27-04-202029-04-2020

Security daily (28-04-2020)

Privacy groups are still trying to get documents unsealed in Facebook encryption case

Civil liberties groups on Tuesday asked an appeals court to unseal a federal judge’s ruling that rejected a U.S. government effort to force Facebook to decrypt voice calls. The American Civil Liberties Union and the Electronic Frontier Foundation argue that the public has a right to know about how U.S. prosecutors tried to force Facebook to decrypt the calls in a 2018 investigation of the MS-13 gang, and why a judge rejected the prosecutors’ effort. The Department of Justice is urging the court to keep the ruling sealed, arguing that making it public could compromise ongoing criminal investigations. It is the latest front in a broader standoff between privacy advocates and law enforcement over access to encrypted communications. Law enforcement officials have for years lamented that strong encryption has hampered investigations into terrorists and criminals. But many technologists say any software especially designed for law enforcement access risks weakening security […] The post Privacy groups are still trying to get documents unsealed in Facebook encryption case appeared first on CyberScoop. (CyberScoop)

Vietnamese hackers exploited Google Play Store for espionage campaign

Hackers with suspected links to the Vietnamese government have been using the Google Play Store to distribute malicious software for the last four years, according to Kaspersky research published Tuesday. The targeted Android campaign, which Kaspersky dubbed “PhantomLance,” affected roughly 300 devices in nearly a dozen countries including Vietnam, India, Bangladesh, Indonesia, Iran, Algeria, South Africa, Nepal, Myanmar, and Malaysia, the company said. Researchers say with “medium confidence” the espionage campaign is connected to a known hacking group, OceanLotus or APT32, previously linked to the Vietnamese government. While attackers are targeting users in several countries, they appear to be especially focused on users in Vietnam. The effort suggests hackers are running domestic as well as foreign espionage operations, according to Kaspersky. They have been distributing their campaign through applications which promise to help users locate the nearest pub in Vietnam, or providing information on nearby churches. In addition to sharing APT32’s interest in victims located in Vietnam, the PhantomLance campaign’s malware, […] The post Vietnamese hackers exploited Google Play Store for espionage campaign appeared first on CyberScoop. (CyberScoop)

Microsoft warns of malware-laced 'John Wick 3,' 'Contagion' movie torrents

Internet scammers are conducting the kind of business that would probably get them in trouble with the inhabitants of the Continental Hotel. Tens of thousands of internet users in Spain, Mexico and South America have downloaded pirated copies of “John Wick 3” and other movies which come bundled with malicious software, according to a forthcoming Microsoft security warning viewed by CyberScoop. Since April 11, some bootleg movie files on torrent websites have come with a strain of malware that hackers are using to try to exploit a victim’s machine to generate cryptocurrency. The attempted attacks coincide with a 41% increase in traffic to piracy websites in the U.S., and a 62% increase in Spain, since February, according to the British anti-piracy firm Muso. Thousands of users continue to download pirated files of “John Wick 3,” and Spanish-language titles including “Punalies Por La Espalda” and “Contagio,” a Spanish-dubbed version of the […] The post Microsoft warns of malware-laced 'John Wick 3,' 'Contagion' movie torrents appeared first on CyberScoop. (CyberScoop)

The latest in FBI impersonation: An extortion scheme involving mobile ransomware

The FBI has done a lot to crack down on illicit online activity in recent years, from installing cyber investigators in field offices across the country to scouring the dark web for suspects. But those efforts, needless to say, do not include locking a suspect’s phone and demanding a fee to get the data back. It’s the latest twist on a scheme that cybercriminals have been using online for years: Make people think they’re in trouble with the feds, and shake them down for cash. Cybersecurity company Check Point said Tuesday that this time the crooks are encrypting the data on Android phones, accusing the victims of possessing illegal pornographic material and claiming that their personal details have been sent to an FBI data center. Victims are told to pay $500 to escape the situation. Older versions of the scheme involve fake FBI warnings that arrive via email or web browsers. Using the tactic with mobile ransomware is much less […] The post The latest in FBI impersonation: An extortion scheme involving mobile ransomware appeared first on CyberScoop. (CyberScoop)

iPhone “word of death” could crash your phone – what you need to know

Yes, a rogue "word" could freeze up your iPhone - but it's not malware, it doesn't steal data and doesn't do permanent damage. (Naked Security)

