A collection point
...and some of my own.
AESDDoS botnet malware target Docker containers
Robert Abel: A newly discovered botnet malware exploits an API misconfiguration in the open-source version of the DevOps tool, Docker Engine-Community, to infiltrate containers and run a variant of the Linux botnet malware AESDDoS, according to a Trend Micro blog post. “Docker APIs that run on container hosts allow the hosts to receive all container-related commands that the daemon, which runs with root permission, will execute,” Trend Micro researchers wrote. “Allowing external access — whether intentionally or by misconfiguration — to API ports allows attackers to gain ownership of the host, giving them the ability to poison instances running within it with malware and to gain remote access to users’ servers and hardware resources." ThreatList: Ransomware Trojans Picking Up Steam in 2019 When it comes to ransomware, “the share of ransomware Trojans will remain high so long as there are people willing to pay a ransom,” researchers said. In particular, ransomware attackers are looking in 2019 to reinvent the game with new tricks and tactics. CryptoMix hackers, for example, tricked victims by promising to donate ransom payments to a children’s charity. ransomware webinar malware trends And, “a new version of ransomware offers PayPal as a payment option,” researchers said. “If users choose to pay using PayPal, they are taken to a fake PayPal page. All credentials and payment information entered on the fake page are then stolen by attackers, who can withdraw money from victims’ accounts or sell this data on the Dark Web.” In addition to these new ploys, ransomware threat actors are also looking for larger targets with deeper pockets – and more personal data that they could lose. That includes institutions (such as Jackson County, Georgia, which paid $400,000 to restore IT infrastructure) and healthcare firms (including Columbia Surgical Specialists which paid $15,000 for file recovery). ACLU warns security cameras could lead to surveillance Millions of security cameras become equipped with “video analytics” and other AI-infused technologies that allow computers not only record but “understand” the objects they’re capturing, they could be used for both security and marketing purposes, the American Civil Liberties Union (ACLU) warned in a recent report ,“The Dawn of Robot Surveillance.” As they become more advanced, the camera use is shifting from simply capturing and storing video “just in case” to actively evaluating video with real-time analytics and for surveillance. Mysterious Iranian group is hacking into DNA sequencers Ankit Anubhav, a security researcher with NewSky Security, says the group, which operates from an Iran-based IP address, has been scanning the internet for dnaLIMS, a web-based application installed by companies and research institutes to handle DNA sequencing operations. The hack exploits CVE-2017-6526, a vulnerability in dnaLIMS that has not been patched to this day after the vendor was notified back in 2017. Anubhav says the attackers are using this vulnerability to plant shells that allow them to control the underlying web server from remote locations. The attacker may be looking to exfiltrate hashes of DNA sequences from the application's database. "DNA theft in specific cases can be fruitful," Anubhav said. "Either it can be sold on the black market, or a high profile attacker can actually be looking for a specific person's data." alternately and probably the more plausible of the theories, the hackers are probably just using the shell to plant cryptocurrency miners on the hijacked systems. Evite data breach No numbers yet but the attack which ran Feb 22nd,. 2019 until its discovery in April disclosed: names, usernames, email addresses, passwords, dates of birth, phone numbers, and mailing addresses. 2 years after the Equifax breach 67% of US federal agencies still don't use 2fa. The Government Accountability Office (GAO) investigated six agencies that store valuable personal information—the Social Security Administration (SSA), the General Services Administration (GSA), the Department of Veterans Affairs (VA), the Internal Revenue Service (IRS), the Centers for Medicare and Medicaid Services (CMS), and the United States Postal Service (USPS) and found that only the GSA and IRS offer two factor/multi-factor authentication (2FA/MFA) internally. Go Feds! XENOTIME, a destructive APT linked to Russia, has broadened its target set beyond Middle East oil and gas. XENOTIME, the advanced persistent threat (APT) group behind the TRISIS industrial control system (ICS) event, has expanded its focus beyond the oil and gas industries, according to researchers. The group has recently been seen probing the networks of electric utility organizations in the U.S. and elsewhere – perhaps a precursor to a dangerous attack on critical infrastructure that could cause physical damage or loss of life. “Offensive government programs worldwide are placing more emphasis and resources into attacking and disrupting industrial processes like oil, power and water,” said Sergio Caltagirone, vice president of threat intelligence at Dragos. “This means more attacks are coming. People will die, we just don’t know when.” “XENOTIME, the most dangerous cyberthreat in the world, provides a prime example of threat proliferation in ICS. WWhat was once considered an ‘oil and gas threat’ is now an electric threat too. XENOTIME is now targeting dozens of electric power utilities in at least