Security daily (29-04-2020)

Scammers are abusing mobile ad networks in an attempt to phish Android app users

A network that delivers ads to hundreds of Android apps also is directing users to malicious websites that could help scammers steal their information or overrun their device with spam. At least 400 apps in Google’s Play Store come embedded with proprietary software that is designed to help app developers monetize their program by serving ads. Scammers are exploiting that process, though, by inserting malicious ads into the software development kits (SDKs) that are meant to help developers earn a living. Domains and URLs sent in ads from the distribution framework known as StartApp flood users with links to malicious sites or push notifications for spam, according to new findings from mobile security firm Wandera provided exclusively to CyberScoop. StartApp, created and run by a New York-based marketing firm, does not appear to be behind any malicious content, though it is compensated by other firms that supply it with the malicious ads. StartApp did […] The post Scammers are abusing mobile ad networks in an attempt to phish Android app users appeared first on CyberScoop. (CyberScoop)

How China's government used social media against movements in Taiwan, Hong Kong

The Chinese government has adopted known disinformation techniques and utilized social media harassment campaigns to try to increase its influence in Asia, according to new findings that add to a growing body of research. In recent months, two distinct Chinese internet campaigns have sought to influence public opinion with fake news ahead of an election in Taiwan, and intimidate pro-democracy protesters in Hong Kong by posting their personal data online. Both efforts mimic similar Russian operations, and reflect how governments’ use of social media for propaganda efforts have become an everyday reality for much of the world’s population. The latest research, published Wednesday by the threat intelligence firm Recorded Future, comes after international journalists and nongovernmental organizations also have detailed the interference in semi-autonomous Hong Kong and the disputed region of Taiwan over the past year. “From a tactical standpoint, the mainland Chinese government views both Taiwan and Hong Kong as domestic information space,” […] The post How China's government used social media against movements in Taiwan, Hong Kong appeared first on CyberScoop. (CyberScoop)

Smashing Security #176: Hacking hacks and university attacks

Journalists spying on their rivals, the NHS rejects Apple and Google’s approach to Coronavirus-tracing, and universities are hit by an old-fashioned sexy lady attack. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Rik Ferguson. (Graham Cluley)

Shade ransomware calls it a day, 750,000 decryption keys released

Even if you can’t pay the ransom and don’t have a backup, don’t destroy your garbled data believing that you’ll never be able to recover it. Maybe one day someone will build a tool that can do a job, or a ransomware gang will have a change of heart. (Graham Cluley)

Password security is critical in a remote work environment – see where businesses are putting themselves at risk

Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support! LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The takeaway is clear: Many businesses are making significant strides in some areas of password and access security – […] (Graham Cluley)

Flaw in defunct WordPress plugin exploited to create backdoor

A vulnerability in the defunct OneTone WordPress theme plugin is being exploited to compromise entire sites while installing backdoor admin accounts. (Naked Security)

Twitter turns off SMS-based tweeting in most countries

Buh-bye, original way of tweeting. Twitter said it's to keep our accounts safe, referring to unspecified SMS-enabled vulnerabilities. (Naked Security)

How to Find & Exploit SUID Binaries with SUID3NUM

File permissions can get tricky on Linux and can be a valuable avenue of attack during privilege escalation if things aren't configured correctly. SUID binaries can often be an easy path to root, but sifting through all of the defaults can be a massive waste of time. Luckily, there's a simple script that can sort things out for us.

First, let's discuss SUID, which stands for Set User ID. It's a particular type of file permission in Linux, different from the usual read, write, and execute permissions. Typically, a file runs with the permissions of the user who launched it. But when the SUID... more (Null Byte « WonderHowTo)

Learn to Code Your Own Games with This Hands-on Bundle

We've shared a capture-the-flag game for grabbing handshakes and cracking passwords for Wi-Fi, and there are some upcoming CTF games we plan on sharing for other Wi-Fi hacks and even a dead-drop game. While security-minded activities and war games are excellent ways to improve your hacking skills, coding a real video game is also an excellent exercise for improving your programming abilities.

Thorough knowledge of the world's most powerful programming languages isn't just useful for working in a wide range of tech and IT environments, such as cybersecurity, it's also a prerequisite for... more (Null Byte « WonderHowTo)

AI Cannot Be Recognized As An Inventor, US Rules

(News ≈ Packet Storm)

Trump Admin Threatens To Sue States That Don't Lift Orders

(News ≈ Packet Storm)

San Francisco Trial Of LinkedIn Hacker Stalled Again

(News ≈ Packet Storm)

GitLab Awards Researcher $20,000 For Remote Code Execution Bug

(News ≈ Packet Storm)

Phishing Campaign Targets Poste Italiane & SMS OTP Verification

When creating phishing lures, attackers may cite recent major regulatory changes within the context of their social engineering scheme to confuse or further entice victims into clicking a link or performing some action. For example, in September 2019 the EU directive PSD2 went into effect (with some parts delayed until the end of 2020). This new directive requires an increase in security controls used by EU financial institutions. From a client’s perspective, one of the biggest changes from PSD2 is the use of additional authentication measures like SMS OTPs (one time passwords) for accessing online banking and electronic payments. Continue reading Phishing Campaign Targets Poste Italiane & SMS OTP Verification at Sucuri Blog. (Sucuri Blog)

High-Severity Cisco IOS XE Flaw Threatens SD-WAN Routers

Cisco's IOS XE software for SD-WAN routers has a high-severity insufficient input validation flaw. (Threatpost)

Millions of Brute-Force Attacks Hit Remote Desktop Accounts

Automated attacks on Remote Desktop Protocol accounts are aimed at taking over corporate desktops and infiltrating networks. (Threatpost)

ThreatList: Human-Mimicking Bots Spike, Targeting e-Commerce and Travel

Overall bot activity on the web has soared, with a 26 percent growth rate -- attacks on applications, APIs and mobile sites are all on the rise. (Threatpost)

Critical GitLab Flaw Earns Bounty Hunter $20K

A GitLab path traversal flaw could allow attackers to read arbitrary files and remotely execute code. (Threatpost)


/security-daily/ 30-04-2020 21:14:21