Security daily (30-04-2020)

Facebook claims NSO Group's lawyers have conflict of interest in WhatsApp case

In the ongoing legal battle between Facebook and software surveillance company NSO Group, the social media giant is trying to get NSO Group’s legal counsel dismissed because of an alleged conflict of interest. In a court filing made public this week, Facebook asked a federal judge to disqualify law firm King & Spalding from representing NSO Group because the firm previously represented Facebook-owned WhatsApp in a different, sealed case that is “substantially related” to the NSO Group one. King & Spalding, an Atlanta-based firm with a range of big corporate clients, has denied there is a conflict of interest, according to the filing. It is the latest twist in a legal tussle that began in October, when Facebook sued NSO Group, alleging that the Israeli company violated a federal anti-hacking law when its malware was used to infect some 1,400 mobile devices, including those of human rights advocates. NSO Group denies the […] The post Facebook claims NSO Group's lawyers have conflict of interest in WhatsApp case appeared first on CyberScoop. (CyberScoop)

LabCorp investors file lawsuit, alleging 'persistent' failure to secure data

LabCorp investors have filed a lawsuit against the company following a major data breach last year that was one of three cybersecurity incidents the company has faced since 2018. The suit, filed by shareholder Raymond Eugenio on behalf of LabCorp investors, alleges that the medical testing company’s chief executive, chief financial officer, chief information officer and its board of directors failed to address “persistently deficient” data protection measures. The legal complaint, first reported by Bloomberg, involves a hack on the American Medical Collection Agency (AMCA), a debt collection agency which made collections on behalf of LabCorp and other medical companies. Hackers stole data about roughly 20 million people, including some 7.7 LabCorp patients, between August 2018 and March 2019. In a separate incident, LabCorp exposed 10,000 medical documents, including patient test results, according to a TechCrunch article published in January. Burlington, North Carolina-based LabCorp never informed shareholders about the exposure […] The post LabCorp investors file lawsuit, alleging 'persistent' failure to secure data appeared first on CyberScoop. (CyberScoop)

These tiny islands are at the heart of an uncovered Chinese phishing campaign

Suspected Chinese hackers are behind a phishing campaign apparently aimed at collecting data about Vietnamese government officials amid an ongoing territorial dispute between the two nations, according to new findings. A hacking group known as Pirate Panda, which has possible ties to the Chinese government, is trying to trick Vietnamese government officials into clicking on malicious Microsoft Excel documents attached to emails purportedly detailing festivities for Vietnamese holidays, according to research the threat intelligence firm Anomali shared with CyberScoop. Targeted individuals appear to be located in Da Nang, Vietnam, near a collection of landmasses in the South China Sea known as the Paracel Islands. The area is one of the most hotly contested regions of the South China Sea, with Beijing claiming ownership of much of the waterway. In recent days, Vietnam has said it does not recognize China’s claims over the islands, while China has said that Vietnamese claims […] The post These tiny islands are at the heart of an uncovered Chinese phishing campaign appeared first on CyberScoop. (CyberScoop)

'EventBot' comes online amid flurry of regularly updated banking trojans

Over the last several weeks, a group of unidentified hackers have been methodically testing a new piece of code designed to steal credentials people use to log into banks and other financial institutions. Like many a product developer, the hackers have been fine-tuning the malicious software to make it more effective in siphoning off data from a mobile phone. Perhaps unbeknownst to the hackers, a team of researchers have been watching and taking notes. On Thursday, the researchers, from Boston-based security company Cybereason, published their findings in an effort to preempt attacks on banking customers. It’s one of a wave of recent malicious applications designed to steal users’ banking data. In the last month, security researchers have reported malware targeting banking customers in Brazil and Spain. As an even greater number of people around the world use mobile banking, the impetus for criminals to compromise those transactions has grown. The […] The post 'EventBot' comes online amid flurry of regularly updated banking trojans appeared first on CyberScoop. (CyberScoop)

Cybercriminals are using Google reCAPTCHA to hide their phishing attacks

Security researchers say that they are seeing cybercriminals deploying Google’s reCAPTCHA anti-bot tool in an effort to avoid early detection of their malicious campaigns. Read more in my article on the Hot for Security blog. (Graham Cluley)

Newly-discovered Android malware steals banking passwords and 2FA codes

Security researchers are warning of a new mobile banking trojan that steals details from over 200 financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms. Read more in my article on the Tripwire State of Security blog. (Graham Cluley)

“Zero-click” mobile phone attacks – and how to avoid them

What if a messaging app has to show you an unwanted message so you can decide whether you want it shown to you? (Naked Security)

Bumper Adobe update fixes flaws in Magento, Bridge and Illustrator

Adobe's latest patches are out, including fixes for its ecommerce platform. (Naked Security)

Coronavirus delays trial of alleged Russian hacker a third time

Justice has already been slow in this case, and the pandemic isn’t helping: His trial has been postponed for a third time. (Naked Security)

Spear-Phishing Campaign Compromises Executives At 150+ Companies

(News ≈ Packet Storm)

Investors Sue LabCorp Over Security Failures In Light Of Data Breach

(News ≈ Packet Storm)

UK Privacy Advocates Warn Over COVID-19 Contact Tracing App

(News ≈ Packet Storm)

Brute Forcing RDP Credentials On The Rise

(News ≈ Packet Storm)

Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies

In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany, the UK, Netherlands, Hong Kong, and Singapore.

Dubbed 'PerSwaysion,' the newly spotted cyberattack campaign leveraged Microsoft file-sharing services—including Sway, SharePoint, and OneNote—to launch highly targeted (The Hacker News)

Cato SDP: Cloud-Scale and Global Remote Access Solution Review

The Scouts acknowledged the necessity to "Be Prepared" over 100 years (!) ago; the industry should have, as well.

Yet COVID-19 took businesses – more like the entire world – by surprise. Very few were prepared for the explosion of remote access, and the challenge of instantly shifting an entire organization to work from anywhere.

Cato Networks shared its increase in remote access usage post (The Hacker News)

Critical Bugs Found in 3 Popular e-Learning Plugins for WordPress Sites

Security researchers are sounding the alarm over newly discovered vulnerabilities in some popular online learning management system (LMS) plugins that various organizations and universities use to offer online training courses through their WordPress-based websites.

According to the Check Point Research Team, the three WordPress plugins in question — LearnPress, LearnDash, and LifterLMS — (The Hacker News)

Microsoft Sway Abused in Office 365 Phishing Attack

The "PerSwaysion" attackers have leveraged a plethora of Microsoft services to compromise at least 150 executives in a highly targeted phishing campaign. (Threatpost)

Salt Bugs Allow Full RCE as Root on Cloud Servers

Researchers say the bugs are easy to exploit and will likely be weaponized within a day. (Threatpost)

Building for Billions: Addressing Security Concerns for Platforms at Scale

Lessons from Facebook and Google show how to safely scale your environment for security. (Threatpost)

New Android Malware Targets PayPal, CapitalOne App Users

Researchers warn that the EventBot Android malware, which targets over 200 financial apps, could be the "next big mobile malware." (Threatpost)

Shade Threat Actors Call It Quits, Release 750K Encryption Keys

The team behind the ransomware, first spotted in late 2014 and typically targeting Russian victims, apologized to victims in a post on GitHub. (Threatpost)

Critical WordPress e-Learning Plugin Bugs Open Door to Cheating

The flaws in LearnPress, LearnDash and LifterLMS could have allowed unauthenticated students to change their grades, cheat on tests and gain teacher privileges. (Threatpost)


/security-daily/ 01-05-2020 23:44:22