Security daily (17-06-2021)

After Gaza ceasefire, MoleRATs hacking group continues to target Middle Eastern governments

Days after Israel and Gaza-based militant group Hamas agreed to a ceasefire in May, Arabic-speaking hackers resumed an effort to break into government networks in the Middle East, according to research published Thursday. The hacking group, known as MoleRATs, sent target organizations a malware-laced PDF claiming to be a report on Hamas members meeting with the Syrian government, security firm Proofpoint said. The malicious code is able to access files and take screenshots on a victim’s computer in furtherance of a spying campaign. It’s an example of how, alongside the violence that has long marked the Israel-Palestine conflict, there are often much subtler efforts by digital spies to access networks. It’s unclear what caused the hacking group to take a two-month break starting in March, or why it resumed activity in early June. Proofpoint analysts speculated that either the Muslim holy month of Ramadan or the latest Israel-Hamas conflict, which […] The post After Gaza ceasefire, MoleRATs hacking group continues to target Middle Eastern governments appeared first on CyberScoop. (CyberScoop)

Chris Inglis confirmed as first US national cyber director after Senate vote

The Senate on Thursday confirmed Chris Inglis as the new White House cyber czar, a role it enacted into law late last year. The new role will play a key part in coordinating the government response to major hacks and other cybersecurity threats. Inglis takes on the position as the U.S. has dealt with an onslaught of cybersecurity incidents, including ransomware attacks on Colonial Pipeline and meat supplier JBS. The national cyber director will also lead the implementation of cyber policy and strategy, including efforts mandated by the Biden administration to improve federal cybersecurity. Inglis will be expected to work closely with Anne Neuberger, deputy national security advisor for cyber and emerging technology on the National Security Council, as well as Jen Easterly, Biden’s nominee to lead the Department of Homeland Security’s cybersecurity agency, should she also be confirmed by Congress. Inglis will also coordinate cooperation between the government and […] The post Chris Inglis confirmed as first US national cyber director after Senate vote appeared first on CyberScoop. (CyberScoop)

Vigilante hacking campaign blocks victims from visiting The Pirate Bay, other piracy sites

A hacker doesn’t appear to be happy with the amount of digital piracy out there. A wave of malicious software downloads from October 2020 to January 2021 blocked users from visiting websites that host pirated versions of video games, Microsoft Office and other programs, analysts at antivirus firm Sophos said Thursday. One malware strain borrowed name recognition from The Pirate Bay, a notorious portal that directs users to copyrighted material while also serving up malicious software and nefarious advertisements. The vigilante disguised their malicious code as pirated software on Discord, a popular chat service, and on file-sharing service BitTorrent, Sophos said in a blog post. But instead of getting a bootlegged version of a video game like Minecraft, targets of the campaign downloaded malicious code that prevented their machines from visiting websites for pirated software. In some cases, the attacker made the malicious code appear as if it came from […] The post Vigilante hacking campaign blocks victims from visiting The Pirate Bay, other piracy sites appeared first on CyberScoop. (CyberScoop)

Senate bill proposes requiring cyber incident notification to feds within 24 hours

Senate Intelligence Chairman Mark Warner is sharing draft bipartisan legislation that would require critical infrastructure owners, cybersecurity incident response firms and federal contractors to report cyber intrusions to the Homeland Security Department within 24 hours. It’s one of the earliest bills to respond a spate of attacks that began with the SolarWinds breach and continued on through the Microsoft Exchange hack and ransomware incidents at Colonial Pipeline and meat supplier JBS. It won’t be the last, either in the House or Senate. Warner has been pushing the idea for months. At a February hearing of Warner’s committee the Virginia Democrat, other senators and witnesses from SolarWinds, Microsoft and FireEye discussed the thought Warner had been floating. The fear was that if FireEye hadn’t voluntarily disclosed that it was a victim of the SolarWinds supply chain hack that compromised nine federal agencies and many technology companies, the damage would’ve been more severe. […] The post Senate bill proposes requiring cyber incident notification to feds within 24 hours appeared first on CyberScoop. (CyberScoop)

Snapchat stalker pleads guilty to using stolen passwords to torment college students

A New York City man admitted to accessing more than 300 Snapchat accounts to steal victims’ nude pictures as part of a cyberstalking case that ensnared at least 14 people. David Mondore, 29, pleaded guilty Wednesday to hacking-related charges for orchestrating a scheme in which he would solicit explicit photos from college students by impersonating their friends. The fraud, in which Mondore would dupe Snapchat users into providing their passwords, represents only the latest example of ways that scammers exploit otherwise innocuous social media relationships to harass, abuse and torment unwitting users. “This case should serve as a cautionary reminder that many individuals lurking on social media use those platforms to engage in decidedly anti-social behavior,” U.S. Attorney James Kennedy said in a statement. Unlike advanced cyber-espionage activity or digital extortion, cyberstalking is typically aimed at individual victims who have few obvious solutions. While instances of the problem are difficult […] The post Snapchat stalker pleads guilty to using stolen passwords to torment college students appeared first on CyberScoop. (CyberScoop)

