Security daily (28-05-2020)

Japanese IT services firm reveals hack affecting up to 621 corporate customers

Hackers earlier this month breached the computer systems of Japanese data-management company NTT Communications in an incident that could affect 621 clients, the company said Thursday. NTT Communications, which powers data centers in more than 20 countries or regions, said the unidentified hackers had breached the company’s Active Directory server, a repository of network data, and used it as the focal point of their attack. Four days after the breach began, NTT officials realized that data may be leaving their network. In a rare level of detail for a breach disclosure, the company said it had identified external websites the attackers were using to communicate with their malware and shut off those access points. Between cloud computing and other IT services, NTT Communications has a wealth of data for hackers to aim at. It is one of several subsidiaries of NTT Group, a Fortune 100 tech giant with more than 303,000 employees. NTT officials are in […] The post Japanese IT services firm reveals hack affecting up to 621 corporate customers appeared first on CyberScoop. (CyberScoop)

Judge rules Capital One must hand over Mandiant's forensic data breach report

A court has ruled that Capital One must allow plaintiffs to review a cybersecurity firm’s forensic report related to the bank’s 2019 data breach despite the bank’s protests that it is a protected legal document. A judge in the U.S. District Court for the Eastern District of Virginia ruled Tuesday that attorneys suing Capital One on behalf of customers could review a copy of an incident response report to prepare for a possible trial. The Virginia-based bank had sought to keep the report private on the grounds that it was protected under legal doctrine. Yet U.S. Magistrate Judge John Anderson said the report, prepared by Mandiant, was the result of a business agreement, and that the legal doctrine argument was “unpersuasive.” It’s a significant ruling that effectively affords the attorneys suing Capital One with a breakdown of which bank behaviors were successful, and which failed. It’s common for Fortune 500 companies […] The post Judge rules Capital One must hand over Mandiant's forensic data breach report appeared first on CyberScoop. (CyberScoop)

NSA calls out Russian military hackers targeting mail relay software

Hackers working for Russia’s military intelligence agency have been exploiting a vulnerability in a mail relay software since August of last year, according to an alert issued Thursday by the National Security Agency. The NSA publicly attributes the actions to the Russian military’s Main Center for Special Technologies (GTsST). That group is more commonly known as Sandworm, the hacking group believed to be responsible for Ukraine grid disruptions. The alert comes amid a broader agency effort to publicly share more unclassified threat intelligence. The NSA established a cybersecurity directorate last year to take the reins on providing real-time information in the hopes to prevent digital intrusions against U.S. networks. The Exim Mail Transfer Agent (MTA) vulnerability exploited in this case, CVE-2019-10149, allows the threat actors to execute commands and code remotely. When Sandworm exploits the vulnerability, victim machines download and execute a shell script from a Sandworm-controlled domain, according to […] The post NSA calls out Russian military hackers targeting mail relay software appeared first on CyberScoop. (CyberScoop)

Israeli official confirms attempted cyberattack on water systems

Israel last month thwarted a cyberattack on control systems at water facilities, a senior government official said Thursday while warning of the dangers of escalating conflicts in cyberspace. The “synchronized and organized attack” on civilian infrastructure was aimed at disrupting the industrial computers that underpin Israeli water facilities, said Yigal Unna, head of Israel’s National Cyber Directorate, in the most extensive public comments from an Israeli official yet on the incident. Damage could have been done to those systems if Israeli authorities hadn’t foiled the attack, Unna claimed. “We’re now in the middle of preparing for the next phase [of attacks] to come — because it will come eventually,” he said in a speech streamed at the CybertechLive Asia conference. Public details on the attack are scarce, as Israeli officials have not released forensic data in connection with the incident. The Israeli cyber directorate issued a terse statement in late April about attempted breaches of […] The post Israeli official confirms attempted cyberattack on water systems appeared first on CyberScoop. (CyberScoop)

Roberto Escobar, former Medellín Cartel accountant, sues Apple for $2.6 billion, report says

When you’re trying to market a new smartphone product is it more cost-effective to hire a public relations firm, or sue Apple for $2.6 billion? It’s a question that Pablo Escobar’s brother must have asked himself before he filed a suit against Apple, seeking damages for an alleged iPhone security flaw that made it possible for attackers to threaten his safety. Roberto Escobar claims hackers exploited a vulnerability in an iPhone X to uncover his address in FaceTime, then sent him a threatening letter, forcing Escobar to relocate for his own safety and spend money on a security detail. The suit, first reported by TMZ, coincides with Escobar’s efforts to sell a limited-edition gold-plated iPhone 11 for $499, less than Apple’s price, and his launch of “RIP Apple,” a site that he said will include “proof showing how the people of the world were scammed by Apple Inc., buying crap […] The post Roberto Escobar, former Medellín Cartel accountant, sues Apple for $2.6 billion, report says appeared first on CyberScoop. (CyberScoop)

