Security daily (21-05-2020)

FBI offers US companies more details from investigations of health care hacking

The FBI has provided U.S. companies more information on the extent of recent criminal and foreign government-backed hacking operations against the health care sector and warned of ongoing efforts to steal U.S. research data. Criminal and state actors continue to target U.S. clinical trial data, trade secrets, and the “sensitive data and proprietary research of U.S. universities and research facilities,” the FBI told industry in an advisory this week. “Likely due to the current global public health crisis, the FBI has observed some nation-states shifting cyber resources to collect against the [health care and public health] sector, while criminals are targeting similar entities for financial gain.” The advisory, which CyberScoop obtained, includes multiple examples since February of state-linked hackers trying to compromise and retain access to the networks of organizations in the U.S. health care and public health sector. It is the latest in a series of warnings from U.S. officials about similar […] The post FBI offers US companies more details from investigations of health care hacking appeared first on CyberScoop. (CyberScoop)

Zeus’s legacy lives on as crooks target banking customers in the US and Europe

Over a decade since the infamous Zeus malware surfaced, scammers are still using variants of that code to try to steal data from banking customers on multiple continents. Since the beginning of the year, various criminal hacking groups have been using a descendant of Zeus in more than 100 phishing campaigns and some 700,000 emails against people in Australia, Canada, Germany, Poland, and the U.S., email security company Proofpoint said this week. Like countless other hackers around the world, they are trying to capitalize on fears around the coronavirus to slip their code onto victim computers. The ZLoader campaign shows how one piece of code is still inspiring criminals years after law enforcement identified it as pernicious. After malicious hackers had used Zeus malware to steal over $100 million from victims, the Department of Justice disrupted a Zeus-based botnet in 2014 and put a $3 million bounty out for information leading to the arrest of Zeus’s alleged […] The post Zeus’s legacy lives on as crooks target banking customers in the US and Europe appeared first on CyberScoop. (CyberScoop)

BlockFi hacked following SIM swap attack, but says no funds lost

For just under 90 minutes last Thursday, hackers were able to compromise the systems of cryptocurrency lending platform BlockFi, and gain unauthorised access to users’ names, email addresses, dates of birth, address and activity history. Read more in my article on the Tripwire State of Security blog. (Graham Cluley)

Mitsubishi hackers may have stolen details of prototype missile

Hackers exploited vulnerabilities in one of Trend Micro’s anti-virus products last year to steal information from Japanese manufacturer Mitsubishi Electric. Now, the Japanese Defense Ministry believes the state-sponsored hackers may have been after details of a prototype missile. (Graham Cluley)

Smashing Security podcast #179: Deepfake Jay-Z, and beer apps spilling your data

Apps that belch out sensitive military information, what could the world learn from South Korea’s digital response to the Coronavirus pandemic, and who has been deepfaking Bill Clinton, Jay-Z, and Donald Trump… and why? All this and much much more is discussed in the latest episode by computer security veterans Graham Cluley and Carole Theriault, joined this week by Brian Klaas of the “Power Corrupts” podcast. (Graham Cluley)

Adobe “out of band” critical patch – get your update now!

Looks as though at least one of these patches was supposed to come out a week ago but ended up delayed until now... (Naked Security)

S2 Ep 40: Demonic printers, a sleazy stalker and 10 reasons to patch – Naked Security Podcast

Latest episode - listen now! (Naked Security)

Scammers target COVID-19 CARES Act relief scheme

US states are being flooded by fraudulent unemployment applications in a scam run by a sophisticated cybergang. (Naked Security)

Chrome 83 adds DNS-over-HTTPS support and privacy tweaks

This week sees the early arrival of Chrome 83 with a longer list of new security features than originally planned. (Naked Security)

How to Clear the Logs & History on Linux Systems to Cover Your Tracks & Remain Undetected

The final stage of exploitation is covering your tracks, which involves wiping all activity and logs so the attacker can avoid being detected. It's especially crucial for persistence if the target is going to be accessed again in the future.

To show you the basics of covering your tracks, we'll compromise a target first, then explore some techniques used to delete Bash history, clear logs, and remain hidden after exploiting a Linux system.

Step 1: Compromise a Target

The first thing we need to do is exploit the target. We can use command injection to abuse the way the server handles OS... more (Null Byte « WonderHowTo)

Mitsubishi Hack May Have Disclosed Prototype Missile Info

(News ≈ Packet Storm)

Home Chef Confirms Customer Data Breach

(News ≈ Packet Storm)

Hackers Infect Multiple Game Developers With Advanced Malware

(News ≈ Packet Storm)

Critical Java Flaw Hits Cisco Call Center In A Box

(News ≈ Packet Storm)

How Cybersecurity Enables Government, Health, EduTech Cope With COVID-19

The advent of the Covid-19 pandemic and the impact on our society has resulted in many dramatic changes to how people are traveling, interacting with each other, and collaborating at work.

There are several trends taking place as a consequence of the outbreak, which has only continued to heighten the need for the tightest possible cybersecurity.

Tools for Collaboration

There has been a (The Hacker News)

Iranian APT Group Targets Governments in Kuwait and Saudi Arabia

Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia.

Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known for its attacks on telecommunication and travel industries in the Middle East to collect personal (The Hacker News)

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers.

The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concern Bluetooth Classic, which supports Basic Rate (BR) and Enhanced Data Rate (EDR) for (The Hacker News)

Long Tail Analysis: A New Hope in the Cybercrime Battle

Looking for niche anomalies in an automated way with AI and machine learning is the future. (Threatpost)

Critical Cisco Bug in Unified CCX Allows Remote Code Execution

Cisco has fixed a critical remote code-execution flaw in its popular customer interaction management solution. (Threatpost)

Silent Night Banking Trojan Charges Top Dollar on the Underground

The malware-as-a-service is advanced, obfuscated and modular -- and built for mass campaigns. (Threatpost)

Supreme Court Phish Targets Office 365 Credentials

Cybercriminals are hunting out victims' Office 365 credentials -- by dishing out Supreme court "summons" in a phishing attack. (Threatpost)

Crooks Tap Google Firebase in Fresh Phishing Tactic

Cybercriminals are taking advantage of the Google name and the cloud to convince victims into handing over their login details. (Threatpost)


/security-daily/ 22-05-2020 23:44:21