S3 Ep37: Quantum crypto, refunding Bitcoins, and Alpaca problems [Podcast]

Latest episode - listen now! (Naked Security)

How to hack a bicycle – Peloton Bike+ rooting bug patched

It's a bike, Jim, but not as we know it. (Naked Security)

Ten-Year Hacktivisit Fugitive Commander X Arrested In Mexico

(News ≈ Packet Storm)

Sideloading Apps Would Destroy iOS Security And Privacy

(News ≈ Packet Storm)

Why Cyber Gangs Won't Worry About US-Russia Talks

(News ≈ Packet Storm)

Millions Of Connected Cameras Open To Eavesdropping

(News ≈ Packet Storm)

Malicious Redirects Through Bogus Plugin

Recently we have been seeing a rash of WordPress website compromises with attackers abusing the plugin upload functionality in the wp-admin dashboard to redirect visitors and website owners to malicious websites.

The payload is the following bogus plugin located here: ./wp-content/plugins/plugs/plugs.php

At first glance these appear to be very unorthodox domains: hxxp://xn--o1aofd[.]xn--p1ai hxxp://xn--80ady8a[.]xn--p1ai hxxp://xn--80adzf[.]xn--p1ai hxxp://xn--g1aey4a[.]xn--p1ai hxxp://xn--g1asqf[.]xn--p1ai hxxp://xn--i1abh6c[.]xn--p1ai However, they are using what is known as “punycode”, where everything after the xn-- is unicode. Continue reading Malicious Redirects Through Bogus Plugin at Sucuri Blog. (Sucuri Blog)

[eBook] 7 Signs You Might Need a New Detection and Response Tool

It's natural to get complacent with the status quo when things seem to be working. The familiar is comfortable, and even if something better comes along, it brings with it many unknowns. In cybersecurity, this tendency is countered by the fast pace of innovation and how quickly technology becomes obsolete, often overnight. This combination usually results in one of two things – organizations (The Hacker News)

Update‌ ‌Your Chrome Browser to Patch Yet Another 0-Day Exploit‌ed ‌in‌-the‌-Wild

Google has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that's being exploited in the wild. Tracked as CVE-2021-30554, the high severity flaw concerns a use after free vulnerability in WebGL (aka Web Graphics Library), a JavaScript API for rendering interactive 2D and 3D graphics within the browser. (The Hacker News)

Molerats Hackers Return With New Attacks Targeting Middle Eastern Governments

A Middle Eastern advanced persistent threat (APT) group has resurfaced after a two-month hiatus to target government institutions in the Middle East and global government entities associated with geopolitics in the region in a rash of new campaigns observed earlier this month. Sunnyvale-based enterprise security firm Proofpoint attributed the activity to a politically motivated threat actor it (The Hacker News)

A New Spyware is Targeting Telegram and Psiphon VPN Users in Iran

Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan (RAT) capable of stealing sensitive information from targets' devices since at least 2015. Russian cybersecurity firm Kaspersky, which pieced together the activity, attributed the campaign to an advanced persistent threat (APT) (The Hacker News)

Strengthen Your Password Policy With GDPR Compliance

A solid password policy is the first line of defense for your corporate network. Protecting your systems from unauthorized users may sound easy on the surface, but it can actually be quite complicated. You have to balance password security with usability, while also following various regulatory requirements. Companies in the EU must have password policies that are compliant with the General Data (The Hacker News)

Researchers Uncover 'Process Ghosting' — A New Malware Evasion Technique

Cybersecurity researchers have disclosed a new executable image tampering attack dubbed "Process Ghosting" that could be potentially abused by an attacker to circumvent protections and stealthily run malicious code on a Windows system. "With this technique, an attacker can write a piece of malware to disk in such a way that it's difficult to scan or delete it — and where it then executes the (The Hacker News)

Ukraine Police Arrest Cyber Criminals Behind Clop Ransomware Attacks

Ukrainian law enforcement officials on Wednesday announced the arrest of the Clop ransomware gang, adding it disrupted the infrastructure employed in attacks targeting victims worldwide since at least 2019. As part of an international operation between the National Police of Ukraine and authorities from Interpol, Korea, and the U.S., six defendants have been accused of running a double extortion (The Hacker News)

Clop Raid: A Big Win in the War on Ransomware?

Cops arrest six, seize cars and cash in splashy raid, and experts are applauding. (Threatpost)

Cisco Smart Switches Riddled with Severe Security Holes

The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations. (Threatpost)

Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes

An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft's native email controls. (Threatpost)

CVS Health Records for 1.1 Billion Customers Exposed

A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration. (Threatpost)

Threat Actors Use Google Docs to Host Phishing Attacks

Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials. (Threatpost)


/security-daily/ 18-06-2021 23:44:23