Coronavirus tracking tool from Apple and Google embraced by Germany

Germany's ditched a homegrown alternative that featured a centralized database of location data, raising privacy concerns. (Naked Security)

‘Evil GIF’ account takeover flaw patched in Teams

Microsoft has fixed a flaw in Teams that could have allowed attackers to launch a wormlike attack on multiple accounts by sending one victim a malicious GIF image. (Naked Security)

Warning! Fake Zoom “HR meeting” emails phish for your password

Scammers have turned to employment worries as their latest lure for Zoom phishing scams. (Naked Security)

How to Change a Phone's Coordinates by Spoofing Wi-Fi Geolocation Hotspots

In many urban areas, GPS doesn't work well. Buildings reflect GPS signals on themselves to create a confusing mess for phones to sort out. As a result, most modern devices determine their location using a blend of techniques, including nearby Wi-Fi networks. By using SkyLift to create fake networks known to be in other areas, we can manipulate where a device thinks it is with an ESP8266 microcontroller.

For devices with limited access to GPS, Wi-Fi networks are a reliable way of finding out where a device is located. Hackers can exploit the flaw by broadcasting signals that appear to be from... more (Null Byte « WonderHowTo)

Attackers Exploit 0-Day Code Execution Flaw In The Sophos Firewall

(News ≈ Packet Storm)

Coronavirus Delays Debut Of Taiwan Electronic ID Card

(News ≈ Packet Storm)

PhantomLance Spying Campaign Breaches Google Play

(News ≈ Packet Storm)

Google, Apple Tighten Protections On Contact Tracing

(News ≈ Packet Storm)

What is Geolocation?

The Firewall service deploys various heuristic checks and methods to protect your site. One of our most popular security settings, and questions, utilizes geolocation in order to protect and filter requests made to your site depending on where that user/client is. This setting is our ‘GeoBlock’ feature. How does the firewall GeoBlock? With geolocation information is gathered from the users browser. What is geolocation? Geolocation is the process of identifying the geographical location of a person based on the digital information given off by their internet-connected device. Continue reading What is Geolocation? at Sucuri Blog. (Sucuri Blog)

Critical Security Patches Released for Magento, Adobe Illustrator and Bridge

It's not 'Patch Tuesday,' but software giant Adobe today released emergency updates for three of its widely used products that patch dozens of newly discovered critical vulnerabilities.

The list of affected software includes Adobe Illustrator, Adobe Bridge, and Magento e-commerce platform, containing a total of 35 vulnerabilities where each one of them is affected with multiple critical (The Hacker News)

Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics

Researchers have uncovered a potential means to profile and track online users using a novel approach that combines device identifiers with their biometric information.

The details come from a newly published research titled "Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and Devices" by a group of academics from the University of Liverpool, New York University, The Chinese (The Hacker News)

Enterprise Security Woes Explode with Home Networks in the Mix

Thanks to WFH, IoT refrigerators, Samsung TVs and more can now be back-channel proxies into the corporate network. (Threatpost)

‘Black Rose Lucy’ is Back, Now Pushing Ransomware

Researchers say incidents of mobile malware are becoming more common and growing more sophisticated. (Threatpost)

Critical Adobe Illustrator, Bridge and Magento Flaws Patched

Adobe fixed critical flaws in Illustrator, Magento and Bridge in an out-of-band security update. (Threatpost)

Hackers Leak Biopharmaceutical Firm’s Data Stolen in Ransomware Attack

The Clop ransomware group has reportedly leaked compromised data of biopharmaceutical company ExecuPharm after a recent cyberattack. (Threatpost)

WordPress Plugin Bug Opens 100K Websites to Compromise

Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace. (Threatpost)

27-04-202029-04-2020

/security-daily/ 29-04-2020 23:44:21