Security daily (23-04-2020)

As contact tracing gains attention, a researcher pokes a hole in Bluetooth technology

Bluetooth came to the fore in the fight against the novel coronavirus this month when Apple and Google announced a project to use the wireless technology to trace people infected with the virus. The ambitious program to build interoperable software for iPhone and Android devices inspired hope in some and privacy concerns in others. New research highlights the potential security implications of using Bluetooth to track smartphone users. Jan Ruge, a researcher at the TU Darmstadt, a university in Germany, has shown how a hacker in close proximity to an Android device could use Bluetooth to execute code on it. The mobile device’s user wouldn’t need to click on anything to be compromised — the attacker would only need the Bluetooth address of the device and a software exploit. Ruge used the exploit on a Samsung Galaxy S10e, but it would work in theory on other phone models running unpatched versions of the Android 8.0-9.0 operating systems. […] The post As contact tracing gains attention, a researcher pokes a hole in Bluetooth technology appeared first on CyberScoop. (CyberScoop)

A 35,000-device botnet in Peru is wounded, but still mining cryptocurrency

Cybersecurity researchers on Thursday said they had helped disrupt the infrastructure behind a botnet being powered by tens of thousands of devices in Peru. For months, the botnet — an army of compromised computers controlled by an attacker — had grown in strength by quietly infecting devices using USB drives, allowing the attackers to mine thousands of dollars in cryptocurrency. The infections reached the Peruvian public sector and financial institutions, adding urgency to the effort to defang it. Now, Slovakian anti-virus company ESET says it helped “sinkhole” — or render innocuous — about a quarter of the malicious subdomains used by the botnet. That means the infected machines will continue to mine cryptocurrency, but they won’t be able to receive more malicious instructions — such as injecting code onto devices— from whoever is controlling the botnet. (ESET said it had no indication that those code injections would happen.) It’s an example of how the fight […] The post A 35,000-device botnet in Peru is wounded, but still mining cryptocurrency appeared first on CyberScoop. (CyberScoop)

Maze ransomware – what you need to know

Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organisations around the world, demanding a cryptocurrency payment be made in return for the safe recovery of encrypted data. But what makes Maze so dangerous is that it also steals the data it finds, and threatens to publish it if the ransom is not paid. Read more in my article on the Tripwire State of Security blog. (Graham Cluley)

Smashing Security #175: Zoom deepfakes, Zardoz, and ‘Rona tracing

Will deepfake disguises hit a video conference near you, can Coronavirus-tracing apps be trusted, and should Facebook shut down anti-quarantine events? All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis. (Graham Cluley)

iPhone zero day – don’t panic! Here’s what you need to know

A mobile phone forensics outfit looking into real-world attacks going back more than two years has uncovered two Apple Mail app bugs. (Naked Security)

Trove of RubyGems malware highlights software supply chain issues

Ruby developers beware: a would-be cryptocurrency thief is out to get at your digital wallet, and they're using typosquatting code to do it. (Naked Security)

Password-free database of exercise app Kinomap leaks 42m user records

It's like a cloud of personal information breathed out in a plume by a database that didn't bother to wear a mask. (Naked Security)

S2 Ep36: Rogue Chrome extensions, Signal fears and Darth Vader – Naked Security podcast

We discuss the biggest cybersecurity news stories of the week. New podcast episode out now! (Naked Security)

How to Fix Bidirectional Copy/Paste Issues for Kali Linux Running in VirtualBox

Last week, I updated VirtualBox on my computer since I had skipped a few versions, then I could no longer copy text or paste text from my Kali virtual machine to my host OS and vice versa. Installing the Guest Additions didn't seem to do anything, and the bidirectional shared clipboard was enabled, but there was one thing that did work for me that may help you out too if you experience the issue.

From what I can tell, the issue persists across multiple VirtualBox versions for Linux, macOS, and Windows. Some users have reported that manually reinstalling Guest Additions did the trick, but not... more (Null Byte « WonderHowTo)

Valve Confirms CS:GO, Team Fortress 2 Source Code Leak

(News ≈ Packet Storm)

ESET Takes Down VictoryGate Cryptomining Botnet

(News ≈ Packet Storm)

NSA Shares List Of Vulnerabilities Commonly Exploited To Plant Web Shells

(News ≈ Packet Storm)

Zero-Click, Zero-Day Flaws In iOS Mail Used In Targeted VIP Attacks

(News ≈ Packet Storm)

Hackers Trick 3 British Private Equity Firms Into Sending Them $1.3 Million

In a recent highly targeted BEC attack, hackers managed to trick three British private equity firms into wire-transferring a total of $1.3 million to the bank accounts fraudsters have access to — while the victimized executives thought they closed an investment deal with some startups.

According to the cybersecurity firm Check Point, who shared its latest investigation with The Hacker News, (The Hacker News)

Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims

A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang.

The findings, published by digital forensics firm Volexity, reveal that the exploit — named "Insomnia" — works against iOS versions 12.3, 12.3.1, and 12.3.2 using a flaw in WebKit that was patched by (The Hacker News)

Valve Confirms CS:GO, Team Fortress 2 Source-Code Leak

Leaked source code for Counter-Strike: Global Offensive and Team Fortress 2 has led to widespread gamer worries about security and cheating. (Threatpost)

Public Sector Ransomware Attacks Rage On: Can Your Organization Repel Them?

To pay or not to pay continues to be the question as ransomware targets cities, even amid COVID-19. (Threatpost)

WHO, CDC and Bill and Melinda Gates Foundation Victims of Credential Dump, Report

Hackers have used credentials allegedly stolen from the WHO, CDC and other notable groups to spread coronavirus misinformation online. (Threatpost)

A Dozen Nation-Backed APTs Tap COVID-19 to Cover Spy Attacks

Iran's Charming Kitten and other nation-state actors are using the coronavirus pandemic to their advantage, for espionage. (Threatpost)

Skype Phishing Attack Targets Remote Workers’ Passwords

Attackers are sending convincing emails that ultimately steal victims' Skype credentials. (Threatpost)