'Valak' gives crooks flexibility in multi-stage malware attacks

Hackers often plant their malicious software on computers in stages. One piece of code can be a foothold onto a network, another delivers the malware, and yet another executes it to steal or manipulate data. But looks can be deceiving. The same code used as a staging tool in one attack might be the tip of the spear in another. For targeted organizations, spotting the difference can mean saving your data. That’s the case with a malicious program that has been used in hacking attempts against multiple economic sectors in the U.S. and Germany in the last six months, according to research published Thursday by security company Cybereason. About 150 organizations in the financial, retail, manufacturing, and health care sectors have been targeted by the Valak malware since it emerged late last year, the researchers said. More than just a “loader” that delivers malicious code, Valak can also be used […] The post 'Valak' gives crooks flexibility in multi-stage malware attacks appeared first on CyberScoop. (CyberScoop)

Microsoft warns of PonyFinal ransomware attacks

Malware experts at Microsoft have warned businesses to be on their guard against hackers plotting to plant the PonyFinal ransomware on compromised IT systems. Read more in my article on the Hot for Security blog. (Graham Cluley)

NetWalker ransomware – what you need to know

The NetWalker gang are infecting corporations’ computer systems, encrypting and stealing data, and holding it to ransom. And they’re looking for criminals to join their affiliate scheme. Read more in my article on the Tripwire State of Security blog. (Graham Cluley)

Smashing Security podcast #180: Taking care of Clare

On this special splinter episode of the podcast, we’re joined by actor and comedian Clare Blackwood in the hope of convincing her that cybersecurity is no laughing matter. Hear what happens in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault. (Graham Cluley)

Inside a ransomware gang’s attack toolbox

Ransomware's changed a lot over the years - here's a peek into a criminal gang's current toolbox... (Naked Security)

S2 Ep 41: Super-sized ransomware, FBI v Apple and AirPods hot or not – Naked Security Podcast

The latest Naked Security podcast is out now! (Naked Security)

Pablo Escobar’s brother sues Apple for $2.6b over FaceTime flaw

Roberto Escobar says a FaceTime eavesdropping bug led to his address being leaked, assassination threats, and being forced into hiding. (Naked Security)

Android ‘StrandHogg 2.0’ flaw lets malware assume identity of any app

A critical security flaw in Android could be used by attackers to “assume the identity” of legitimate apps in order to carry out on-device phishing attacks, say researchers. (Naked Security)

NSA Warns Of New Sandworm Attacks On Email Servers

(News ≈ Packet Storm)

Hacking Team Founder Claims Hacking Team Is Dead

(News ≈ Packet Storm)

House Pulls Vote On FISA Bill

(News ≈ Packet Storm)

Valak Loader Revamped To Rob Microsoft Exchange Servers

(News ≈ Packet Storm)

Trump Fights Facts By Attacking Social Media Platforms

(News ≈ Packet Storm)

Meet the Victims of Online Scams

Imagine a lonely person who’s looking for romantic companionship, so they turn to the internet. Picture someone who’s terribly anxious for news about an online payment that will ease their paycheck-to-paycheck existence. Or perhaps you’ve known an individual with such limited technical skills and financial resources, they’re always browsing for the cheapest IT provider possible. These are people who easily merit our empathy. We understand their situations and how they must be feeling. Continue reading Meet the Victims of Online Scams at Sucuri Blog. (Sucuri Blog)

A New Free Monitoring Tool to Measure Your Dark Web Exposure

Last week, application security company ImmuniWeb released a new free tool to monitor and measure an organization's exposure on the Dark Web.

To improve the decision-making process for cybersecurity professionals, the free tool crawls Dark Web marketplaces, hacking forums, and Surface Web resources such as Pastebin or GitHub to provide you with a classified schema of your data being offered (The Hacker News)

Researchers Uncover Brazilian Hacktivist's Identity Who Defaced Over 4800 Sites

It's one thing for hackers to target websites and proudly announce it on social media platforms for all to see. It's, however, an entirely different thing to leave a digital trail that leads cybersecurity researchers right to their doorsteps.

That's exactly what happened in the case of a hacktivist under the name of VandaTheGod, who has been attributed to a series of attacks on government (The Hacker News)

Inside the Hoaxcalls Botnet: Both Success and Failure

The DDoS group sets itself apart by using exploits -- but it doesn't always pan out. (Threatpost)

Hackers Compromise Cisco Servers Via SaltStack Flaws

Attackers compromised six Cisco VIRL-PE servers that are affected by critical SaltStack vulnerabilities. (Threatpost)

Google Location Tracking Lambasted in Arizona Lawsuit

The lawsuit, filed against Google by Arizona's Attorney General, alleges that the tech giant uses “deceptive and unfair conduct” to obtain users’ location data. (Threatpost)

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time

Microsoft has warned on a new breed of patient ransomware attacks that lurk in networks for weeks before striking. (Threatpost)

Valak Loader Revamped to Rob Microsoft Exchange Servers

Phishing campaigns targeting enterprises in U.S. and Germany have been used to nab enterprise mailing info, passwords and certificates. (Threatpost)


/security-daily/ 29-05-2020 23:44:24