Security daily (23-07-2020)

Garmin mobile app down amid possible ransomware attack

Garmin’s mobile application and services are currently experiencing outages amid reports that the smartwatch and wearables company is suffering from a ransomware attack. Garmin confirmed on Twitter and its website that its mobile app is down and that it also can’t receive calls, emails, or online chats. Garmin also sent announcements to staff in its Taiwan factories announcing two days of “planned” maintenance for this upcoming weekend, according to reports from iThome, a Taiwanese outlet. Phil Stokes, a threat researcher at SentinelOne, said the announcement appears to coincide with a WastedLocker ransomware attack against the company. Several Garmin employees likewise alleged that WastedLocker —  a custom ransomware deployed by Evil Corp, a Russian group of criminals known for its Dridex and BitPaymer attacks — was behind the incident, ZDNet reported. The ransom demands associated with WastedLocker have typically been expensive, according to Malwarebytes, although it was unclear if any demands had been […] The post Garmin mobile app down amid possible ransomware attack appeared first on CyberScoop. (CyberScoop)

Insurer's huge data exposure draws charges from New York state

New York regulators have charged an insurer with violating state cybersecurity law for allegedly exposing hundreds of millions of documents that included Americans’ personal data, including Social Security numbers and financial information. The New York State Department of Financial Services announced legal action Wednesday against the First American Title Insurance Company, the second-largest real estate title insurer in the U.S. The company is accused of exposing customers’ Social Security numbers, bank account information, driver’s license numbers and mortgage and tax records through a software vulnerability that went undetected between May 2014 and December 2018. Upon discovering the flaw during a routine security test, the insurance company failed to fix it, DFS alleged. “After the data exposure was discovered by an internal penetration test in December 2018, First American failed to conduct a reasonable investigation into the scope and cause of the exposure, reviewing only 10 of the millions of documents exposed and […] The post Insurer's huge data exposure draws charges from New York state appeared first on CyberScoop. (CyberScoop)

App for Chinese DJI drones could give hackers full control of users' phones, researchers say

The Android application used to operate drones manufactured by DJI contains a number of features that could allow attackers to target users with malicious applications or gain full control of users’ phones, according to recent research by France-based Synacktiv and U.S.-based GRIMM. Researchers found that the DJI GO 4 application can force updates on users without routing them through the Google Play Store. Given the access the application has — including users’ contacts, microphone, camera, geolocation — it could give DJI or third parties nearly full control of users’ phones, Synacktiv and GRIMM found. It’s also the kind of update that could place the company in violation of the store’s guidelines. The application also may install arbitrary applications through the Weibo software development kit, bypassing Google once again, according to GRIMM researchers. In so doing, the application shares users’ personal information with Weibo and could allow attackers to target individuals […] The post App for Chinese DJI drones could give hackers full control of users' phones, researchers say appeared first on CyberScoop. (CyberScoop)

After hackers nearly stole $1M from soccer team, UK agency warns of sporting sector’s vulnerabilities

As one of the most popular soccer leagues on the planet, the English Premier League rakes in billions of dollars every year, in part by attracting star players through a cutthroat transfer market. The multimillion-dollar negotiations can make or break a season. Suffice to say that sending more than a $1 million to a fake team for a player they don’t have would be a setback. That’s nearly what happened to one of the league’s teams, though, after scammers hacked into the email account of the club’s managing director, according to a report released Thursday by the U.K.’s National Cyber Security Centre. The only thing that stopped the money transfer from going through was a fraud marker on the crooks’ bank account. Government officials did not specify which team was targeted. It is one of a handful of security incidents in a report that U.K. cybersecurity experts are using to highlight how various […] The post After hackers nearly stole $1M from soccer team, UK agency warns of sporting sector’s vulnerabilities appeared first on CyberScoop. (CyberScoop)