the North American and Asia-Pacific regions, and continues to target oil and gas worldwide." US Lawmakers Hear Testimony on Concerns of Deepfakes Kacy Zurkus: Former FBI special agent and senior fellow for Alliance for Securing Democracy at the German Marshall Fund, Clint Watts was part of a four-person panel that testified before the lawmakers on the potential for foreign adversaries to craft synthetic media capabilities that could be used against the US. “The falsification of audio and video allows manipulators to dupe audience members in highly convincing ways, provoking emotional responses that can lead to widespread mistrust,” Watts warned. "Of great concern is that deepfakes could have the power to disrupt the democratic process, particularly the presidential race of 2020.” Malware still a top threat for industrial organizations During Q1 2019, Cryptolocker malware spiked to account for 24% of all malware used, up from only 9% in Q4 2018, according to a new report from Positive Technologies. “This malware is often used in combination with phishing, with hackers constantly inventing new ways of deceiving users and making them pay a ransom. Healthcare has proved to be a favorite target of cryptolockers. Medical institutions are more likely to pay a ransom compared to other businesses, perhaps because of patients' lives and health being at stake,” the report stated. “Phishing remains an effective way of delivering malware. But email is far from the only channel of malware distribution. For example, users frequently download files from torrent trackers, on which the risk of malware infection grows exponentially. Under the guise of a movie, attackers distributed malware used for spoofing addresses of bitcoin and Ethereum wallets when the information is copied to/from the clipboard.” Security researcher finds critical XSS bug in Google's Invoice Submission Portal Described as a cross-site scripting (XSS) vulnerability, the security flaw impacted the Google Invoice Submission Portal, a public website where Google redirects business partners to submit invoices, based on contractual agreements. A malicious threat actor could upload malformed files in the Google Invoice Submission Portal, via the Upload Invoice field. Then using a proxy, the attacker could intercept the uploaded file immediately after the form submission and validation operation took place, and modify the documents from a PDF to HTML, to the XSS malicious payload. Filed in February and patched in April this XSS bug was just announced last week. Canadian City Fell Prey to a $375K Phish Kacy Zurkus: Yet another city has fallen victim to a "a complex phishing email." The scam cost Burlington, Ontario, Canada, C$503,000 – the equivalent of nearly US$375,000. “On Thursday, May 23, the City of Burlington discovered it was a victim of fraud. A single transaction was made to a falsified bank account as a result of a complex phishing email to City staff requesting to change banking information for an established City vendor. The transaction was in the form of an electronic transfer of funds made to the vendor...and was processed on May 16," the city announced. “Cyber-attacks are on the rise, and phishing emails that involve the human factor are responsible for a great number of these breaches. Organizations globally are realizing the need to invest in employee training and deploy different training solutions in hope to mitigate the risk of data breaches.” The French Ministry of Interior has released a free decryption tool for the PyLocky ransomware to help victims recover their data. Initially spotted in attacks in July and August last year, the malware was posing as the infamous Locky ransomware that dominated the threat scene in 2016. Written in Python, the malware has been mainly active in Europe, and particularly in France. Once installed on a victim’s machine, the threat targets around 150 file types for encryption, including image, video, document, sound, program, game, database, and archive files, among others. The malware also gathers system information and features anti-sandbox capabilities. Usually spreading via spam emails, the ransomware has been actively targeting both businesses and home users, the French authorities reveal. Now, victims of the ransomware can recover their files for free, courtesy of the newly released tool, now available on France’s national platform Cybermalveillance.gouv.fr. “Please note that the decryption of the files doesn’t clean the infected computer of the ransomware,” the French Ministry of Interior points out. Amazon Alexa Secretly Records Children, Lawsuits Allege “Alexa routinely records and voice-prints millions of children without their consent or the consent of their parents,” reads the complaint, which is seeking class-action status. It was filed in Seattle this week on behalf of a 10-year-old girl. Meanwhile, another, almost identical suit was filed this week in California Superior Court in Los Angeles, on behalf of an 8-year-old boy. “It takes no great leap of imagination to be concerned that Amazon is developing voiceprints for millions of children that could allow the company (and potentially governments) to track a child’s use of Alexa-enabled devices in multiple locations and match those uses with a vast level of detail about the child’s life, ranging from private questions they have asked Alexa to the products they have used in their home,” the California suit states. Leave a Reply. |
Linking the world
Sharing is caring Archives
May 2024
Categories |