact of a bug can grow as investigations proceed. Researchers initially singled out two […] The post Netgear moves to plug vulnerability in routers after researchers find zero-day appeared first on CyberScoop. (CyberScoop)

Treasury Department sanctions six Nigerians after email scam nabs millions of dollars

U.S. officials have sanctioned six Nigerian men for their involvement in email fraud schemes resulting in the theft of more than $6 million from American businesses and individuals. The Department of Treasury announced on Tuesday it had taken action against the accused scammers as part of an effort to stifle business email compromise efforts, in which attackers pose as co-workers, family members or romantic partners. In this case, suspects impersonated executives and potential love interests to obtain victims’ bank account information, usernames and passwords, Treasury officials said. More than 19,000 Americans reported being victimized by such crimes in 2019, leading to $1.5 billion in known theft, according to the most recent figures from the FBI. Reported losses have increased every year since the bureau started tracking BEC figures in 2013, officials said. “Cybercriminals prey on vulnerable Americans and small businesses to deceive and defraud them,” Treasury Secretary Steven Mnuchin said […] The post Treasury Department sanctions six Nigerians after email scam nabs millions of dollars appeared first on CyberScoop. (CyberScoop)

In reversal, Zoom says all users will have access to end-to-end encryption

Zoom has decided it will be able to offer end-to-end encryption to both free and paid users after all, reversing a recent decision that would have limited the feature to paid users, company founder Eric S. Yuan announced Wednesday. “Since releasing the draft design of Zoom’s end-to-end encryption (E2EE) on May 22, we have engaged with civil liberties organizations, our CISO council, child safety advocates, encryption experts, government representatives, our own users, and others to gather their feedback on this feature. We have also explored new technologies to enable us to offer E2EE to all tiers of users,” Yuan writes in a company blog. In order to gain access to end-to-end encryption, users will have to provide additional information, such as verifying their cell phone number through a text message, Yuan said. Yuan previously said that the earlier decision was rooted in the idea that Zoom should be able to share information with law […] The post In reversal, Zoom says all users will have access to end-to-end encryption appeared first on CyberScoop. (CyberScoop)

New Mac malware spreads disguised as Flash Player installer via Google search results

Apple Mac users are warned of a new in-the-wild malware threat which masquerades as an installer for Adobe Flash Player. (Graham Cluley)

NHS Test & Trace sends text to wrong person, telling them they tested negative for Coronavirus

A former MP warns that she received a message intended for someone else, with the results of their Coronavirus test. (Graham Cluley)

Avon cosmetics suffers “cyber incident” – but was it ransomware?

Ah for the bad old days when a ransomware attack was simply that: a ransomware attack, beginning, middle and end. (Naked Security)

More ad fraud apps found hiding on Google Play Store

Fraudulent Android app developers have been discovered trying to manipulate Google’s Play Store security by removing suspicious code before adding it back in to see what trips detection systems. (Naked Security)

eBay staff charged with cyberstalking, sending fetal pig and spiders

6 execs and employees have been charged with cyberharassing a couple who published an e-commerce newsletter sometimes critical of the company. (Naked Security)

Become a Big Data Expert with This 10-Course Bundle

In today's data-driven world, being well-versed in Big Data and analytics can help land an exciting and high-paying career. Whether you're interested in working for a major tech company or pursuing freelance work in development, you need to have a thorough understanding of the latest and greatest platforms in analytics if you want to succeed.

The Complete 2020 Big Data and Machine Learning Bundle comes with ten courses and over 600 lessons that will get you up to speed with the world's most popular and powerful data and machine learning methodologies and tools, and it's currently available... more (Null Byte « WonderHowTo)

Cyber Spies Use LinkedIn To Hack European Defense Firms

(News ≈ Packet Storm)

Adobe Patches 18 Critical Flaws In Out-Of-Band Update

(News ≈ Packet Storm)

Rockstar Stops Hackers From Spawning KKK Members In Red Dead Online

(News ≈ Packet Storm)

North Korea's State Hackers Caught Engaging In BEC Scams

(News ≈ Packet Storm)

Solution Providers Can Now Add Incident Response to Their Services Portfolio For Free

The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more organizations, across all sizes and verticals, choose to outsource IR to 3rd party service providers over handling security incidents in-house.

Cynet is now launching a first-of-its-kind offering, enabling any Managed Security Provider (MSP) or Security (The Hacker News)

Hackers Target Military and Aerospace Staff by Posing as HRs Offering Jobs

Cybersecurity researchers today took the wraps off a new sophisticated cyber-espionage campaign directed against aerospace and military organizations in Europe and the Middle East with an aim to spy on key employees of the targeted firms and, in some case, even to siphon money.

The campaign, dubbed "Operation In(ter)ception" because of a reference to "Inception" in the malware sample, took (The Hacker News)

New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking

The Department of Homeland Security and CISA ICS-CERT today issued a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting billions of Internet-connected devices manufactured by many vendors across the globe.

Dubbed "Ripple20," the set of 19 vulnerabilities resides in a low-level TCP/IP software library developed by Treck, which, if weaponized, could (The Hacker News)

AcidBox Malware Uncovered Using Repurposed VirtualBox Exploit

A “very rare” malware has been used by an unknown threat actor in cyberattacks against two different Russian organizations in 2017. (Threatpost)

Premier League’s Return: A Hat Trick of Cyberthreats?

The beautiful game is back on the pitch in the U.K. -- and cyberattackers will be looking to take advantage of fans streaming the games. (Threatpost)


/security-daily/ 18-06-2020 23:44:24