Security daily (17-08-2021)

057| Dark Web: The Good, the Bad, and the Ugly

After data breaches and ransomware attacks, we often hear that customer information was leaked to the dark web. This obviously can have serious implications for both companies and individuals, but for many of us, the dark web is as mysterious as it sounds. So what is the dark web all about, and what's happening there? How does it affect companies and regular people? F-Secure's Laura Kankaala and Elias Koivula join the show to help to help demystify the topic. Links: Episode 57 transcript (Cyber Security Sauna)

BlackBerry's popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings

A critical set of software flaws first revealed in April also affects code made by BlackBerry that is used in countless devices in the medical, automotive and energy sectors, the technology vendor confirmed on Tuesday. A hacker who exploits the so-called BadAlloc software vulnerabilities, which Microsoft researchers uncovered, could cause devices running the software to crash. In BlackBerry’s case, the attacker would need to first gain access to a targeted network and then go after devices that are exposed to the internet. The affected software is BlackBerry’s QNX Real-Time Operating System, a suite of software that manages data across a network. It’s unclear just how many devices are running the affected BlackBerry software. The firm said last year that its QNX software was embedded in more than 175 million cars alone. A BlackBerry spokesperson did not immediately respond to a request for comment. “These vulnerabilities may introduce risks for certain […] The post BlackBerry's popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings appeared first on CyberScoop. (CyberScoop)

Japan's Tokio Marine is the latest insurer to be victimized by ransomware

Ransomware struck Japan’s largest property and casualty insurer, Tokio Marine Holdings, at its Singapore branch, the company disclosed on Monday. Tokio Marine, which has a U.S. division and offers a cyber insurance product, said it did not have any immediate indication that any customer information was breached. Such data could be a smorgasbord for hackers who would use the data to extort victims based on their coverage amounts. It’s at least the third major insurer to disclose a ransomware attack in recent months, following CNA and AXA. And it’s the second insurer just this week, with Ryan Specialty Group — fresh off launching an initial public offering — to disclose a cyber incident. Cyber insurers have, of late, taken to asking more detailed questions about policyholders’ cybersecurity safeguards as a condition for providing coverage. But the spate of recent successful attacks suggests that insurers, too, might need to step up […] The post Japan's Tokio Marine is the latest insurer to be victimized by ransomware appeared first on CyberScoop. (CyberScoop)

Suspected Russian operatives tried to stir far-right outrage about COVID-19 on 4chan

Operators of an apparent Russian propaganda campaign shared coronavirus disinformation in an effort to influence the American far-right, according to a report out Tuesday by cybersecurity firm Recorded Future.  The findings are included in a new report shedding light on a long-running Russian propaganda campaign known as Operation Secondary Infektion. The years-long campaign has used regional European websites, forged documents and throwaway accounts to further Russia’s political agenda in Europe. Secondary Infektion is perhaps best known for spreading disinformation through small, local websites, then promoting fabricated narratives on social media, with mixed success. Secondary Infektion promotes narratives in line with Russia’s political agenda in Europe, leading researchers to believe the group supports Russia’s intelligence apparatus. Since 2014 the group has staged a number of campaigns, including using fake tweets from accounts like Sen. Marco Rubio, R-Fla. to spread a false narrative that British citizens planned to assassinate Prime Minister Boris […] The post Suspected Russian operatives tried to stir far-right outrage about COVID-19 on 4chan appeared first on CyberScoop. (CyberScoop)

Mandiant, CISA urge ThroughTrek customers to fix software bug in millions of baby monitors, cameras

A flaw in software used by millions of smart home devices could allow hackers to intercept audio and video data on equipment such as baby monitors and web cameras, security researchers said Tuesday. The vulnerability is in a software protocol made by Taiwanese internet of things (IoT) vendor ThroughTek, which has customers including the Chinese electronics giant Xiaomi. ThroughTek says 83 million devices made by other brands, such as the camera vendor Wyze, run its software. To exploit the flaw, an attacker would need “comprehensive knowledge” of the software protocol, and to obtain unique identifiers used by the targeted device, according to Mandiant, a division of FireEye, which discovered the issue. With that access, a hacker could communicate with devices remotely, potentially leading to follow-on hacks. The Department of Homeland Security plans to issue a public advisory to raise awareness of the security issue, Mandiant said. Yi-Ching Chen, an employee […] The post Mandiant, CISA urge ThroughTrek customers to fix software bug in millions of baby monitors, cameras appeared first on CyberScoop. (CyberScoop)

Video surveillance network hacked by researchers to hijack footage

Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you online... (Naked Security)

Apple: CSAM Image-Detection Backdoor Narrow In Scope

(News ≈ Packet Storm)

A Third Of Companies Have Experienced Ransomware

(News ≈ Packet Storm)

Hospitals Hamstrung By Ransomware Are Turning Away Patients

(News ≈ Packet Storm)

Desire To Connect IoT Devices Can Lead To Risky New Flaws

(News ≈ Packet Storm)

Brazilian National Treasury Hit With Ransomware Attack

(News ≈ Packet Storm)

Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF

Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall (WAF) appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands (The Hacker News)

Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan

A new social engineering-based malvertising campaign targeting Japan has been found to deliver a malicious application that deploys a banking trojan on compromised Windows machines to steal credentials associated with cryptocurrency accounts. The application masquerades as an animated porn game, a reward points application, or a video streaming application, Trend Micro researchers Jaromir (The Hacker News)

Solution Providers Can Now Add Incident Response to Their Services Portfolio For Free

The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more organizations, across all sizes and verticals, choose to outsource IR to 3rd party service providers over handling security incidents in-house.

Cynet is now launching a first-of-its-kind offering, enabling any Managed Security Provider (MSP) or Security (The Hacker News)

Attackers Can Weaponize Firewalls and Middleboxes for Amplified DDoS Attacks

Weaknesses in the implementation of TCP protocol in middleboxes and censorship infrastructure could be weaponized as a vector to stage reflected denial of service (DoS) amplification attacks against any target, surpassing many of the existing UDP-based amplification factors to date. Detailed by a group of academics from the University of Maryland and the University of Colorado Boulder at the (The Hacker News)

The Overlooked Security Risks of The Cloud

Nate Warfield, CTO of Prevaliion, discusses the top security concerns for those embracing virtual machines, public cloud storage and cloud strategies for remote working. (Threatpost)

LockBit 2.0 Ransomware Proliferates Globally

Fresh attacks target companies' employees, promising millions of dollars in exchange for valid account credentials for initial access. (Threatpost)

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop

A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices. (Threatpost)

Terrorist Watchlist Exposed Online with Nearly 1.9M Records

A researcher discovered a data cache from the FBI’s Terrorist Screening Center left online without a password or authentication requirement. (Threatpost)


/security-daily/ 18-08-2021 23:44:22