Hackers accessed Twitter DMs from 36 accounts in bitcoin scam attack

Hackers who breached Twitter’s systems last week likely accessed private messages belonging to 36 of the 130 accounts targeted, including messages for a Dutch politician, the company said Wednesday. In an updated blog post, Twitter said attackers accessed the direct message inbox of 36 accounts, meaning the intruders were able to view conversations belonging to affected users. The company did not disclose the accounts that hackers had accessed, other than one elected leader in the Netherlands. Twitter has “no indication that any other former or current elected official had their DMs accessed,” the statement said. The statement suggests that hackers had access to private conversations from some of the most famous people on the site. For a span of hours on July 15, attackers hijacked accounts belonging to Democratic presidential nominee Joe Biden, former president Barack Obama, Amazon founder Jeff Bezos and Tesla chief executive Elon Musk. The high profile […] The post Hackers accessed Twitter DMs from 36 accounts in bitcoin scam attack appeared first on CyberScoop. (CyberScoop)

A free iPhone from Apple? It’s possible, but there are some catches

Who wouldn’t want the latest and greatest iPhone for free? Well, if you’re a security researcher then you might be able to get just that… (Graham Cluley)

Smashing Security podcast #188: Dinner with Elon Musk and Kris Jenner

Who stopped Twitter’s hackers from stealing more money? Why are Covid-19 researchers being told to ramp up their cybersecurity? How can you find out if your smartphone is infected with stalkerware? And who does Graham think he is turning down a celebrity dinner invite? Find out in the latest “Smashing Security” podcast, with special guest Lisa Forte. (Graham Cluley)

Politician amongst those who had their direct messages accessed during Twitter hack

More information has emerged related to last week’s attack which saw a number of high profile Twitter accounts hijacked for the purposes of spreading a cryptocurrency scam, as it is revealed a far-right politician had his private messages accessed. Read more in my article on the Tripwire State of Security blog. (Graham Cluley)

Sports team nearly paid a $1.25m transfer fee… to cybercrooks

If a crook is already inside your email, occasionally adding in believable emails of their own... how on earth do you spot the fake ones? (Naked Security)

Add WordPress to Your Development Toolkit with This $30 Bundle

The WordPress revolution has completely altered the way that people build and distribute websites. Instead of having to memorize endless lines of HTML and Java, both novice and professional web developers are now able to create incredibly detailed and responsive sites using a series of intuitive templates and plugins. And each new version of WordPress comes with an improved batch of features that make web-building even easier.

Still, if you want to take advantage of everything that WordPress has to offer in terms of power and functionality, you need to have the right training. The WordPress... more (Null Byte « WonderHowTo)

OilRig APT Drills Into Malware Innovation

(News ≈ Packet Storm)

Twitter Says Hackers Viewed Private Messages For 36 Accounts

(News ≈ Packet Storm)

New Cryptominer Botnet Spreads Payload, Less Intrusive

(News ≈ Packet Storm)

Ongoing Meow Attack Has Nuked Over 1,000 Databases

(News ≈ Packet Storm)

North Korean Hackers Spotted Using New Multi-Platform Malware Framework

Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware.

Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework — so-called because of the authors' reference to the (The Hacker News)

Cisco Network Security Flaw Leaks Sensitive Data

The flaw exists in Cisco's network security Firepower Threat Defense (FTD) software and its Adaptive Security Appliance (ASA) software. (Threatpost)

UPDATED: Garmin Suffers Reported Ransomware Attack

Garmin's consumer and commercial aviation services, websites and customer service have all been rendered unavailable. (Threatpost)

Sharp Spike in Ransomware in U.S. as Pandemic Inspires Attackers

COVID-19 has changed the face of cybercrime, as the latest malware statistics show. (Threatpost)

ASUS Home Router Bugs Open Consumers to Snooping Attacks

The two flaws allow man-in-the-middle attacks that would give an attacker access to all data flowing through the router. (Threatpost)

Cisco, Zoom and Others Must Bolster Security, Say Privacy Chiefs

Privacy commissioners worldwide urged video conferencing systems like Microsoft, Cisco and Zoom to adopt end-to-end encryption, two-factor authentication and other security measures. (Threatpost)

Twitter: Hackers Accessed Private Messages for Elite Accounts

A Dutch elected official is among those whose DMs were hijacked, the company said. (Threatpost)


/security-daily/ 24-07-2020 23:44:21